--- apiVersion: apps/v1 kind: Deployment metadata: name: whoami spec: replicas: 1 revisionHistoryLimit: 0 selector: matchLabels: app: whoami template: metadata: labels: app: whoami spec: securityContext: runAsUser: 65534 runAsGroup: 65534 containers: - name: whoami image: traefik/whoami resources: limits: cpu: 10m memory: 10Mi requests: cpu: 1m memory: 2Mi securityContext: readOnlyRootFilesystem: true ports: - containerPort: 80 protocol: TCP --- apiVersion: v1 kind: Service metadata: name: whoami labels: app: whoami spec: type: ClusterIP selector: app: whoami ports: - name: whoami-http port: 80 targetPort: 80 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: whoami annotations: external-dns.alpha.kubernetes.io/target: traefik.k-space.ee kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.middlewares: whoami-whoami@kubernetescrd spec: rules: - host: "whoami.k-space.ee" http: paths: - pathType: Prefix path: / backend: service: name: whoami port: number: 80 tls: - hosts: - "*.k-space.ee" --- apiVersion: codemowers.cloud/v1beta1 kind: OIDCMiddlewareClient metadata: name: whoami spec: displayName: Who-Am-I uri: 'https://whoami.k-space.ee' headerMapping: email: Remote-Email groups: Remote-Groups name: Remote-Name user: Remote-Username