# HG changeset patch
# User drewp@bigasterisk.com
# Date 1675634706 28800
# Node ID 125c794511a674f6c00957ad6e0765ad859611dc
# Parent  7bd85b962845fe300b44852674d6683ded68b6cf
deployment config

diff -r 7bd85b962845 -r 125c794511a6 deploy.yaml
--- a/deploy.yaml	Sat Jan 21 21:59:14 2023 -0800
+++ b/deploy.yaml	Sun Feb 05 14:05:06 2023 -0800
@@ -31,3 +31,14 @@
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             { nodeSelectorTerms: [{ matchExpressions: [{ key: "kubernetes.io/hostname", operator: In, values: ["bang"] }] }] }
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: doorbell
+spec:
+  ports:
+  - {port: 80, targetPort: 8000}
+  selector:
+    app: doorbell
diff -r 7bd85b962845 -r 125c794511a6 ingress.yaml
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ingress.yaml	Sun Feb 05 14:05:06 2023 -0800
@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: doorbell
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    ingress.pomerium.io/allow_public_unauthenticated_access: "false"
+    ingress.pomerium.io/pass_identity_headers: "true"
+    ingress.pomerium.io/preserve_host_header: "true"
+    ingress.pomerium.io/policy: |
+      allow:
+        or: 
+          - { email: { is: "drewpca@gmail.com" }}
+          - { email: { is: "kelsimp@gmail.com" }}
+    ingress.pomerium.io/prefix_rewrite: "/"
+spec:
+  ingressClassName: pomerium
+  rules:
+    - host: "bigasterisk.com"
+      http:
+        paths:
+          - pathType: Prefix
+            path: /doorbell/
+            backend: { service: { name: doorbell, port: { number: 80 } } }
+  tls:
+    - hosts: [bigasterisk.com]
+      secretName: bigasterisk.com-tls
diff -r 7bd85b962845 -r 125c794511a6 skaffold.yaml
--- a/skaffold.yaml	Sat Jan 21 21:59:14 2023 -0800
+++ b/skaffold.yaml	Sun Feb 05 14:05:06 2023 -0800
@@ -12,5 +12,6 @@
 manifests:
   rawYaml:
   - deploy.yaml
+  - ingress.yaml
 deploy:
   kubectl: {}