apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-ingress
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`traefik.durp.info`)
    kind: Rule
    services:
    - name: api@internal
      kind: TraefikService
  tls:
    secretName: traefik-tls  

---

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: traefik-tls
  namespace: traefik
spec:
  secretName: traefik-tls
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
  commonName: "traefik.durp.info"
  dnsNames:
  - "traefik.durp.info"

---

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: authentik-ingress
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`test.durp.info`) && PathPrefix(`/`) 
    kind: Rule
    services:
    - name: foobar
      port: 443
  tls:
    secretName: authentik-tls

---

apiVersion: v1
kind: Service
metadata:
  name: authentik-server
spec:
  type: ExternalName
  externalName: authentik.durp.info

---

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: authentik-tls
spec:
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
  secretName: authentik-tls
  commonName: "test.durp.info"
  dnsNames:
  - "test.durp.info"

---

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: example-redirectregex
spec:
  redirectRegex:
    regex: (.)*
    replacement: https://authentik.durp.info/${1}
    permanent: false