From 703e9e8052b8498aa6abf4e5b3dae57a7436d104 Mon Sep 17 00:00:00 2001
From: nold <nold@gnu.one>
Date: Tue, 11 Jan 2022 22:02:12 +0100
Subject: [PATCH] Change: Ingress External selector & tlsoptions

---
 .../values/ingress-external.yaml              | 29 ++++++++++++++++++-
 resources/manifests/traefik-tls.yaml          | 15 ----------
 2 files changed, 28 insertions(+), 16 deletions(-)
 delete mode 100644 resources/manifests/traefik-tls.yaml

diff --git a/projects/ingress-external/values/ingress-external.yaml b/projects/ingress-external/values/ingress-external.yaml
index 293822dc..721f4cae 100644
--- a/projects/ingress-external/values/ingress-external.yaml
+++ b/projects/ingress-external/values/ingress-external.yaml
@@ -6,7 +6,12 @@ providers:
   kubernetesCRD:
     ingressClass: external
 
-globalArguments: []
+kubernetesIngress:
+  labelSelector: environment=external
+  namespaces:
+  - drone
+  - nextcloud
+  - gitea
 
 ports:
   web:
@@ -15,6 +20,28 @@ ports:
     tls:
       enabled: true
 
+globalArguments: []
+additionalArguments:
+  - "--providers.kubernetesingress.ingressclass=ingress-external"
+
+ingressRoute:
+  dashboard:
+    enabled: false
+
+tlsOptions:
+  default:
+    preferServerCipherSuites: true
+    minVersion: VersionTLS12
+    sniStrict: true
+    cipherSuites:
+      - TLS_AES_128_GCM_SHA256
+      - TLS_AES_256_GCM_SHA384
+      - TLS_CHACHA20_POLY1305_SHA256
+      - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+      - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+      - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+
+
 service:
   enabled: true
   type: LoadBalancer
diff --git a/resources/manifests/traefik-tls.yaml b/resources/manifests/traefik-tls.yaml
deleted file mode 100644
index 936a73db..00000000
--- a/resources/manifests/traefik-tls.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: TLSOption
-metadata:
-  name: default
-  namespace: kube-system
-spec:
-  minVersion: VersionTLS12
-  sniStrict: true
-  cipherSuites:
-    - TLS_AES_128_GCM_SHA256
-    - TLS_AES_256_GCM_SHA384
-    - TLS_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384