---
apiVersion: v1
kind: Namespace
metadata:
  name: whoami
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: whoami-sa
  namespace: whoami
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: whoami-role
  namespace: whoami
rules:
- apiGroups: [""]
  resources: ["pods", "services"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: whoami-rolebinding
  namespace: whoami
subjects:
- kind: ServiceAccount
  name: whoami-sa
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: whoami-role
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: whoami
  namespace: whoami
spec:
  replicas: 1
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      serviceAccountName: whoami-sa
      containers:
        - name: whoami
          image: traefik/whoami
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: whoami
  namespace: whoami
spec:
  type: ClusterIP
  selector:
    app: whoami
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: whoami-web
  namespace: whoami
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`whoami.apps.mngoma.lab`)
      kind: Rule
      services:
        - name: whoami
          port: 80
          scheme: http
  tls: {}