---
deployment:
  kind: DaemonSet
  minReadySeconds: 120
  dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
ports:
  web:
    redirections:
      entryPoint:
        to: websecure
        scheme: https
        permanent: true
    port: 80
  websecure:
    port: 443
  metrics:
    port: 9101
securityContext:
  capabilities:
    drop: [ALL]
    add: [NET_BIND_SERVICE]
  readOnlyRootFilesystem: true
  runAsGroup: 0
  runAsNonRoot: false
  runAsUser: 0

service:
  type: NodePort
  ipFamilyPolicy: PreferDualStack

updateStrategy:
  type: RollingUpdate
  rollingUpdate:
    maxUnavailable: 1
    maxSurge: 0

providers:
  kubernetesIngress:
    publishedService:
      enabled: false
  kubernetesCRD:
    allowCrossNamespace: true

ingressRoute:
  dashboard:
    enabled: true
    matchRule: Host(`traefik.services.yolokube.de`)
    entryPoints: ["traefik", "websecure"]
    middlewares:
      - name: authentik
        namespace: authentik
    tls:
      secretName: traefik-tls-key

logs:
  general:
    level: INFO