FIX(traefik): enable traefik dashboard API

- insecure mode
Dashboard was returning 404 because api.insecure was set to false,
which disables the dashboard API on port 8080.

traefik/helm-values.yaml

@@ -32,7 +32,10 @@ spec:
     # API 활성화 (Dashboard에서 필요)
     api:
       dashboard: true
-      insecure: false
+
+    # CLI 추가 인자 (insecure는 helm values에 없어서 직접 추가)
+    additionalArguments:
+      - "--api.insecure=true"
 
     # ports 설정
     ports:

traefik/ingress.yaml

@@ -1,25 +1,64 @@
-apiVersion: networking.k8s.io/v1
+apiVersion: traefik.io/v1alpha1
-kind: Ingress
+kind: IngressRoute
 metadata:
-  name: traefik-dashboard-ingress
+  name: traefik-dashboard-route
   namespace: kube-system
-  annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd
 spec:
-  ingressClassName: traefik
+  entryPoints:
+    - websecure
+  routes:
+    # Dashboard UI - Authelia 인증 필요
+    - match: Host(`traefik0213.kro.kr`) && PathPrefix(`/dashboard`)
+      kind: Rule
+      services:
+        - name: api@internal
+          kind: TraefikService
+      middlewares:
+        - name: authelia-auth
+          namespace: authelia
+    # API - Authelia bypass (dashboard 내부 호출용)
+    - match: Host(`traefik0213.kro.kr`) && PathPrefix(`/api`)
+      kind: Rule
+      services:
+        - name: api@internal
+          kind: TraefikService
+    # Root redirect to dashboard
+    - match: Host(`traefik0213.kro.kr`) && Path(`/`)
+      kind: Rule
+      services:
+        - name: api@internal
+          kind: TraefikService
+      middlewares:
+        - name: authelia-auth
+          namespace: authelia
   tls:
-  - hosts:
-    - traefik0213.kro.kr
     secretName: traefik-dashboard-tls
-  rules:
+---
-  - host: traefik0213.kro.kr
+# HTTP to HTTPS redirect
-    http:
+apiVersion: traefik.io/v1alpha1
-      paths:
+kind: IngressRoute
-      - path: /
+metadata:
-        pathType: Prefix
+  name: traefik-dashboard-http
-        backend:
+  namespace: kube-system
-          service:
+spec:
-            name: traefik
+  entryPoints:
-            port:
+    - web
-              number: 8080
+  routes:
+    - match: Host(`traefik0213.kro.kr`)
+      kind: Rule
+      services:
+        - name: api@internal
+          kind: TraefikService
+      middlewares:
+        - name: redirect-to-https
+          namespace: kube-system
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: redirect-to-https
+  namespace: kube-system
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true