|
8
|
1 apiVersion: networking.k8s.io/v1
|
|
|
2 kind: Ingress
|
|
|
3 metadata:
|
|
|
4 name: victoriametrics
|
|
|
5 annotations:
|
|
11
|
6 cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
8
|
7 ingress.pomerium.io/allow_public_unauthenticated_access: "false"
|
|
|
8 ingress.pomerium.io/pass_identity_headers: "true"
|
|
|
9 ingress.pomerium.io/preserve_host_header: "true"
|
|
|
10 ingress.pomerium.io/policy: |
|
|
|
11 allow:
|
|
|
12 or:
|
|
|
13 - { email: { is: "drewpca@gmail.com" }}
|
|
|
14 - { email: { is: "kelsimp@gmail.com" }}
|
|
|
15 ingress.pomerium.io/prefix_rewrite: "/m/"
|
|
|
16 spec:
|
|
|
17 ingressClassName: pomerium
|
|
|
18 rules:
|
|
|
19 - host: "bigasterisk.com"
|
|
|
20 http:
|
|
|
21 paths:
|
|
|
22 - pathType: Prefix
|
|
|
23 path: /m/
|
|
|
24 backend: { service: { name: victoriametrics, port: { number: 80 } } }
|
|
|
25 tls:
|
|
|
26 - hosts: [bigasterisk.com]
|
|
|
27 secretName: bigasterisk.com-tls
|
|
|
28 ---
|
|
|
29 apiVersion: networking.k8s.io/v1
|
|
|
30 kind: Ingress
|
|
|
31 metadata:
|
|
|
32 name: vmalert
|
|
|
33 annotations:
|
|
11
|
34 cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
8
|
35 ingress.pomerium.io/allow_public_unauthenticated_access: "false"
|
|
|
36 ingress.pomerium.io/pass_identity_headers: "true"
|
|
|
37 ingress.pomerium.io/preserve_host_header: "true"
|
|
|
38 ingress.pomerium.io/policy: |
|
|
|
39 allow:
|
|
|
40 or:
|
|
|
41 - { email: { is: "drewpca@gmail.com" }}
|
|
|
42 - { email: { is: "kelsimp@gmail.com" }}
|
|
|
43 # ingress.pomerium.io/prefix_rewrite: "/vmalert/"
|
|
|
44 spec:
|
|
|
45 ingressClassName: pomerium
|
|
|
46 rules:
|
|
|
47 - host: "bigasterisk.com"
|
|
|
48 http:
|
|
|
49 paths:
|
|
|
50 - pathType: Prefix
|
|
|
51 path: /vmalert/
|
|
|
52 backend: { service: { name: vmalert, port: { number: 80 } } }
|
|
|
53 tls:
|
|
|
54 - hosts: [bigasterisk.com]
|
|
|
55 secretName: bigasterisk.com-tls
|
|
|
56 ---
|
|
|
57 apiVersion: networking.k8s.io/v1
|
|
|
58 kind: Ingress
|
|
|
59 metadata:
|
|
|
60 name: alertmanager
|
|
|
61 annotations:
|
|
11
|
62 cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
8
|
63 ingress.pomerium.io/allow_public_unauthenticated_access: "false"
|
|
|
64 ingress.pomerium.io/pass_identity_headers: "true"
|
|
|
65 ingress.pomerium.io/preserve_host_header: "true"
|
|
|
66 ingress.pomerium.io/policy: |
|
|
|
67 allow:
|
|
|
68 or:
|
|
|
69 - { email: { is: "drewpca@gmail.com" }}
|
|
|
70 - { email: { is: "kelsimp@gmail.com" }}
|
|
|
71 ingress.pomerium.io/prefix_rewrite: "/"
|
|
|
72 spec:
|
|
|
73 ingressClassName: pomerium
|
|
|
74 rules:
|
|
|
75 - host: "bigasterisk.com"
|
|
|
76 http:
|
|
|
77 paths:
|
|
|
78 - pathType: Prefix
|
|
|
79 path: /alertmanager/
|
|
|
80 backend: { service: { name: alertmanager, port: { number: 80 } } }
|
|
|
81 tls:
|
|
|
82 - hosts: [bigasterisk.com]
|
|
|
83 secretName: bigasterisk.com-tls |
