apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: ratelimit
  namespace: default

spec:
  rateLimit:
    period: 1m
    average: 6
    burst: 12
    sourceCriterion:
      ipStrategy:
        excludedIPs:
          - 127.0.0.1/32
          - 192.168.1.7

    redis:
      secret: redissecret
      endpoints:
        - "127.0.0.1:6379"
      tls:
        certSecret: tlssecret
        caSecret: casecret
      db: 0
      poolSize: 42
      maxActiveConns: 42
      readTimeout: 42s
      writeTimeout: 42s
      dialTimeout: 42s

---
apiVersion: v1
kind: Secret
metadata:
  name: redissecret
  namespace: default
data:
  username: dXNlcg== # username: user
  password: cGFzc3dvcmQ= # password: password

---
apiVersion: v1
kind: Secret
metadata:
  name: casecret
  namespace: default

data:
  ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=

---
apiVersion: v1
kind: Secret
metadata:
  name: tlssecret
  namespace: default

data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=

---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: test2.route
  namespace: default

spec:
  entryPoints:
    - web

  routes:
    - match: Host(`foo.com`) && PathPrefix(`/will-be-limited`)
      priority: 12
      kind: Rule
      services:
        - name: whoami
          port: 80
      middlewares:
        - name: ratelimit