{% if traefik_version | regex_search('(1.)') %}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
{% if ingress_whitelist is defined %}
    ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}"
{% endif %}
    traefik.frontend.priority: "20"
{% if basic_auth is defined %}
    traefik.ingress.kubernetes.io/auth-type: basic
    traefik.ingress.kubernetes.io/auth-secret: basic-auth
{% endif %}
    ingress.kubernetes.io/custom-request-headers: "Authorization:Bearer {{ token_value.stdout | b64decode }}"
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  rules:
  - host: dashboard.{{ ingress_domain }}
    http:
      paths:
      - backend:
          serviceName: kubernetes-dashboard
          servicePort: 443
{% else %}
{% if traefik_version | regex_search('(2.)') %}
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  entryPoints:
  - https
  routes:
  - kind: Rule
    match: Host(`dashboard.{{ ingress_domain }}`)
    priority: 12
    middlewares:
{% if ingress_whitelist is defined %}
      - name: traefik-ipwhitelist
        namespace: tools
{% endif %}
{% if basic_auth is defined %}
      - name: basic-auth
        namespace: tools
{% endif %}
      - name: kubernetes-dashboard-auth
    services:
    - name: kubernetes-dashboard
      passHostHeader: true
      port: 443
      responseForwarding:
        flushInterval: 100ms
      weight: 1
  tls:
    options:
      name: default
      namespace: tools
    secretName: wildcard-cluster
{% endif %}
{% endif %}