apiVersion: apps/v1
kind: Deployment
metadata:
  name: ldapusermanager
  namespace: idp
  annotations:
    reloader.stakater.com/auto: "true"
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ldapusermanager
  template:
    metadata:
      labels:
        app: ldapusermanager
    spec:
      containers:
      - name: ldapusermanager
        image: wheelybird/ldap-user-manager:latest
        envFrom:
        - configMapRef:
            name: ldapusermanager
        - secretRef:
            name: ldapusermanager
        ports:
          - name: http
            containerPort: 80

---

kind: Service
apiVersion: v1
metadata:
  name:  ldapusermanager
  namespace: idp
spec:
  selector:
    app:  ldapusermanager
  type:  ClusterIP
  ports:
  - name: http
    port: 80

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ldapusermanager
  namespace: idp
  annotations:
    cert-manager.io/cluster-issuer: "bhasherca-k3s-issuer"
    cert-manager.io/common-name: "accounts.bhasher.com"
    nginx.ingress.kubernetes.io/auth-signin: https://idp.bhasher.com
    nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Groups
    nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
    nginx.ingress.kubernetes.io/auth-url: https://idp.bhasher.com/api/verify
    nginx.ingress.kubernetes.io/configuration-snippet: proxy_set_header X-Forwarded-Method $request_method;
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - accounts.bhasher.com
    secretName: ldapusermanager-tls
  rules:
  - host: accounts.bhasher.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: ldapusermanager
            port:
              number: 80