---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-app
  namespace: authelia
  labels:
    app: test-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test-app
  template:
    metadata:
      labels:
        app: test-app
    spec:
      containers:
        - name: test-app
          imagePullPolicy: Never
          image: nginx-backend
          ports:
            - containerPort: 80

---
apiVersion: v1
kind: Service
metadata:
  name: test-app-service
  namespace: authelia
  labels:
    app: test-app
spec:
  selector:
    app: test-app
  ports:
    - port: 80
      name: http
    - port: 443
      name: https

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: insecure-ingress
  namespace: authelia
  annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/ingress.allow-http: "false"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  tls:
    - secretName: test-app-tls
      hosts:
        - home.example.com
  rules:
    - host: home.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test-app-service
              servicePort: 80

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: secure-ingress
  namespace: authelia
  annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/ingress.allow-http: "false"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/auth-url: "https://authelia-service.authelia.svc.cluster.local/api/verify"
    nginx.ingress.kubernetes.io/auth-signin: "https://login.example.com:8080/"
spec:
  tls:
    - secretName: test-app-tls
      hosts:
        - public.example.com
        - admin.example.com
        - dev.example.com
        - mx1.mail.example.com
        - mx2.mail.example.com
        - singlefactor.example.com
  rules:
    - host: public.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test-app-service
              servicePort: 80
    - host: admin.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test-app-service
              servicePort: 80
    - host: dev.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test-app-service
              servicePort: 80
    - host: mx1.mail.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test-app-service
              servicePort: 80
    - host: mx2.mail.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test-app-service
              servicePort: 80
    - host: singlefactor.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: test-app-service
              servicePort: 80