apiVersion: apps/v1
kind: Deployment
metadata:
  name: whoami
  labels:
    app: whoami
spec:
  replicas: 1
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      containers:
      - image: containous/whoami
        name: whoami
---
apiVersion: v1
kind: Service
metadata:
  name: whoami
  labels:
    app: whoami
spec:
  type: ClusterIP
  ports:
  - name: http
    port: 80
  selector:
    app: whoami
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: whoami-hottis-de
spec:
  secretName: whoami-cert
  duration: 2160h
  renewBefore: 360h
  subject:
    organizations:
      - hottis-de
  isCA: false
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048
  usages:
    - server auth
  dnsNames:
    - whoami.hottis.de
  issuerRef:
    name: letsencrypt-production-http
    kind: ClusterIssuer
    group: cert-manager.io
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: whoami
  labels:
    app: whoami
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`whoami.hottis.de`)
    kind: Rule
    services:
      - name: whoami
        port: 80
    middlewares:
      - name: traefik-forward-auth
  tls:
    secretName: whoami-cert