apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: pihole-certificate
  namespace: external-services
spec:
  secretName: pihole-skrd-fun-tls
  dnsNames:
    - "pihole.skrd.fun"
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
---
kind: Service
apiVersion: v1
metadata:
  name: pihole
  namespace: external-services
spec:
  type: ExternalName
  ports:
    - port: 80
  externalName: 192.168.3.5
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: pihole-rewrite
  namespace: external-services
spec:
  replacePathRegex:
    regex: ^/$
    replacement: /admin/
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pihole-ingress
  namespace: external-services
  annotations:
    traefik.ingress.kubernetes.io/router.middlewares: default-allow-local-only@kubernetescrd, default-redirect-https@kubernetescrd, external-services-pihole-rewrite@kubernetescrd
spec:
  ingressClassName: traefik
  rules:
  - host: pihole.skrd.fun
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: pihole
            port:
              number: 80
  tls:
  - secretName: pihole-skrd-fun-tls