---
apiVersion: v1
kind: Service
metadata:
  name: memelord
spec:
  type: ClusterIP
  selector:
    app: memelord
  ports:
    - name: http
      port: 80
      targetPort: 8000
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: memelord-laurivosandi
spec:
  secretName: memelord-laurivosandi-tls
  dnsNames:
    - {{ .Values.hostname }}
  issuerRef:
    name: letsencrypt
    kind: ClusterIssuer
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: memelord-laurivosandi
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
  rules:
    - host: {{ .Values.hostname }}
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: memelord
                port:
                  number: 80
  tls:
    - secretName: memelord-laurivosandi-tls

---
apiVersion: codemowers.cloud/v1beta1
kind: OIDCClient
metadata:
  name: memelord-laurivosandi
spec:
  displayName: Memelord laurivosandi
  uri: https://{{ .Values.hostname }}/oidc/authenticate/
  redirectUris:
    - https://{{ .Values.hostname }}/oidc/callback/
  grantTypes:
    - authorization_code
    - refresh_token
  responseTypes:
    - code
  availableScopes:
    - openid
    - profile
  pkce: false