# apiVersion: traefik.containo.us/v1alpha1
# kind: Middleware
# metadata:
#   name: authentik-auth
#   namespace: adguard
# spec:
#   forwardAuth:
#     address: https://adguard.kluster.moll.re/outpost.goauthentik.io/auth/traefik
#     trustForwardHeader: true
#     authResponseHeaders:
#       - X-authentik-username
#       - X-authentik-groups
#       - X-authentik-email
#       - X-authentik-name
#       - X-authentik-uid
#       - X-authentik-jwt
#       - X-authentik-meta-jwks
#       - X-authentik-meta-outpost
#       - X-authentik-meta-provider
#       - X-authentik-meta-app
#       - X-authentik-meta-version

# ---

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: adguard-ingress
  namespace: adguard
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`adguard.kluster.moll.re`)
      kind: Rule
      # middlewares:
      #   - name: authentik-auth
      services:
        - name: adguard-home
          port: 3000
  tls:
    certResolver: default-tls