154 lines
3.5 KiB
YAML
154 lines
3.5 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: test-app
|
|
namespace: authelia
|
|
labels:
|
|
app: test-app
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: test-app
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: test-app
|
|
spec:
|
|
containers:
|
|
- name: test-app
|
|
image: nginx:alpine
|
|
command: ["/entrypoint.sh"]
|
|
ports:
|
|
- containerPort: 80
|
|
volumeMounts:
|
|
- name: config-volume
|
|
mountPath: /entrypoint.sh
|
|
subPath: entrypoint.sh
|
|
- name: config-volume
|
|
mountPath: /etc/nginx/nginx.conf
|
|
subPath: nginx.conf
|
|
- name: config-volume
|
|
mountPath: /tmp/html.tar.gz
|
|
subPath: html.tar.gz
|
|
volumes:
|
|
- name: config-volume
|
|
configMap:
|
|
name: nginx-config
|
|
items:
|
|
- key: entrypoint.sh
|
|
path: entrypoint.sh
|
|
mode: 0755
|
|
- key: nginx.conf
|
|
path: nginx.conf
|
|
- key: html.tar.gz
|
|
path: html.tar.gz
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: test-app-service
|
|
namespace: authelia
|
|
labels:
|
|
app: test-app
|
|
spec:
|
|
selector:
|
|
app: test-app
|
|
ports:
|
|
- port: 80
|
|
name: http
|
|
- port: 443
|
|
name: https
|
|
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Ingress
|
|
metadata:
|
|
name: insecure-ingress
|
|
namespace: authelia
|
|
annotations:
|
|
kubernetes.io/ingress.class: "nginx"
|
|
kubernetes.io/ingress.allow-http: "false"
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
spec:
|
|
tls:
|
|
- secretName: test-app-tls
|
|
hosts:
|
|
- home.example.com
|
|
rules:
|
|
- host: home.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Ingress
|
|
metadata:
|
|
name: secure-ingress
|
|
namespace: authelia
|
|
annotations:
|
|
kubernetes.io/ingress.class: "nginx"
|
|
kubernetes.io/ingress.allow-http: "false"
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/auth-url: "https://authelia-service.authelia.svc.cluster.local/api/verify"
|
|
nginx.ingress.kubernetes.io/auth-signin: "https://login.example.com:8080/"
|
|
spec:
|
|
tls:
|
|
- secretName: test-app-tls
|
|
hosts:
|
|
- public.example.com
|
|
- admin.example.com
|
|
- dev.example.com
|
|
- mx1.mail.example.com
|
|
- mx2.mail.example.com
|
|
- singlefactor.example.com
|
|
rules:
|
|
- host: public.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: admin.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: dev.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: mx1.mail.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: mx2.mail.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: singlefactor.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|