apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: traefik-internal
  namespace: traefik
spec:
  interval: 5m
  chart:
    spec:
      chart: traefik
      version: '34.3.0'
      sourceRef:
        kind: HelmRepository
        name: traefik-charts
        namespace: flux-system
      interval: 1m
  values:
    service:
      annotations:
        io.cilium/lb-ipam-ips: 192.168.2.51
      labels:
        bgp/service-type: public

    providers:
      kubernetesCRD:
        enabled: true
        allowCrossNamespace: false
        allowExternalNameServices: false
        allowEmptyServices: false
        namespaces: []

      kubernetesIngress:
        enabled: true
        allowExternalNameServices: false
        allowEmptyServices: false
        namespaces: []
        publishedService:
          enabled: false

    ports:
      web:
        port: 8000
        nodePort: 30081
        expose:
          default: true
        redirectTo:
          port: websecure
        protocol: TCP

      websecure:
        port: 8443
        nodePort: 30444
        expose:
          default: true
        protocol: TCP
        tls:
          enabled: true

      metrics:
        port: 9100
        expose:
          default: false
        protocol: TCP

    # Disable Dashboard
    ingressRoute:
      dashboard:
        enabled: false

    ingressClass:
      enabled: true
      isDefaultClass: true
      name: internal

    metrics:
      prometheus:
        entryPoint: metrics
    
    # Set default certificate
    tlsStore:
      default:
        defaultCertificate:
          secretName: wildcard-main-tls