From 54c1924973c55ae68163c2deeacafbbd63a2d444 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 29 Oct 2021 14:13:35 +0000
Subject: [PATCH 1/4] fix(charts): update helm release velero to v2.26.2 (#591)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 710089fda..3daed685b 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -117,7 +117,7 @@ dependencies:
     version: 0.17.1
     repository: https://helm.releases.hashicorp.com
   - name: velero
-    version: 2.26.1
+    version: 2.26.2
     repository: https://vmware-tanzu.github.io/helm-charts
   - name: victoria-metrics-k8s-stack
     version: 0.5.7

From d794b15675d3f586caf15e7848a3ddfdc7404e16 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 29 Oct 2021 14:15:20 +0000
Subject: [PATCH 2/4] fix(charts): update helm release thanos to v7.0.3 (#590)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 3daed685b..f24b6d83c 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -105,7 +105,7 @@ dependencies:
     version: 0.26.0
     repository: https://strimzi.io/charts/
   - name: thanos
-    version: 7.0.1
+    version: 7.0.3
     repository: https://charts.bitnami.com/bitnami
   - name: tigera-operator
     version: v3.20.2

From 2a42d019f296f7ff42e2038bfd61d7ea67fcf421 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 30 Oct 2021 01:57:28 +0000
Subject: [PATCH 3/4] fix(charts): update helm release thanos to v7.0.4 (#592)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index f24b6d83c..84edd2b66 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -105,7 +105,7 @@ dependencies:
     version: 0.26.0
     repository: https://strimzi.io/charts/
   - name: thanos
-    version: 7.0.3
+    version: 7.0.4
     repository: https://charts.bitnami.com/bitnami
   - name: tigera-operator
     version: v3.20.2

From e07c976ef9dcfdd020ab227af9e161c231ccbd29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o=20=22Bob=22=20Massard?= <tbobm@protonmail.com>
Date: Mon, 1 Nov 2021 10:11:50 +0100
Subject: [PATCH 4/4] feat(addons): add Traefik addon (#585)

* feat(addons): add Traefik addon

Signed-off-by: Theo Bob Massard <tbobm@protonmail.com>

* fix(traefik): normalize Kubernetes resources

- Use component=ingress on traefik's namespace
- Replace ingress netpol with monitoring (no point in allowing self)

Signed-off-by: Theo Bob Massard <tbobm@protonmail.com>

* feat(traefik): add support for ingress_cidrs

Create ALLOW NetworkPolicies for CIDRs in
`var.traefik['ingress_cidrs']`.

Signed-off-by: Theo Bob Massard <tbobm@protonmail.com>

* fix(traefik): remove control plane NetworkPolicy

There is no need for this netpol as there currently exist
no validating webhook.

This _should_ be added-back upon implementation
of traefik/traefik#7379.

Signed-off-by: Theo Bob Massard <tbobm@protonmail.com>
---
 README.md                   |   7 ++
 helm-dependencies.yaml      |   3 +
 modules/aws/README.md       |   7 ++
 modules/aws/traefik.tf      |   1 +
 modules/azure/README.md     |   7 ++
 modules/azure/traefik.tf    |   1 +
 modules/scaleway/README.md  |   7 ++
 modules/scaleway/traefik.tf |   1 +
 traefik.tf                  | 175 ++++++++++++++++++++++++++++++++++++
 variables.tf                |   6 ++
 10 files changed, 215 insertions(+)
 create mode 120000 modules/aws/traefik.tf
 create mode 120000 modules/azure/traefik.tf
 create mode 120000 modules/scaleway/traefik.tf
 create mode 100644 traefik.tf

diff --git a/README.md b/README.md
index 8b86c8fcb..16a34fdd1 100644
--- a/README.md
+++ b/README.md
@@ -145,6 +145,7 @@ No modules.
 | [helm_release.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.strimzi-kafka-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.tigera-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.traefik](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.vault](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubectl_manifest.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
@@ -179,6 +180,7 @@ No modules.
 | [kubernetes_namespace.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.strimzi-kafka-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.tigera-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.traefik](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.vault](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_network_policy.admiralty_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -245,6 +247,10 @@ No modules.
 | [kubernetes_network_policy.strimzi-kafka-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.tigera-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.tigera-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -320,6 +326,7 @@ No modules.
 | <a name="input_thanos-storegateway"></a> [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
+| <a name="input_traefik"></a> [traefik](#input\_traefik) | Customize traefik chart, see `traefik.tf` for supported values | `any` | `{}` | no |
 | <a name="input_vault"></a> [vault](#input\_vault) | Customize Hashicorp Vault chart, see `vault.tf` for supported values | `any` | `{}` | no |
 | <a name="input_victoria-metrics-k8s-stack"></a> [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no |
 
diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 84edd2b66..43cb14be5 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -110,6 +110,9 @@ dependencies:
   - name: tigera-operator
     version: v3.20.2
     repository: https://docs.projectcalico.org/charts
+  - name: traefik
+    version: v10.6.0
+    repository: https://helm.traefik.io/traefik
   - name: memcached
     version: 5.15.8
     repository: https://charts.bitnami.com/bitnami
diff --git a/modules/aws/README.md b/modules/aws/README.md
index 5fec388d6..7ecb34d26 100644
--- a/modules/aws/README.md
+++ b/modules/aws/README.md
@@ -139,6 +139,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [helm_release.thanos-storegateway](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos-tls-querier](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.tigera-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.traefik](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.vault](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.velero](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
@@ -187,6 +188,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubernetes_namespace.strimzi-kafka-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.thanos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.tigera-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.traefik](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.vault](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.velero](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -275,6 +277,10 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubernetes_network_policy.strimzi-kafka-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.tigera-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.tigera-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -399,6 +405,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | <a name="input_thanos-storegateway"></a> [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
+| <a name="input_traefik"></a> [traefik](#input\_traefik) | Customize traefik chart, see `traefik.tf` for supported values | `any` | `{}` | no |
 | <a name="input_vault"></a> [vault](#input\_vault) | Customize Hashicorp Vault chart, see `vault.tf` for supported values | `any` | `{}` | no |
 | <a name="input_velero"></a> [velero](#input\_velero) | Customize velero chart, see `velero.tf` for supported values | `any` | `{}` | no |
 | <a name="input_victoria-metrics-k8s-stack"></a> [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no |
diff --git a/modules/aws/traefik.tf b/modules/aws/traefik.tf
new file mode 120000
index 000000000..817a38f9d
--- /dev/null
+++ b/modules/aws/traefik.tf
@@ -0,0 +1 @@
+../../traefik.tf
\ No newline at end of file
diff --git a/modules/azure/README.md b/modules/azure/README.md
index b4df0353d..2627ab118 100644
--- a/modules/azure/README.md
+++ b/modules/azure/README.md
@@ -65,6 +65,7 @@ No modules.
 | [helm_release.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.strimzi-kafka-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.tigera-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.traefik](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.vault](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubectl_manifest.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
@@ -97,6 +98,7 @@ No modules.
 | [kubernetes_namespace.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.strimzi-kafka-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.tigera-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.traefik](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.vault](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_network_policy.admiralty_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -152,6 +154,10 @@ No modules.
 | [kubernetes_network_policy.strimzi-kafka-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.tigera-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.tigera-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -226,6 +232,7 @@ No modules.
 | <a name="input_thanos-storegateway"></a> [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
+| <a name="input_traefik"></a> [traefik](#input\_traefik) | Customize traefik chart, see `traefik.tf` for supported values | `any` | `{}` | no |
 | <a name="input_vault"></a> [vault](#input\_vault) | Customize Hashicorp Vault chart, see `vault.tf` for supported values | `any` | `{}` | no |
 | <a name="input_victoria-metrics-k8s-stack"></a> [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no |
 
diff --git a/modules/azure/traefik.tf b/modules/azure/traefik.tf
new file mode 120000
index 000000000..817a38f9d
--- /dev/null
+++ b/modules/azure/traefik.tf
@@ -0,0 +1 @@
+../../traefik.tf
\ No newline at end of file
diff --git a/modules/scaleway/README.md b/modules/scaleway/README.md
index e103f58b6..d8b342254 100644
--- a/modules/scaleway/README.md
+++ b/modules/scaleway/README.md
@@ -82,6 +82,7 @@ No modules.
 | [helm_release.thanos-memcached](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos-storegateway](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos-tls-querier](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.traefik](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.vault](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubectl_manifest.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
@@ -114,6 +115,7 @@ No modules.
 | [kubernetes_namespace.sealed-secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.strimzi-kafka-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.thanos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.traefik](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.vault](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_network_policy.admiralty_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -174,6 +176,10 @@ No modules.
 | [kubernetes_network_policy.sealed-secrets_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.strimzi-kafka-operator_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.strimzi-kafka-operator_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.traefik_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -263,6 +269,7 @@ No modules.
 | <a name="input_thanos-storegateway"></a> [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
+| <a name="input_traefik"></a> [traefik](#input\_traefik) | Customize traefik chart, see `traefik.tf` for supported values | `any` | `{}` | no |
 | <a name="input_vault"></a> [vault](#input\_vault) | Customize Hashicorp Vault chart, see `vault.tf` for supported values | `any` | `{}` | no |
 | <a name="input_victoria-metrics-k8s-stack"></a> [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no |
 
diff --git a/modules/scaleway/traefik.tf b/modules/scaleway/traefik.tf
new file mode 120000
index 000000000..817a38f9d
--- /dev/null
+++ b/modules/scaleway/traefik.tf
@@ -0,0 +1 @@
+../../traefik.tf
\ No newline at end of file
diff --git a/traefik.tf b/traefik.tf
new file mode 100644
index 000000000..e6d2761e9
--- /dev/null
+++ b/traefik.tf
@@ -0,0 +1,175 @@
+locals {
+
+  traefik = merge(
+    local.helm_defaults,
+    {
+      name                   = local.helm_dependencies[index(local.helm_dependencies.*.name, "traefik")].name
+      chart                  = local.helm_dependencies[index(local.helm_dependencies.*.name, "traefik")].name
+      repository             = local.helm_dependencies[index(local.helm_dependencies.*.name, "traefik")].repository
+      chart_version          = local.helm_dependencies[index(local.helm_dependencies.*.name, "traefik")].version
+      namespace              = "traefik"
+      enabled                = false
+      ingress_cidrs          = ["0.0.0.0/0"]
+      default_network_policy = true
+      manage_crds            = true
+    },
+    var.traefik
+  )
+
+  values_traefik = <<VALUES
+VALUES
+}
+
+
+resource "kubernetes_namespace" "traefik" {
+  count = local.traefik["enabled"] ? 1 : 0
+
+  metadata {
+    labels = {
+      name                               = local.traefik["namespace"]
+      "${local.labels_prefix}/component" = "ingress"
+    }
+
+    name = local.traefik["namespace"]
+  }
+}
+
+resource "helm_release" "traefik" {
+  count                 = local.traefik["enabled"] ? 1 : 0
+  repository            = local.traefik["repository"]
+  name                  = local.traefik["name"]
+  chart                 = local.traefik["chart"]
+  version               = local.traefik["chart_version"]
+  timeout               = local.traefik["timeout"]
+  force_update          = local.traefik["force_update"]
+  recreate_pods         = local.traefik["recreate_pods"]
+  wait                  = local.traefik["wait"]
+  atomic                = local.traefik["atomic"]
+  cleanup_on_fail       = local.traefik["cleanup_on_fail"]
+  dependency_update     = local.traefik["dependency_update"]
+  disable_crd_hooks     = local.traefik["disable_crd_hooks"]
+  disable_webhooks      = local.traefik["disable_webhooks"]
+  render_subchart_notes = local.traefik["render_subchart_notes"]
+  replace               = local.traefik["replace"]
+  reset_values          = local.traefik["reset_values"]
+  reuse_values          = local.traefik["reuse_values"]
+  skip_crds             = local.traefik["skip_crds"]
+  verify                = local.traefik["verify"]
+  values = compact([
+    local.values_traefik,
+    local.traefik["extra_values"],
+  ])
+  namespace = kubernetes_namespace.traefik.*.metadata.0.name[count.index]
+
+  depends_on = [
+    helm_release.kube-prometheus-stack,
+  ]
+}
+
+resource "kubernetes_network_policy" "traefik_default_deny" {
+  count = local.traefik["enabled"] && local.traefik["default_network_policy"] ? 1 : 0
+
+  metadata {
+    name      = "${kubernetes_namespace.traefik.*.metadata.0.name[count.index]}-default-deny"
+    namespace = kubernetes_namespace.traefik.*.metadata.0.name[count.index]
+  }
+
+  spec {
+    pod_selector {
+    }
+    policy_types = ["Ingress"]
+  }
+}
+
+resource "kubernetes_network_policy" "traefik_allow_namespace" {
+  count = local.traefik["enabled"] && local.traefik["default_network_policy"] ? 1 : 0
+
+  metadata {
+    name      = "${kubernetes_namespace.traefik.*.metadata.0.name[count.index]}-allow-namespace"
+    namespace = kubernetes_namespace.traefik.*.metadata.0.name[count.index]
+  }
+
+  spec {
+    pod_selector {
+    }
+
+    ingress {
+      from {
+        namespace_selector {
+          match_labels = {
+            name = kubernetes_namespace.traefik.*.metadata.0.name[count.index]
+          }
+        }
+      }
+    }
+
+    policy_types = ["Ingress"]
+  }
+}
+
+resource "kubernetes_network_policy" "traefik_allow_monitoring" {
+  count = local.traefik["enabled"] && local.traefik["default_network_policy"] ? 1 : 0
+
+  metadata {
+    name      = "${kubernetes_namespace.traefik.*.metadata.0.name[count.index]}-allow-monitoring"
+    namespace = kubernetes_namespace.traefik.*.metadata.0.name[count.index]
+  }
+
+  spec {
+    pod_selector {
+    }
+
+    ingress {
+      from {
+        namespace_selector {
+          match_labels = {
+            "${local.labels_prefix}/component" = "monitoring"
+          }
+        }
+      }
+    }
+
+    policy_types = ["Ingress"]
+  }
+}
+
+resource "kubernetes_network_policy" "traefik_allow_ingress" {
+  count = local.traefik["enabled"] && local.traefik["default_network_policy"] ? 1 : 0
+
+  metadata {
+    name      = "${kubernetes_namespace.traefik.*.metadata.0.name[count.index]}-allow-ingress"
+    namespace = kubernetes_namespace.traefik.*.metadata.0.name[count.index]
+  }
+
+  spec {
+    pod_selector {
+      match_expressions {
+        key      = "app.kubernetes.io/name"
+        operator = "In"
+        values   = ["traefik"]
+      }
+    }
+
+    ingress {
+      ports {
+        port     = "http"
+        protocol = "TCP"
+      }
+      ports {
+        port     = "https"
+        protocol = "TCP"
+      }
+
+      dynamic "from" {
+        for_each = local.traefik["ingress_cidrs"]
+        content {
+          ip_block {
+            cidr = from.value
+          }
+        }
+      }
+    }
+
+    policy_types = ["Ingress"]
+  }
+}
diff --git a/variables.tf b/variables.tf
index 7bf0ff48d..c1a667652 100644
--- a/variables.tf
+++ b/variables.tf
@@ -214,6 +214,12 @@ variable "tigera-operator" {
   default     = {}
 }
 
+variable "traefik" {
+  description = "Customize traefik chart, see `traefik.tf` for supported values"
+  type        = any
+  default     = {}
+}
+
 variable "vault" {
   description = "Customize Hashicorp Vault chart, see `vault.tf` for supported values"
   type        = any