apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: llamactl-ingress
  namespace: llamactl
spec:
  entryPoints:
    - websecure
  routes:
  # Protected route for internal management API
  - match: Host(`${LLAMACTL_DOMAIN}`) && PathPrefix(`/api/v1`)
    kind: Rule
    services:
    - name: llamactl-proxy
      port: ${LLAMACTL_INTERNAL_PORT}
    middlewares:
      - name: "auth-authelia@kubernetescrd"
  # Unprotected route for OpenAI compatible API (uses API keys)
  - match: Host(`${LLAMACTL_DOMAIN}`) && PathPrefix(`/v1`)
    kind: Rule
    services:
    - name: llamactl-proxy
      port: ${LLAMACTL_INTERNAL_PORT}
  # Catch-all route
  - match: Host(`${LLAMACTL_DOMAIN}`)
    kind: Rule
    services:
    - name: llamactl-proxy
      port: ${LLAMACTL_INTERNAL_PORT}
    middlewares:
      - name: "auth-authelia@kubernetescrd"