---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ollama-proxy
  namespace: ollama
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: ollama-proxy
  template:
    metadata:
      labels:
        app.kubernetes.io/name: ollama-proxy
    spec:
      containers:
        - name: caddy
          image: caddy:2.10.0-alpine
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - mountPath: /etc/caddy
              name: proxy-config
          env:
            - name: API_KEY
              valueFrom:
                secretKeyRef:
                  name: ollama-api-key
                  key: API_KEY
      volumes:
        - name: proxy-config
          configMap:
            name: ollama-proxy-config
---
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: ollama
  name: ollama-proxy-config
data:
  Caddyfile: |
    http://ollama.lumpiasty.xyz {

      @requireAuth {
        not header Authorization "Bearer {env.API_KEY}"
      }

      respond @requireAuth "Unauthorized" 401

      reverse_proxy ollama:11434 {
        flush_interval -1
      }
    }
---
apiVersion: v1
kind: Service
metadata:
  namespace: ollama
  name: ollama-proxy
spec:
  type: ClusterIP
  selector:
    app.kubernetes.io/name: ollama-proxy
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP