---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
  name: contour
  namespace: projectcontour
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
spec:
  gatewayClassName: contour
  listeners:
    - name: snips-ssh
      protocol: TCP
      port: 2222
      allowedRoutes:
        kinds:
          - kind: TCPRoute
        namespaces:
          from: All

    - name: http
      protocol: HTTP
      port: 80
      allowedRoutes:
        namespaces:
          from: All

    - name: https
      hostname: "*.icb4dc0.de"
      port: 443
      protocol: HTTPS
      allowedRoutes:
        namespaces:
          from: All
      tls:
        mode: Terminate
        certificateRefs:
          - name: wildcard-icb4dc0-de-tls

    - name: forgejo
      hostname: "code.icb4dc0.de"
      port: 443
      protocol: HTTPS
      allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              kubernetes.io/metadata.name: forgejo
      tls:
        mode: Terminate
        certificateRefs:
          - name: forgejo-tls
    - name: ssh
      protocol: TCP
      port: 22
      allowedRoutes:
        kinds:
          - kind: TCPRoute
        namespaces:
          from: Selector
          selector:
            matchLabels:
              kubernetes.io/metadata.name: forgejo

    - name: vikunja
      hostname: "todo.icb4dc0.de"
      port: 443
      protocol: HTTPS
      allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              kubernetes.io/metadata.name: vikunja
      tls:
        mode: Terminate
        certificateRefs:
          - name: vikunja-tls

    - name: ente-endpoints
      hostname: "*.ente.icb4dc0.de"
      port: 443
      protocol: HTTPS
      allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              kubernetes.io/metadata.name: ente
      tls:
        mode: Terminate
        certificateRefs:
          - name: ente-tls

    - name: coder-port-forwards
      hostname: "*.ide.icb4dc0.de"
      port: 443
      protocol: HTTPS
      allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              kubernetes.io/metadata.name: coder
      tls:
        mode: Terminate
        certificateRefs:
          - name: coder-port-forwards-tls

    - name: garage-s3-subdomains
      hostname: "*.s3.icb4dc0.de"
      port: 443
      protocol: HTTPS
      allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              kubernetes.io/metadata.name: garage
      tls:
        mode: Terminate
        certificateRefs:
          - name: garage-s3-subdomains-tls

    - name: buildr-fider-community
      hostname: community.buildr.icb4dc0.de
      port: 443
      protocol: HTTPS
      allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              kubernetes.io/metadata.name: fider
      tls:
        mode: Terminate
        certificateRefs:
          - name: buildr-fider-community-tls

    - name: inetmock-fider-community
      hostname: community.inetmock.icb4dc0.de
      port: 443
      protocol: HTTPS
      allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              kubernetes.io/metadata.name: fider
      tls:
        mode: Terminate
        certificateRefs:
          - name: inetmock-fider-community-tls

    - name: fider-login
      hostname: login.fider.icb4dc0.de
      port: 443
      protocol: HTTPS
      allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              kubernetes.io/metadata.name: fider
      tls:
        mode: Terminate
        certificateRefs:
          - name: fider-login-tls

    - name: git-age-docs
      hostname: "docs.git-age.icb4dc0.de"
      port: 443
      protocol: HTTPS
      allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              kubernetes.io/metadata.name: blog
      tls:
        mode: Terminate
        certificateRefs:
          - name: git-age-docs-tls