From 2b2fd929235cf8fbadf541c2c82407832f673a82 Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <wolfgang.hottgenroth@icloud.com>
Date: Sat, 29 Nov 2025 22:58:40 +0100
Subject: [PATCH] new mtls approach 2

---
 deployment/ingress.yaml | 43 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 deployment/ingress.yaml

diff --git a/deployment/ingress.yaml b/deployment/ingress.yaml
new file mode 100644
index 0000000..357b469
--- /dev/null
+++ b/deployment/ingress.yaml
@@ -0,0 +1,43 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: homea2-cert
+spec:
+  secretName: homea2-cert
+  issuerRef:
+    name: letsencrypt-production-http
+    kind: ClusterIssuer
+  commonName: homea2.hottis.de
+  dnsNames:
+    - homea2.hottis.de
+    - homea2-api.hottis.de
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TLSOptions
+metadata:
+  name: mtls-required
+spec:
+  clientAuth:
+    clientAuthType: RequireAndVerifyClientCert
+    secretNames:
+      - mtls-ca-cert
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: ui
+spec:
+  entryPoints:
+    - websecure
+  tls:
+    secretName: homea2-cert
+    options:
+      name: mtls-required
+      namespace: default
+  routes:
+    - match: Host(`homea2.hottis.de`)
+      kind: Rule
+      services:
+        - name: ui
+          port: 80
+