globalArguments:
  - "--global.sendanonymoususage=false"
  - "--global.checknewversion=true"

additionalArguments:
  - "--serversTransport.insecureSkipVerify=true"
  - "--log.level=INFO"
  - "--experimental.plugins.bouncer.moduleName=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin" # add crowdsec
  - "--experimental.plugins.bouncer.version=v1.1.16" # you will need to update this from time to time
  - "--entrypoints.web.http.middlewares=traefik-bouncer@kubernetescrd"
  - "--entrypoints.websecure.http.middlewares=traefik-bouncer@kubernetescrd"
  - "--providers.kubernetescrd"

deployment:
  enabled: true
  replicas: 2 # we have 2 worker nodes
  annotations: {}
  podAnnotations: {}
  additionalContainers: []
  initContainers: []

nodeSelector: 
  worker: "true" # assign pods to worker nodes

ports:
  web:
    redirectTo: websecure
  websecure:
    tls:
      enabled: true
  wireguard: # example of other entrypoint (e.g., wireguard through proxy)
    port: 51820
    expose: true
    exposedPort: 51820
    protocol: UDP
      
ingressRoute:
  dashboard:
    enabled: false

providers:
  kubernetesCRD:
    enabled: true
    ingressClass: traefik-external
    allowExternalNameServices: true
    allowCrossNamespace: true
  kubernetesIngress:
    enabled: true
    allowExternalNameServices: true
    publishedService:
      enabled: false

rbac:
  enabled: true

service:
  enabled: true
  type: LoadBalancer
  annotations: {}
  labels: {}
  spec:
    loadBalancerIP: 192.168.3.65 # this should be an IP in the MetalLB range
    externalTrafficPolicy: Local
  loadBalancerSourceRanges: []
  externalIPs: []

logs:
  access:
    enabled: true

experimental:
  plugins:
    enabled: true

volumes:
  - name: crowdsec-bouncer-tls
    mountPath: /etc/traefik/crowdsec-certs/
    type: secret

image:
  pullPolicy: Always # whenever we delete the pod it will pull the newest - change as you wish