|
7
|
1 apiVersion: networking.k8s.io/v1
|
|
|
2 kind: Ingress
|
|
|
3 metadata:
|
|
|
4 name: sco-bot
|
|
|
5 annotations:
|
|
|
6 cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
|
7 ingress.pomerium.io/allow_public_unauthenticated_access: "true"
|
|
|
8 ingress.pomerium.io/pass_identity_headers: "true"
|
|
|
9 ingress.pomerium.io/preserve_host_header: "true"
|
|
|
10 ingress.pomerium.io/allow_websockets: "true"
|
|
|
11 spec:
|
|
|
12 ingressClassName: pomerium
|
|
|
13 rules:
|
|
|
14 - host: "bigasterisk.com"
|
|
|
15 http:
|
|
|
16 paths:
|
|
|
17 - pathType: Prefix
|
|
|
18 path: /sco/
|
|
15
|
19 backend: { service: { name: sco-bot, port: { name: web } } }
|
|
7
|
20 tls:
|
|
|
21 - hosts: [bigasterisk.com]
|
|
|
22 secretName: bigasterisk.com-tls
|
|
15
|
23 ---
|
|
|
24 apiVersion: networking.k8s.io/v1
|
|
|
25 kind: Ingress
|
|
|
26 metadata:
|
|
|
27 name: sco-bot-prefect
|
|
|
28 annotations:
|
|
|
29 cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
|
30 ingress.pomerium.io/allow_public_unauthenticated_access: "false"
|
|
|
31 ingress.pomerium.io/pass_identity_headers: "true"
|
|
|
32 ingress.pomerium.io/preserve_host_header: "true"
|
|
|
33 ingress.pomerium.io/allow_websockets: "true"
|
|
|
34 ingress.pomerium.io/policy: |
|
|
|
35 allow:
|
|
|
36 or:
|
|
|
37 - { email: { is: "drewpca@gmail.com" }}
|
|
|
38 - { email: { is: "besustainable@gmail.com" }}
|
|
|
39 spec:
|
|
|
40 ingressClassName: pomerium
|
|
|
41 rules:
|
|
|
42 - host: "sco-bot-prefect.bigasterisk.com"
|
|
|
43 http:
|
|
|
44 paths:
|
|
|
45 - pathType: Prefix
|
|
|
46 # url sub path is broken of course, see https://github.com/PrefectHQ/prefect/issues/12096
|
|
|
47 path: /
|
|
|
48 backend: { service: { name: sco-bot, port: { name: prefect } } }
|
|
|
49 tls:
|
|
|
50 - hosts: [sco-bot-prefect.bigasterisk.com]
|
|
|
51 secretName: sco-bot-prefect.bigasterisk.com-tls
|
