apiVersion: apps/v1
kind: Deployment
metadata:
  name: traefik-forward-auth
  namespace: kube-system
  labels:
    app: traefik-forward-auth
spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik-forward-auth
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: traefik-forward-auth
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - image: git.janky.solutions/jankysolutions/infra/traefik-forward-auth:latest
        name: traefik-forward-auth
        resources:
          limits:
            memory: "128Mi"
            cpu: "500m"
        ports:
        - containerPort: 4181
          protocol: TCP
        envFrom:
          - configMapRef:
              name: traefik-forward-auth
          - secretRef:
              name: traefik-forward-auth
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-forward-auth
  namespace: kube-system
spec:
  selector:
    app: traefik-forward-auth
  ports:
  - name: auth-http
    port: 4181
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: traefik-forward-auth
  namespace: kube-system
spec:
  forwardAuth:
    address: http://traefik-forward-auth:4181
    authResponseHeaders:
      - X-Forwarded-User
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: traefik-forward-auth
  namespace: kube-system
  annotations:
    traefik.ingress.kubernetes.io/router.middlewares: kube-system-traefik-forward-auth@kubernetescrd
spec:
  rules:
  - host: authproxy.k8s.home.finn.io
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: traefik-forward-auth
            port: 
              number: 4181