---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-app
  namespace: authelia
  labels:
    app: test-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test-app
  template:
    metadata:
      labels:
        app: test-app
    spec:
      containers:
        - name: test-app
          image: nginx:alpine
          command: ["/entrypoint.sh"]
          ports:
            - containerPort: 80
          volumeMounts:
            - name: config-volume
              mountPath: /entrypoint.sh
              subPath: entrypoint.sh
            - name: config-volume
              mountPath: /etc/nginx/nginx.conf
              subPath: nginx.conf
            - name: config-volume
              mountPath: /tmp/html.tar.gz
              subPath: html.tar.gz
      volumes:
        - name: config-volume
          configMap:
            name: nginx-config
            items:
              - key: entrypoint.sh
                path: entrypoint.sh
                mode: 0755  # yamllint disable-line rule:octal-values
              - key: nginx.conf
                path: nginx.conf
              - key: html.tar.gz
                path: html.tar.gz
...
---
apiVersion: v1
kind: Service
metadata:
  name: test-app-service
  namespace: authelia
  labels:
    app: test-app
spec:
  selector:
    app: test-app
  ports:
    - port: 80
      name: http
    - port: 443
      name: https
...
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: insecure-ingress
  namespace: authelia
  annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/ingress.allow-http: "false"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  tls:
    - secretName: test-app-tls
      hosts:
        - home.example.com
  rules:
    - host: home.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test-app-service
              servicePort: 80
...
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: secure-ingress
  namespace: authelia
  annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/ingress.allow-http: "false"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/auth-url: "https://authelia-service.authelia.svc.cluster.local/api/verify"
    nginx.ingress.kubernetes.io/auth-signin: "https://login.example.com:8080/"
spec:
  tls:
    - secretName: test-app-tls
      hosts:
        - public.example.com
        - admin.example.com
        - dev.example.com
        - mx1.mail.example.com
        - mx2.mail.example.com
        - singlefactor.example.com
  rules:
    - host: public.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test-app-service
              servicePort: 80
    - host: admin.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test-app-service
              servicePort: 80
    - host: dev.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test-app-service
              servicePort: 80
    - host: mx1.mail.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test-app-service
              servicePort: 80
    - host: mx2.mail.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test-app-service
              servicePort: 80
    - host: singlefactor.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test-app-service
              servicePort: 80
...