apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
  name: keycloak-frontend
spec:
  serverName: keycloak.keycloak.svc.cluster.local
  rootCAsSecrets:
    - keycloak-frontend
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: keycloak
  annotations:
    traefik.ingress.kubernetes.io/router.middlewares: keycloak-keycloak-root-redirect@kubernetescrd
spec:
  rules:
    - host: auth.janky.solutions
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name:  keycloak
                port:
                  name: web
---
apiVersion: v1
kind: Service
metadata:
  name: keycloak
  labels:
    app: keycloak # so prometheus can find this service
  annotations:
    traefik.ingress.kubernetes.io/service.serverstransport: keycloak-keycloak-frontend@kubernetescrd
    traefik.ingress.kubernetes.io/service.serversscheme: https
spec:
  ports:
  - name: web
    port: 8443
  - name: management
    port: 9000
  clusterIP: None
  selector:
    app: keycloak
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: keycloak-root-redirect
spec:
  redirectRegex:
    regex: ^https://auth.janky.solutions/$
    replacement: https://auth.janky.solutions/realms/janky.solutions/account