apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-ingress
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`traefik.durp.info`)
    kind: Rule
    services:
    - name: api@internal
      kind: TraefikService
  tls:
    secretName: traefik-tls  

---

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: traefik-tls
  namespace: traefik
spec:
  secretName: traefik-tls
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
  commonName: "traefik.durp.info"
  dnsNames:
  - "traefik.durp.info"

---

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: authentik-ingress
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`authentik.durp.info`) && PathPrefix(`/`) 
    kind: Rule
    services:
    - name: master-cluster
      port: 443
  tls:
    secretName: authentik-tls

---

apiVersion: v1
kind: Service
metadata:
  name: authentik-server
spec:
  type: ExternalName
  externalName: authentik.durp.info

---

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: authentik-tls
spec:
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
  secretName: authentik-tls
  commonName: "authentik.durp.info"
  dnsNames:
  - "authentik.durp.info"


---

apiVersion: v1
kind: Endpoints
metadata:
  name: master-cluster
subsets:
  - addresses:
      - ip: 192.168.20.130
    ports:
      - port: 443

---

apiVersion: v1
kind: Service
metadata:
  name: master-cluster
spec:
  ports:
    - protocol: TCP
      port: 8080
      targetPort: 9376