diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/kustomization.yaml b/examples/traefik-v1.7/kubernetes/advanced-separate-pod/kustomization.yaml
index df98ba7..5d673ff 100644
--- a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/kustomization.yaml
+++ b/examples/traefik-v1.7/kubernetes/advanced-separate-pod/kustomization.yaml
@@ -1,3 +1,3 @@
-resources:
+bases:
 - traefik-forward-auth
 - whoami
diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/deployment.yaml b/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/deployment.yaml
index eb2c80a..4756539 100644
--- a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/deployment.yaml
+++ b/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/deployment.yaml
@@ -28,6 +28,9 @@ spec:
           value: "/config"
         - name: DOMAIN
           value: "example.com"
+        # INSECURE_COOKIE is required unless using https entrypoint
+        - name: INSECURE_COOKIE
+          value: "true"
         # Remove COOKIE_DOMAIN if not using auth host mode
         - name: COOKIE_DOMAIN
           value: "example.com"
@@ -46,11 +49,11 @@ spec:
             secretKeyRef:
               name: secrets
               key: google-client-secret
-        - name: COOKIE_SECRET
+        - name: SECRET
           valueFrom:
             secretKeyRef:
               name: secrets
-              key: cookie-secret
+              key: secret
         volumeMounts:
         - name: configs
           mountPath: /config
diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/traefik-forward-auth.env b/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/traefik-forward-auth.env
index 1541c47..06ab509 100644
--- a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/traefik-forward-auth.env
+++ b/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/traefik-forward-auth.env
@@ -1,3 +1,3 @@
 google-client-id=client-id
 google-client-secret=client-secret
-cookie-secret=something-random
+secret=something-random
diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/kustomization.yaml b/examples/traefik-v1.7/kubernetes/advanced-single-pod/kustomization.yaml
new file mode 100644
index 0000000..c8bfa5a
--- /dev/null
+++ b/examples/traefik-v1.7/kubernetes/advanced-single-pod/kustomization.yaml
@@ -0,0 +1,3 @@
+bases:
+- traefik
+- whoami
diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/deployment.yaml b/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/deployment.yaml
index ff93d63..b9fbc40 100644
--- a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/deployment.yaml
+++ b/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/deployment.yaml
@@ -29,11 +29,9 @@ spec:
         ports:
         - name: http
           containerPort: 80
-          hostPort: 80
           protocol: TCP
         - name: https
           containerPort: 443
-          hostPort: 443
           protocol: TCP
         - name: dash
           containerPort: 8080
@@ -52,10 +50,14 @@ spec:
         env:
         - name: CONFIG
           value: "/config"
-        - name: COOKIE_DOMAIN
-          value: "example.com"
         - name: DOMAIN
           value: "example.com"
+        # INSECURE_COOKIE is required if not using a https entrypoint
+        # - name: INSECURE_COOKIE
+        #   value: "true"
+        # Remove COOKIE_DOMAIN if not using auth host mode
+        - name: COOKIE_DOMAIN
+          value: "example.com"
         - name: AUTH_HOST
           value: "auth.example.com"
         - name: LOG_LEVEL
@@ -70,11 +72,11 @@ spec:
             secretKeyRef:
               name: secrets
               key: google-client-secret
-        - name: COOKIE_SECRET
+        - name: SECRET
           valueFrom:
             secretKeyRef:
               name: secrets
-              key: cookie-secret
+              key: secret
         volumeMounts:
         - name: configs
           mountPath: /config
diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/kustomization.yaml b/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/kustomization.yaml
index 4212c9d..6d5e085 100644
--- a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/kustomization.yaml
+++ b/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/kustomization.yaml
@@ -18,7 +18,7 @@ configMapGenerator:
 - name: configs
   files:
     - configs/traefik.toml
-    - config/traefik-forward-auth.ini
+    - configs/traefik-forward-auth.ini
 
 #
 # Secrets
diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/secrets/traefik-forward-auth.env b/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/secrets/traefik-forward-auth.env
index 1541c47..06ab509 100644
--- a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/secrets/traefik-forward-auth.env
+++ b/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/secrets/traefik-forward-auth.env
@@ -1,3 +1,3 @@
 google-client-id=client-id
 google-client-secret=client-secret
-cookie-secret=something-random
+secret=something-random
diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/service.yaml b/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/service.yaml
index 9629917..c21101a 100644
--- a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/service.yaml
+++ b/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/service.yaml
@@ -1,4 +1,26 @@
 #
+# Traefik Service
+#
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik
+  labels:
+    app: traefik
+spec:
+  # Use NodePort if required
+  type: LoadBalancer
+  selector:
+    app: traefik
+  ports:
+  - name: http
+    port: 80
+    targetPort: 80
+  - name: https
+    port: 443
+    targetPort: 443
+---
+#
 # Auth Service
 #
 apiVersion: v1
diff --git a/examples/traefik-v1.7/kubernetes/simple-separate-pod/k8s-traefik-forward-auth.yml b/examples/traefik-v1.7/kubernetes/simple-separate-pod/k8s-traefik-forward-auth.yml
index 56008d5..7ce12c3 100644
--- a/examples/traefik-v1.7/kubernetes/simple-separate-pod/k8s-traefik-forward-auth.yml
+++ b/examples/traefik-v1.7/kubernetes/simple-separate-pod/k8s-traefik-forward-auth.yml
@@ -29,6 +29,9 @@ spec:
         env:
         - name: DOMAIN
           value: "example.com"
+        # INSECURE_COOKIE is required unless using https entrypoint
+        - name: INSECURE_COOKIE
+          value: "true"
         - name: PROVIDERS_GOOGLE_CLIENT_ID
           valueFrom:
             secretKeyRef:
@@ -39,11 +42,11 @@ spec:
             secretKeyRef:
               name: secrets
               key: traefik-forward-auth-google-client-secret
-        - name: COOKIE_SECRET
+        - name: SECRET
           valueFrom:
             secretKeyRef:
               name: secrets
-              key: traefik-forward-auth-cookie-secret
+              key: traefik-forward-auth-secret
 
 ---
 #
@@ -84,4 +87,4 @@ type: Opaque
 data:
   traefik-forward-auth-google-client-id: base64-client-id
   traefik-forward-auth-google-client-secret: base64-client-secret
-  traefik-forward-auth-cookie-secret: base64-something-random
+  traefik-forward-auth-secret: base64-something-random