apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: keycloak-headers
  namespace: kube-system
spec:
  headers:
    customRequestHeaders:
      X-Forwarded-Proto: "https"
      X-Forwarded-Port: "443"

---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: keycloak
  namespace: kube-system
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`keycloak.innovation-hub-niedersachsen.de`)
      kind: Rule
      middlewares:
        - name: keycloak-headers
      services:
        - name: keycloak-external
          port: 8080
  tls:
    secretName: keycloak-tls

---
apiVersion: v1
kind: Service
metadata:
  name: keycloak-external
  namespace: kube-system
spec:
  type: ExternalName
  externalName: keycloak.innohub.local
  ports:
    - port: 8080


#---
#apiVersion: cert-manager.io/v1
#kind: Certificate
#metadata:
#  name: keycloak-tls
#  namespace: kube-system
#spec:
#  secretName: keycloak-tls
#  issuerRef:
#    name: lets-encrypt
#    kind: ClusterIssuer
#  dnsNames:
#    - keycloak.innovation-hub-niedersachsen.de
#