Add dev

dev/traefik/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: traefik
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+- name: traefik
+  repository: https://traefik.github.io/charts
+  version: 34.0.0

dev/traefik/templates/config.yaml

@@ -0,0 +1,16 @@
+#apiVersion: v1
+#kind: ConfigMap
+#metadata:
+#  name: traefik-configmap
+#data:
+#  config.yml: |
+#    http:
+#      routers:
+#        router0:
+#          service: service0
+#          rule: Host(`testing.durp.info`)
+#      services:
+#        service0:
+#          loadBalancer:
+#            servers:
+#              - url: https://192.168.20.130

dev/traefik/templates/middleware.yaml

@@ -0,0 +1,35 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+    name: authentik-proxy-provider
+    namespace: traefik
+spec:
+  forwardAuth:
+    address: http://ak-outpost-dmz-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik?rd=$scheme://$http_host$request_uri
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
+
+---
+
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: whitelist
+  namespace: traefik
+spec:
+  ipWhiteList:
+    sourceRange:
+      - 192.168.0.0/16
+      - 172.16.0.0/12
+      - 10.0.0.0/8

dev/traefik/templates/traefik-dashboard.yaml

@@ -0,0 +1,34 @@
+#apiVersion: traefik.io/v1alpha1
+#kind: IngressRoute
+#metadata:
+#  name: traefik-ingress
+#spec:
+#  entryPoints:
+#    - websecure
+#  routes:
+#  - match: Host(`traefik.durp.info`)
+#    kind: Rule
+#    services:
+#    - name: api@internal
+#      kind: TraefikService
+#  tls:
+#    secretName: traefik-tls  
+#
+#---
+#
+#apiVersion: cert-manager.io/v1
+#kind: Certificate
+#metadata:
+#  name: traefik-tls
+#  namespace: traefik
+#spec:
+#  secretName: traefik-tls
+#  issuerRef:
+#    name: letsencrypt-production
+#    kind: ClusterIssuer
+#  commonName: "traefik.durp.info"
+#  dnsNames:
+#  - "traefik.durp.info"
+#
+#---
+#

dev/traefik/values.yaml

@@ -0,0 +1,59 @@
+traefik:
+  image: 
+    #    registry: registry.durp.info
+    #    repository: traefik
+    pullPolicy: Always
+  
+  providers:  
+    kubernetesCRD:
+      allowCrossNamespace: true
+      allowExternalNameServices: true
+      allowEmptyServices: false
+
+  deployment:
+    replicas: 3
+    revisionHistoryLimit: 1
+
+  # volumes:
+  #   - name: traefik-configmap
+  #     mountPath: "/config"
+  #     type: configMap
+  
+  ingressRoute:
+    dashboard:
+      enabled: true
+  
+  additionalArguments: 
+    #  - "--providers.file.filename=/config/config.yml"
+    - "--serversTransport.insecureSkipVerify=true"
+    - "--log.level=DEBUG"
+    - --experimental.plugins.jwt.moduleName=github.com/traefik-plugins/traefik-jwt-plugin
+    - --experimental.plugins.jwt.version=v0.7.0
+  
+  autoscaling:
+    enabled: true
+    minReplicas: 3
+    maxReplicas: 10
+    metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+    behavior:
+      scaleDown:
+        stabilizationWindowSeconds: 300
+        policies:
+        - type: Pods
+          value: 1
+          periodSeconds: 60
+  
+  
+  # -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for `traefik` container.
+  resources: 
+    requests:
+      cpu: "100m"
+      memory: "512Mi"
+    limits:
+      memory: "512Mi"