deployment:
  kind: DaemonSet
hostNetwork: true
ports:
  web:
    port: 80
    redirectTo:
      port: "websecure"
  websecure:
    port: 443
    tls:
      certResolver: "letsencrypt"
  metrics:
    port: 9101
securityContext:
  capabilities:
    drop: [ALL]
    add: [NET_BIND_SERVICE]
  readOnlyRootFilesystem: true
  runAsGroup: 0
  runAsNonRoot: false
  runAsUser: 0

service:
  type: NodePort
  ipFamilyPolicy: PreferDualStack

persistence:
  enabled: true
  accessMode: ReadWriteMany

certResolvers:
  letsencrypt:
    email: letsencrypt@ar21.de
    tlsChallenge: true
    httpChallenge:
      entryPoint: "web"
    storage: /data/acme.json

updateStrategy:
  type: RollingUpdate
  rollingUpdate:
    maxUnavailable: 1
    maxSurge: 0

ingressRoute:
  dashboard:
    matchRule: Host(`traefik.services.yolokube.de`)
    entryPoints: ["traefik", "websecure"]
    middlewares:
      - name: basic-auth