apiVersion: apps/v1
kind: Deployment
metadata:
  name: proxmox-proxy
  namespace: external-services
spec:
  replicas: 1
  selector:
    matchLabels:
      app: proxmox-proxy
  template:
    metadata:
      labels:
        app: proxmox-proxy
    spec:
      containers:
        - name: nginx
          image: nginx:alpine
          ports:
            - containerPort: 80
          volumeMounts:
            - name: nginx-config
              mountPath: /etc/nginx/nginx.conf
              subPath: nginx.conf
      volumes:
        - name: nginx-config
          configMap:
            name: proxmox-proxy-config
---
apiVersion: v1
kind: Service
metadata:
  name: proxmox-proxy
  namespace: external-services
spec:
  selector:
    app: proxmox-proxy
  ports:
    - port: 80
      targetPort: 80
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: proxmox-proxy-config
  namespace: external-services
data:
  nginx.conf: |
    events {}
    http {
      server {
        listen 80;
        location / {
          proxy_pass https://${PROXMOX_IP};
          proxy_ssl_verify off;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
        }
      }
    }
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
  name: proxmox-route
  namespace: external-services
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`${PROXMOX_HOST}`)
      kind: Rule
      services:
        - name: proxmox-proxy
          port: 80
  tls:
    certResolver: cert-manager
    secretName: proxmox-tls
    domains:
      - main: "${PROXMOX_HOST}"