apiVersion: v1
kind: Namespace
metadata:
  name: traefik
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: traefik
  namespace: traefik
spec:
  interval: 1m0s
  url: https://traefik.github.io/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: traefik
  namespace: traefik
spec:
  chart:
    spec:
      chart: traefik
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        name: traefik
      version: 31.1.1
  interval: 1m0s
  values:
    deployment:
      kind: DaemonSet
    affinity:
      nodeAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          nodeSelectorTerms:
            - matchExpressions:
                - key: node-role.kubernetes.io/master
                  operator: Exists
            - matchExpressions:
                - key: node-role.kubernetes.io/control-plane
                  operator: Exists
    ports:
      web:
        redirectTo:
          port: websecure

    providers:
      kubernetesCRD:
        allowCrossNamespace: true

    # This is needed in order to properly forward the real ip to each service
    # There are likely better ways of handling that, but for now this works
    # TODO(Tim): Figure out how to properly forward the IP
    # hostNetwork: true
    # service:
    #   spec:
    #     externalTrafficPolicy: Local
    # updateStrategy:
    #   rollingUpdate:
    #     maxUnavailable: 2
    #     maxSurge: 0