---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }}
  namespace: {{ $.Release.Namespace }}
spec:
  compress: {}
---
# Here, an average of 300 requests per second is allowed.
# In addition, a burst of 200 requests is allowed.
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }}
  namespace: {{ $.Release.Namespace }}
spec:
  rateLimit:
    average: 600
    burst: 400
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }}
  namespace: {{ $.Release.Namespace }}
spec:
  headers:
    accessControlAllowMethods:
      - GET
      - OPTIONS
      - HEAD
      - PUT
    accessControlMaxAge: 100
    stsSeconds: 63072000
    # stsIncludeSubdomains: false
    # stsPreload: false
    forceSTSHeader: true
    contentTypeNosniff: true
    browserXssFilter: true
    referrerPolicy: same-origin
    customRequestHeaders:
      X-Forwarded-Proto: "https"
    customResponseHeaders:
      server: ''
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: {{ ternary (printf "%v-chain-basic" $.Release.Name) "chain-basic" $.Values.ingressClass.enabled }}
  namespace: {{ $.Release.Namespace }}
spec:
  chain:
    middlewares:
    - name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }}
    - name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }}
    - name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }}