---
apiVersion: v1
kind: Namespace
metadata:
  name: redis
---
apiVersion: v1
kind: Secret
metadata:
  name: redis-secret
  namespace: redis
type: Opaque
data:
  username: YWRtaW4=
  password: NjI4akZL
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: redis-sa
  namespace: redis
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: redis-role
  namespace: redis
rules:
- apiGroups: [""]
  resources: ["pods", "services"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: redis-rolebinding
  namespace: redis
subjects:
- kind: ServiceAccount
  name: redis-sa
  namespace: redis
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: redis-role
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: redis
  namespace: redis
spec:
  replicas: 1
  selector:
    matchLabels:
      app: redis
  template:
    metadata:
      labels:
        app: redis
    spec:
      serviceAccountName: redis-sa
      containers:
      - name: redis
        image: redis:7
        ports:
        - containerPort: 6379
        env:
        - name: REDIS_USERNAME
          valueFrom:
            secretKeyRef:
              name: redis-secret
              key: username
        - name: REDIS_PASSWORD
          valueFrom:
            secretKeyRef:
              name: redis-secret
              key: password
---
apiVersion: v1
kind: Service
metadata:
  name: redis
  namespace: redis
spec:
  type: ClusterIP
  selector:
    app: redis
  ports:
    - port: 6379
      targetPort: 6379
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: redis-ingress
  namespace: redis
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`redis.database.mngoma.lab`)
      kind: Rule
      services:
        - name: redis
          port: 6379
  tls: {}