#####################################################
# Secure traefik dashboard with https and basic auth
#####################################################

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard
spec:
  routes:
    - match: Host(`traefik.monteasua.com.br`)
      kind: Rule
      services:
        - name: api@internal
          kind: TraefikService
      middlewares:
        - name: basic-auth
  tls:
    secretName: monteasua-com-br-tls

###############################
# Middleware for basicAuth
###############################
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: basic-auth
spec:
  basicAuth:
    secret: authsecret

---
apiVersion: v1
kind: Secret
metadata:
  name: authsecret
  namespace: default
data:
  users: |2
    ZXVnZW5pdWNhcnZhbGhvOiRhcHIxJHZ5NTYwNEI2JDRMSkVqMjNycnNuSGt5RFhY
    c1hnLzEKCg==

###############################
# Middleware for HTTP->HTTPS
# This middleware is not needed in case of:
#      entrypoints.web.http.redirections.entryPoint.to=websecure
###############################
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: https-redirect
spec:
  redirectScheme:
    scheme: https
    permanent: true
    #port: 443
###############################
# Middleware for CORS
###############################
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: cors-all
spec:
  headers:
    accessControlAllowMethods:
      - "GET"
      - "OPTIONS"
      - "PUT"
      - "POST"
    accessControlAllowOriginList:
      - "origin-list-or-null"
    accessControlMaxAge: 100
    accessControlAllowHeaders:
      - "Content-Type"
    addVaryHeader: true
    customRequestHeaders:
      X-Forwarded-Proto: "https"