---
# Basic Auth Secret для защиты Loki
apiVersion: v1
kind: Secret
metadata:
  name: loki-basic-auth
  namespace: loki
type: Opaque
stringData:
  # Username: admin
  # Password: lokipass123
  # Сгенерировано с помощью: htpasswd -nb admin lokipass123
  users: |
    admin:$apr1$8jGXMp0X$xR7yGcZqz.pPJY4IaGQ0n0

---
# Traefik Middleware для Basic Auth
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: loki-auth
  namespace: loki
spec:
  basicAuth:
    secret: loki-basic-auth
    removeHeader: true

---
# Ingress для Loki с HTTPS и аутентификацией
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: loki-ingress
  namespace: loki
  annotations:
    # Использовать Traefik ingress controller
    kubernetes.io/ingress.class: traefik
    
    # Let's Encrypt сертификат
    cert-manager.io/cluster-issuer: letsencrypt-http
    cert-manager.io/acme-challenge-type: http01
    
    # Применить Basic Auth middleware
    traefik.ingress.kubernetes.io/router.middlewares: loki-loki-auth@kubernetescrd
    
    # Entry points (http и https)
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
  labels:
    app.kubernetes.io/name: loki
    argocd.argoproj.io/instance: loki
spec:
  ingressClassName: traefik
  rules:
    - host: loki.thedevops.dev
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: loki
                port:
                  number: 3100
  tls:
    - hosts:
        - loki.thedevops.dev
      secretName: loki-tls