---
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
  name: blog-royalcat-dev-ns-record
spec:
  endpoints:
    - dnsName: blog.royalcat.dev
      recordTTL: 300
      recordType: A
      targets:
        - 130.61.173.37
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: blog-royalcat-dev
  namespace: royalcat-blog
spec:
  secretName: blog-royalcat-dev-tls-secret
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  dnsNames:
    - blog.royalcat.dev
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: royalcat-blog
  namespace: royalcat-blog
  labels:
    app: royalcat-blog
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
  tls:
    - secretName: blog-royalcat-dev-tls-secret
  rules:
    - host: blog.royalcat.dev
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: ghost
                port:
                  name: ghk8s