# apiVersion: v1
# kind: Secret
# metadata:
#   name: basic-auth-users-secret
#   namespace: kubernetes-dashboard
# data:
#   users: dXNlcjokYXByMSREdjgvWEFWayR1RmhjMlNyalloMGJuR09IYmNrV2oxCgo=

---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned
spec:
  selfSigned: {}

---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: kboard.taefik.local
  namespace: kubernetes-dashboard
spec:
  dnsNames:
    - kboard.taefik.local
  secretName: kboard.taefik.local
  issuerRef:
    name: selfsigned
    kind: ClusterIssuer

# ---

# apiVersion: traefik.io/v1alpha1
# kind: ServersTransport
# metadata:
#   name: insecure-transport
#   namespace: kubernetes-dashboard
# spec:
#   serverName: kubernetes-dashboard-kong-proxy
#   insecureSkipVerify: true
---
# Declaring the user list
# apiVersion: traefik.io/v1alpha1
# kind: Middleware
# metadata:
#   name: ingress-auth
#   namespace: kubernetes-dashboard
# spec:
#   basicAuth:
#     secret: basic-auth-users-secret

# ---
# apiVersion: traefik.io/v1alpha1
# kind: Middleware
# metadata:
#   name: strip-dashboard
#   namespace: kubernetes-dashboard
# spec:
#   stripPrefix:
#     prefixes:
#       - "/kboard"
#     forceSlash: true

# ---
# Host(`test.traefik.local`) && PathPrefix(`/kboard`)

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: kubernetes-dashboard-ingress
  namespace: kubernetes-dashboard
spec:
  entryPoints:
    # - web
    - websecure
  routes:
    - match: Host(`kboard.taefik.local`)
      kind: Rule
      # middlewares:
        # - name: ingress-auth
        #   namespace: kubernetes-dashboard
        # - name: strip-dashboard
        #   namespace: kubernetes-dashboard
      services:
        - name: kubernetes-dashboard-kong-proxy
          port: 443
          # scheme: https
          namespace: kubernetes-dashboard
          serversTransport: insecure-transport
      # Use the secret generated by cert-manager
  tls:
    secretName: kboard.taefik.local

---
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
  name: insecure-transport
  namespace: kubernetes-dashboard
spec:
  insecureSkipVerify: true
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "traefik"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    traefik.ingress.kubernetes.io/service.serverstransport: "kube-system@insecure-transport"
  name: dashboard
  namespace: kubernetes-dashboard
spec:
  rules:
  - host: dashboard.example.com
    http:
      paths:
        - pathType: Prefix
          path: "/"
          backend:
            service:
              name: kubernetes-dashboard
              port:
                number: 443
  tls:
  - hosts:
    - dashboard.example.com
    secretName: dashboard-ingress-cert