providers:
  kubernetesIngress:
    publishedService: # Fixes ArgoCD health checks for LoadBalancer services
      enabled: true
  kubernetesCRD:
    allowCrossNamespace: true
deployment:
  replicas: 2

ingressRoute:
  dashboard:
    enabled: true
    # Optional: specify entrypoint
    entrypoint: traefik

api:
  dashboard: true
  debug: false

service:
  type: LoadBalancer
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.priority: "42"
    traefik.ingress.kubernetes.io/router.tls: "true"

ingressClass:
  enabled: true
  isDefaultClass: true

# Configure entry points
ports:
  metrics:
    expose:
      default: true
    observability:
      accessLogs: true
      metrics: true
      tracing: true
      traceVerbosity: detailed
  web:
    http:
      redirections:
        entrypoint:
          to: websecure
          scheme: https

  websecure:
    observability:
      accessLogs: true
      metrics: true
      tracing: true

  gitea-ssh:
    port: 2222
    expose:
      default: true
    exposedPort: 2222
    protocol: TCP

# -- IngressRouteTCP for Gitea SSH (cross-namespace to gitea/gitea-ssh service)
extraObjects:
- apiVersion: traefik.io/v1alpha1
  kind: IngressRouteTCP
  metadata:
    name: gitea-ssh
  spec:
    entryPoints:
    - gitea-ssh
    routes:
    - match: HostSNI(`*`)
      services:
      - name: gitea-ssh
        namespace: gitea
        port: 22