---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: internal-only
  namespace: headlamp
spec:
  ipWhiteList:
    sourceRange:
      - 127.0.0.1/32
      - 10.0.0.0/8
      - 172.16.0.0/12
      - 192.168.0.0/16

---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: headlamp-redirect-scheme
  namespace: headlamp
spec:
  redirectScheme:
    scheme: https
    permanent: true

---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: headlamp-https
  namespace: headlamp
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`headlamp.{{ .internalDomain }}`)
      kind: Rule
      middlewares:
        - name: internal-only
          namespace: headlamp
      services:
        - name: headlamp
          port: 80
  tls:
    secretName: wildcard-internal-wild-cloud-tls

---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: headlamp-http
  namespace: headlamp
spec:
  entryPoints:
    - web
  routes:
    - match: Host(`headlamp.{{ .internalDomain }}`)
      kind: Rule
      middlewares:
        - name: headlamp-redirect-scheme
          namespace: headlamp
      services:
        - name: headlamp
          port: 80