(iam) switch ingressroute to ingress

cluster/apps/auth/realms/bloopysphere/keycloak/instance/kustomization.yaml

@@ -3,4 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./keycloak.yaml
-  - ./routers/id-keycloak.yaml
+  - ./routers/kc-iam-ingress.yaml

cluster/apps/auth/realms/bloopysphere/keycloak/instance/routers/README.md

@@ -0,0 +1,5 @@
+# Routers
+
+I initially wanted to use an IngressRoute to leverage some extra perks. However, k8s_gateway does not pick up IngressRoutes and thus hairpins traffic. This is not desirable for an IAM service. Hence the addition of the Ingress.
+
+The IngressRoute is currently only for reference.

cluster/apps/auth/realms/bloopysphere/keycloak/instance/routers/kc-iam-ingress.yaml

@@ -0,0 +1,27 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: iam-ingress
+  namespace: auth
+  annotations:
+    traefik.ingress.kubernetes.io/service.serversscheme: tcp
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.middlewares: networking-chain-no-auth@kubernetescrd
+    traefik.ingress.kubernetes.io/affinity: "true"
+spec:
+  rules:
+    - host: &shost iam.${XYZ_DOMAIN}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: kc-instance-service
+                port:
+                  number: 8443
+  tls:
+    - secretName: "tls.${XYZ_DOMAIN/./-}"
+      hosts:
+        - *shost

cluster/apps/auth/realms/bloopysphere/keycloak/instance/routers/id-keycloak.yaml → cluster/apps/auth/realms/bloopysphere/keycloak/instance/routers/kc-iam-ingressroute.yaml

@@ -2,7 +2,7 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
-  name: id-keycloak
+  name: iam-keycloak
   namespace: auth
   annotations:
     hajimari.io/appName: IAM Settings