From 52101ca1e60a192ccabf59d2abea9f20086abe8e Mon Sep 17 00:00:00 2001
From: Steffen Illium <steffen.illium@gmail.com>
Date: Tue, 26 Mar 2024 22:40:13 +0100
Subject: [PATCH] treafik middlewares

---
 .../traefik-middleware-default-headers.yaml   | 16 ++++++++++
 infrastructure/03-traefik/base/values.yaml    | 31 ++++++++++++-------
 2 files changed, 36 insertions(+), 11 deletions(-)
 create mode 100644 infrastructure/03-traefik/base/traefik-middleware-default-headers.yaml

diff --git a/infrastructure/03-traefik/base/traefik-middleware-default-headers.yaml b/infrastructure/03-traefik/base/traefik-middleware-default-headers.yaml
new file mode 100644
index 0000000..435e574
--- /dev/null
+++ b/infrastructure/03-traefik/base/traefik-middleware-default-headers.yaml
@@ -0,0 +1,16 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: default-headers
+  namespace: traefik
+spec:
+  headers:
+    browserXssFilter: true
+    contentTypeNosniff: true
+    forceSTSHeader: true
+    stsIncludeSubdomains: true
+    stsPreload: true
+    stsSeconds: 15552000
+    customFrameOptionsValue: SAMEORIGIN
+    customRequestHeaders:
+      X-Forwarded-Proto: https
diff --git a/infrastructure/03-traefik/base/values.yaml b/infrastructure/03-traefik/base/values.yaml
index c60b092..978515e 100644
--- a/infrastructure/03-traefik/base/values.yaml
+++ b/infrastructure/03-traefik/base/values.yaml
@@ -11,6 +11,7 @@ deployment:
   replicas: 1
 
 rbac:
+  enabled: true
   namespaced: false
 
 autoscaling:
@@ -25,8 +26,15 @@ ingressRoute:
     # Add custom middlewares : authentication and redirection
     # middlewares:
     #   - name: traefik-dashboard-auth
+globalArguments:
+  - "--global.sendanonymoususage=false"
+  - "--global.checknewversion=false"
+
 additionalArguments:
-- "--api.insecure=true"
+  - "--serversTransport.insecureSkipVerify=true"
+  - "--log.level=INFO"
+  - "--api.insecure=true"
+
 
 ports:
   web:
@@ -43,14 +51,15 @@ ports:
       enabled: false
     tls:
       enabled: true
-      # this is the name of a TLSOption definition
-      options: ""
-      certResolver: "default"
-      domains:
-      - main: steffenillium.de
-        sans:
-        - *.steffenillium.de
-    # middlewares:
-    #   - namespace-name1@kubernetescrd
-    #   - namespace-name2@kubernetescrd
+
     middlewares: []
+
+service:
+  enabled: true
+  type: LoadBalancer
+  annotations: {}
+  labels: {}
+  spec:
+    loadBalancerIP: 192.168.178.102
+  loadBalancerSourceRanges: []
+  externalIPs: []