---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: homelab-gateway
  namespace: homelab
spec:
  gatewayClassName: traefik
  listeners:
    - allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              homelab-access: "true"
      name: web
      port: 8000
      protocol: HTTP
    - allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              homelab-access: "true"
      name: websecure
      port: 8443
      protocol: HTTPS
      tls:
        mode: Terminate
        certificateRefs:
          - kind: Secret
            name: wildcard-leechpepin-tls
    - allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              homelab-access: "true"
      name: postgres
      port: 5432
      protocol: TCP
    - allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              homelab-access: "true"
      name: redis
      port: 6379
      protocol: HTTP
    - allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              homelab-access: "true"
      name: ollama
      port: 11434
      protocol: HTTPS
      tls:
        mode: Terminate
        certificateRefs:
          - kind: Secret
            name: wildcard-leechpepin-tls
    - allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              homelab-access: "true"
      name: forgejo-ssh
      port: 2222
      protocol: TCP