From 7ed9a2e099a4ba65af18f706a6ebc5d150776105 Mon Sep 17 00:00:00 2001
From: "Andrew M. Stoltz" <1578013+astoltz@users.noreply.github.com>
Date: Tue, 10 Mar 2026 01:08:29 -0500
Subject: [PATCH] Add Traefik dashboard with basicAuth protection

---
 apps/traefik-dashboard/traefik-dashboard.yaml | 58 +++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 apps/traefik-dashboard/traefik-dashboard.yaml

diff --git a/apps/traefik-dashboard/traefik-dashboard.yaml b/apps/traefik-dashboard/traefik-dashboard.yaml
new file mode 100644
index 0000000..93fdcae
--- /dev/null
+++ b/apps/traefik-dashboard/traefik-dashboard.yaml
@@ -0,0 +1,58 @@
+# Traefik Dashboard - BasicAuth protected
+# ArgoCD managed - BlueJay Lab
+---
+# BasicAuth credentials secret (admin:zenith-turret-falcon-umber)
+apiVersion: v1
+kind: Secret
+metadata:
+  name: traefik-dashboard-auth
+  namespace: traefik-system
+type: Opaque
+stringData:
+  users: "admin:$apr1$0URvzxzA$V6rOAD80XRUFeN7NR88VR."
+---
+# BasicAuth middleware
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: traefik-dashboard-auth
+  namespace: traefik-system
+spec:
+  basicAuth:
+    secret: traefik-dashboard-auth
+---
+# Dashboard IngressRoute
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: traefik-dashboard
+  namespace: traefik-system
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`traefik.iamworkin.lan`)
+      services:
+        - name: api@internal
+          kind: TraefikService
+      middlewares:
+        - name: traefik-dashboard-auth
+  tls:
+    secretName: traefik-tls
+---
+# TLS certificate for traefik.iamworkin.lan
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: traefik-tls
+  namespace: traefik-system
+spec:
+  secretName: traefik-tls
+  issuerRef:
+    name: step-ca-issuer
+    kind: ClusterIssuer
+  dnsNames:
+    - traefik.iamworkin.lan
+  duration: 720h
+  renewBefore: 168h