# SSL Certificate for auth.nge6.com (Keycloak alternative)
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
  name: keycloak-auth-certificate
  namespace: crossplane-system
spec:
  providerConfigRef:
    name: kubernetes-provider
  forProvider:
    manifest:
      apiVersion: cert-manager.io/v1
      kind: Certificate
      metadata:
        name: keycloak-auth-tls
        namespace: emissary
      spec:
        secretName: keycloak-auth-tls
        issuerRef:
          name: letsencrypt-dns
          kind: ClusterIssuer
        dnsNames:
          - auth.nge6.com
---
# Ambassador Host for auth.nge6.com
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
  name: keycloak-auth-host
  namespace: crossplane-system
spec:
  providerConfigRef:
    name: kubernetes-provider
  forProvider:
    manifest:
      apiVersion: getambassador.io/v3alpha1
      kind: Host
      metadata:
        name: keycloak-auth-host
        namespace: emissary
        annotations:
          external-dns.ambassador-service: emissary-ingress.emissary.svc.cluster.local
          external-dns.alpha.kubernetes.io/target: 212.2.241.28
      spec:
        hostname: auth.nge6.com
        tlsSecret:
          name: keycloak-auth-tls
---
# Ambassador Mapping for auth.nge6.com
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
  name: keycloak-auth-mapping
  namespace: crossplane-system
spec:
  providerConfigRef:
    name: kubernetes-provider
  forProvider:
    manifest:
      apiVersion: getambassador.io/v3alpha1
      kind: Mapping
      metadata:
        name: keycloak-auth-mapping
        namespace: emissary
      spec:
        hostname: auth.nge6.com
        prefix: /
        service: keycloak-http.auth-system:80
        timeout_ms: 30000
        connect_timeout_ms: 10000