apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: keycloak-tls
  namespace: kube-system
spec:
  secretName: keycloak-tls
  issuerRef:
    name: lets-encrypt
    kind: ClusterIssuer
  dnsNames:
    - keycloak.innovation-hub-niedersachsen.de

---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: keycloak
  namespace: kube-system
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`keycloak.innovation-hub-niedersachsen.de`)
      kind: Rule
      services:
        - name: keycloak-external
          port: 8080
  tls:
    secretName: keycloak-tls

---
apiVersion: v1
kind: Service
metadata:
  name: keycloak-external
  namespace: kube-system
spec:
  type: ExternalName
  externalName: keycloak.innohub.local
  ports:
    - port: 8080