Multi-layer routing

Co-authored-by: Romain <rtribotte@users.noreply.github.com>

integration/fixtures/k8s/01-traefik-crd.yml

@@ -48,6 +48,26 @@ spec:
                 items:
                   type: string
                 type: array
+              parentRefs:
+                description: |-
+                  ParentRefs defines references to parent IngressRoute resources for multi-layer routing.
+                  When set, this IngressRoute's routers will be children of the referenced parent IngressRoute's routers.
+                  More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#parentrefs
+                items:
+                  description: IngressRouteRef is a reference to an IngressRoute resource.
+                  properties:
+                    name:
+                      description: Name defines the name of the referenced IngressRoute
+                        resource.
+                      type: string
+                    namespace:
+                      description: Namespace defines the namespace of the referenced
+                        IngressRoute resource.
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
               routes:
                 description: Routes defines the list of routes.
                 items:

integration/fixtures/routing/multi_layer_auth.toml

@@ -0,0 +1,51 @@
+[global]
+  checkNewVersion = false
+  sendAnonymousUsage = false
+
+[log]
+  level = "DEBUG"
+  noColor = true
+
+[entryPoints]
+  [entryPoints.web]
+    address = ":8000"
+
+[api]
+  insecure = true
+
+[providers.file]
+  filename = "{{ .SelfFilename }}"
+
+## Dynamic Configuration ##
+
+[http.middlewares]
+  [http.middlewares.auth-middleware.forwardAuth]
+    address = "http://127.0.0.1:{{ .AuthPort }}/auth"
+    authResponseHeaders = ["X-User-Role", "X-User-Name"]
+
+[http.services]
+  [http.services.admin-service.loadBalancer]
+    [[http.services.admin-service.loadBalancer.servers]]
+      url = "http://{{ .AdminIP }}:80"
+
+  [http.services.developer-service.loadBalancer]
+    [[http.services.developer-service.loadBalancer.servers]]
+      url = "http://{{ .DeveloperIP }}:80"
+
+[http.routers]
+  # Parent router: matches path, applies auth middleware
+  [http.routers.parent-router]
+    rule = "PathPrefix(`/whoami`)"
+    middlewares = ["auth-middleware"]
+
+  # Child router for admin role
+  [http.routers.admin-router]
+    rule = "Header(`X-User-Role`, `admin`)"
+    service = "admin-service"
+    parentRefs = ["parent-router@file"]
+
+  # Child router for developer role
+  [http.routers.developer-router]
+    rule = "Header(`X-User-Role`, `developer`)"
+    service = "developer-service"
+    parentRefs = ["parent-router@file"]