feat: Add Flux-managed Traefik HelmRelease with Hetzner LB config

infrastructure/addons/kustomization.yaml

@@ -6,7 +6,7 @@ resources:
   - kustomization-external-secrets.yaml
   - kustomization-tailscale-operator.yaml
   - kustomization-tailscale-proxyclass.yaml
-  - kustomization-traefik-config.yaml
+  - kustomization-traefik.yaml
   - kustomization-flux-ui.yaml
   - kustomization-observability.yaml
   - kustomization-observability-content.yaml

infrastructure/addons/traefik/helmrelease-traefik.yaml

@@ -0,0 +1,43 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: traefik
+  namespace: flux-system
+spec:
+  interval: 10m
+  targetNamespace: kube-system
+  chart:
+    spec:
+      chart: traefik
+      version: "39.0.201"
+      sourceRef:
+        kind: HelmRepository
+        name: rancher-stable
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  values:
+    additionalArguments:
+      - "--entryPoints.flux.address=:9001/tcp"
+      - "--entryPoints.rancher.address=:9442/tcp"
+    service:
+      annotations:
+        load-balancer.hetzner.cloud/network-zone: eu-central
+      spec:
+        loadBalancerSourceRanges:
+          - 0.0.0.0/0
+    ports:
+      web:
+        nodePort: 31097
+      websecure:
+        nodePort: 30193
+      rancher:
+        port: 9442
+        expose: true
+        exposedPort: 9442
+        protocol: TCP

infrastructure/addons/traefik/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: addon-traefik
+  namespace: flux-system
+spec:
+  interval: 10m
+  path: ./infrastructure/addons/traefik
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  dependsOn:
+    - name: addon-tailscale-operator