apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
    name: cors
    namespace: rook-ceph
spec:
    headers:
        accessControlAllowMethods:
            - "GET"
            - "POST"
            - "OPTIONS"
            - "PUT"
        accessControlAllowHeaders:
            - "*"
        accessControlAllowOriginList:
            - "*"
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
    name: talos-s3-certificate
    namespace: rook-ceph
spec:
    secretName: talos-s3-skrd-fun-tls
    dnsNames:
        - "talos-s3.skrd.fun"
    issuerRef:
        name: letsencrypt-prod
        kind: ClusterIssuer
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
    name: bucket-access
    namespace: rook-ceph
    annotations:
        traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd, rook-ceph-cors@kubernetescrd
spec:
    ingressClassName: traefik
    rules:
        - host: talos-s3.skrd.fun
          http:
              paths:
                  - path: /
                    pathType: Prefix
                    backend:
                        service:
                            name: rook-ceph-rgw-my-store
                            port:
                                number: 80
    tls:
        - secretName: talos-s3-skrd-fun-tls