apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: debugger
  namespace: dex
spec:
  ingressClassName: haproxy
  rules:
  - host: dexdebug.strudelline.net
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: debugger
            port:
              number: 9009
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: dex
  name: debugger
spec:
  replicas: 1
  selector:
    matchLabels:
      app: debugger
  template:
    metadata:
      labels:
        app: debugger
    spec:
      containers:
      - image: ghcr.io/beryju/oidc-test-client:1.4
        name: debugger
        env:
        - name: OIDC_DO_REFRESH
          value: "false"
        - name: OIDC_DO_INTROSPECTION
          value: "false"
        - name: OIDC_CLIENT_ID
          value: dexdebug
        - name: OIDC_CLIENT_SECRET
          value: dexdebugSecret
        - name: OIDC_PROVIDER
          value: https://dex.strudelline.net
        - name: OIDC_ROOT_URL
          value: https://dexdebug.strudelline.net
        - name: OIDC_SCOPES
          value: openid,email,groups
        ports:
        - containerPort: 9009
          name: http
          protocol: TCP
      restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
  name: debugger
  namespace: dex
spec:
  ports:
  - port: 9009
    protocol: TCP
    targetPort: 9009
  selector:
    app: debugger
  type: ClusterIP
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: debugger-oidc-secret
  namespace: dex
spec:
  data:
  - remoteRef:
      key: oidc client - debugger
      property: username
    secretKey: id
  - remoteRef:
      key: oidc client - debugger
      property: password
    secretKey: secret
  - remoteRef:
      key: oidc client - debugger
      property: discovery_url
    secretKey: discovery_url
  refreshInterval: 60s
  secretStoreRef:
    kind: ClusterSecretStore
    name: bitwarden
  target:
    name: debugger-oidc-secret