apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: homea2-cert
spec:
  secretName: homea2-cert
  issuerRef:
    name: letsencrypt-production-http
    kind: ClusterIssuer
  commonName: homea2.hottis.de
  dnsNames:
    - homea2.hottis.de
    - homea2-api.hottis.de
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
  name: mtls-required
spec:
  clientAuth:
    clientAuthType: RequireAndVerifyClientCert
    secretNames:
      - mtls-ca-cert
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ui
spec:
  entryPoints:
    - websecure
  tls:
    secretName: homea2-cert
    options:
      name: mtls-required
      namespace: homea2
  routes:
    - match: Host(`homea2.hottis.de`)
      kind: Rule
      services:
        - name: ui
          port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: api
spec:
  entryPoints:
    - websecure
  tls:
    secretName: homea2-cert
    options:
      name: mtls-required
      namespace: homea2
  routes:
    - match: Host(`homea2-api.hottis.de`)
      kind: Rule
      services:
        - name: api
          port: 80
---
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: api-internal
spec:
  ingressClassName: traefik-internal
  rules:
    - host: homea2-api-internal.hottis.de
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: api
                port:
                  number: 80