---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: {{ item.name }}
  namespace: default
  annotations:
    kubernetes.io/ingress.class: traefik-external
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`{{ item.name }}.lino.cooking`)
      kind: Rule
      services:
        - name: {{ item.name }}
          port: {{ item.port }}
      middlewares:
        - name: default-headers
        - name: {{ item.name }}-forwardauth
          namespace: traefik
    - match: "Host(`{{ item.name }}.lino.cooking`) && PathPrefix(`/outpost.goauthentik.io/`)"
      kind: Rule
      priority: 15
      services:
        - kind: Service
          # Or, to use an external Outpost, create an ExternalName service and reference that here.
          # See https://kubernetes.io/docs/concepts/services-networking/service/#externalname
          name: authentik
          port: 9000
  tls:
    secretName: lino-cooking-tls