kube/whoami/application.yml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: whoami
spec:
  replicas: 1
  revisionHistoryLimit: 0
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      securityContext:
        runAsUser: 65534
        runAsGroup: 65534
      containers:
        - name: whoami
          image: mirror.gcr.io/traefik/whoami:latest
          env:
            - name: WHOAMI_PORT_NUMBER
              value: "8080"
          resources:
            limits:
              cpu: 10m
              memory: 15Mi
            requests:
              cpu: 1m
              memory: 2Mi
          securityContext:
            readOnlyRootFilesystem: true
          ports:
            - containerPort: 8080
              protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  name: whoami
  labels:
    app: whoami
spec:
  type: ClusterIP
  selector:
    app: whoami
  ports:
  - name: whoami-http
    port: 80
    targetPort: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: whoami
  annotations:
    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.middlewares: whoami-whoami@kubernetescrd
spec:
  rules:
  - host: "whoami.k-space.ee"
    http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service:
            name: whoami
            port:
              number: 80
  tls:
    - hosts:
      - "*.k-space.ee"
---
apiVersion: codemowers.cloud/v1beta1
kind: OIDCMiddlewareClient
metadata:
  name: whoami
spec:
  displayName: Who-Am-I
  uri: 'https://whoami.k-space.ee'
  headerMapping:
    email: Remote-Email
    groups: Remote-Groups
    name: Remote-Name
    user: Remote-Username