inventory: add ingress and other manifests

hackerspace/inventory.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -25,7 +26,7 @@ spec:
         - name: INVENTORY_ASSETS_BASE_URL
           value: https://minio-cluster-shared.k-space.ee/inventory-5b342be1-60a1-4290-8061-e0b8fc17d40d/
         - name: OIDC_USERS_NAMESPACE
-          value: oidc-gateway
+          value: passmower
         - name: SECRET_KEY
           valueFrom:
             secretKeyRef:
@@ -82,5 +83,92 @@ spec:
       terminationGracePeriodSeconds: 30
       volumes:
       - name: tmp
-# TODO: full manifests
-# TODO: k6 ingress
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: inventory-app
+  labels:
+    app: inventory-app
+spec:
+  selector:
+    app: inventory-app
+  ports:
+  - protocol: TCP
+    port: 5000
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: inventory-app
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
+spec:
+  ingressClassName: shared
+  rules:
+  - host: inventory.k-space.ee
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: inventory-app
+            port:
+              number: 5000
+  tls:
+  - hosts:
+    - "*.codemowers.ee"
+---
+apiVersion: codemowers.cloud/v1beta1
+kind: OIDCClient
+metadata:
+  name: inventory-app
+spec:
+  uri: 'https://inventory.k-space.ee'
+  redirectUris:
+    - 'https://inventory.k-space.ee/login-callback'
+  grantTypes:
+    - 'authorization_code'
+  responseTypes:
+    - 'code'
+  availableScopes:
+    - 'openid'
+    - 'profile'
+  tokenEndpointAuthMethod: 'client_secret_basic'
+  pkce: false
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: inventory
+rules:
+  - verbs:
+      - get
+      - list
+      - watch
+    apiGroups:
+      - codemowers.cloud
+    resources:
+      - oidcusers
+      - oidcusers/status
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: inventory
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: inventory
+subjects:
+  - kind: ServiceAccount
+    name: inventory
+    namespace: hackerspace
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: inventory