From 0a238d8e0baf6cadc12090526551b56300ba6e00 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simen=20R=C3=B8stvik?= <simen.rostvik@crayon.com>
Date: Thu, 15 Dec 2022 13:53:38 +0100
Subject: [PATCH] Traefik

---
 MetaObjects/ext-store.yml   |  6 +--
 apps/templates/traefik.yaml | 85 +++++++++++++++++++++++++++++++++++++
 2 files changed, 88 insertions(+), 3 deletions(-)
 create mode 100644 apps/templates/traefik.yaml

diff --git a/MetaObjects/ext-store.yml b/MetaObjects/ext-store.yml
index ba5c0c4..9241735 100644
--- a/MetaObjects/ext-store.yml
+++ b/MetaObjects/ext-store.yml
@@ -1,7 +1,7 @@
 apiVersion: external-secrets.io/v1alpha1
 kind: SecretStore
 metadata:
-  name: vault-backend
+  name: ext-cloudflare-backend
   namespace: cert-manager
 spec:
   provider:
@@ -17,11 +17,11 @@ spec:
 apiVersion: external-secrets.io/v1alpha1
 kind: ExternalSecret
 metadata:
-  name: vault-example
+  name: ext-cloudflare
   namespace: cert-manager
 spec:
   secretStoreRef:
-    name: vault-backend
+    name: ext-cloudflare-backend
     kind: SecretStore
   target:
     name: cloudflare-api-token
diff --git a/apps/templates/traefik.yaml b/apps/templates/traefik.yaml
new file mode 100644
index 0000000..2799255
--- /dev/null
+++ b/apps/templates/traefik.yaml
@@ -0,0 +1,85 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: traefik
+  namespace: argo-cd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: traefik
+  project: default
+  source:
+    chart: traefik
+    helm:
+      values: |
+
+        experimental:
+          http3:
+            enabled: true
+          plugins:
+            enabled: false
+          kubernetesGateway:
+            enabled: false
+
+        additionalArguments:
+          - "--api.insecure=true"
+          - "--ping"
+          - "--ping.entrypoint=traefik"
+
+        ports:
+          traefik:
+            port: 9000
+            expose: true
+            exposedPort: 9900
+            protocol: TCP
+          web:
+            port: 8080
+            exposedPort: 80
+            expose: true
+            protocol: TCP
+            redirectTo: websecure
+          websecure:
+            port: 4443
+            exposedPort: 443
+            expose: true
+            protocol: TCP
+            tls:
+              enabled: true
+          metrics:
+            port: 9102
+            expose: false
+          udp:
+            port: 6666
+            protocol: UDP
+            expose: true
+
+        tlsOptions:
+          default:
+            sniStrict: true
+            minVersion: VersionTLS12
+
+        service:
+          enabled: true
+          type: LoadBalancer
+
+        providers:
+          kubernetesCRD:
+            allowCrossNamespace: true
+          kubernetesIngress:
+            publishedService:
+              enabled: true
+
+        ingressClass:
+          enabled: true
+          isDefaultClass: true
+
+    repoURL: https://helm.traefik.io/traefik
+    targetRevision: 20.6.0
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true