deployment:
  initContainers:
  - name: volume-permissions
    image: busybox:stable@sha256:9ae97d36d26566ff84e8893c64a6dc4fe8ca6d1144bf5b87b2b85a32def253c7
    command: ["sh", "-c", "touch /data/acme.json; chown 65532:65532 /data/acme.json; chmod -v 600 /data/acme.json; chown -R 65532:65532 /var/log/traefik"]
    securityContext:
      runAsNonRoot: false
      runAsGroup: 0
      runAsUser: 0
    volumeMounts:
      - name: data
        mountPath: /data
      - name: access-log
        mountPath: /var/log/traefik
  additionalVolumes:
  - name: access-log
    hostPath:
      path:  /var/log/traefik/
certResolvers:
  letsencrypt:
    email: namesny.matus@gmail.com
    dnsChallenge:
      provider: cloudflare
      delayBeforeCheck: 30
      resolvers:
      - 1.1.1.1
      - 8.8.8.8
    storage: /data/acme.json
envFrom:
- secretRef:
    name: traefik-cf-secret
additionalVolumeMounts:
- name: access-log
  mountPath: /var/log/traefik/
logs:
  access:
    enabled: true
    filePath: /var/log/traefik/access.log
ingressRoute:
  dashboard:
    enabled: true
    matchRule: Host(`traefik.namesny.com`)
    entryPoints: ["websecure"]
    middlewares:
      - name: "auth-authelia@kubernetescrd"
providers:
  kubernetesCRD:
    allowCrossNamespace: true
persistence:
  enabled: true
  storageClass: retain-local-path
ports:
  websecure:
    tls:
      enabled: true
      certResolver: letsencrypt
      domains:
      - main: namesny.com
        sans:
        - "*.namesny.com"
  web:
    redirectTo:
      port: websecure
service:
  spec:
    externalTrafficPolicy: Local