# HG changeset patch
# User drewp@bigasterisk.com
# Date 2024-05-20 08:26:44
# Node ID aca4a29d06fc9f1b3ac3bcad63ed963dc6a5ae17
# Parent  6c61735514e98e5796415a9291be77ba7a407820

ingress

diff --git a/ingress.yaml b/ingress.yaml
new file mode 100644
--- /dev/null
+++ b/ingress.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: light9
+spec:
+  ports:
+    - protocol: TCP
+      port: 8200
+      targetPort: 8200
+  type: ExternalName
+  externalName: dash5
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: light9
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    ingress.pomerium.io/pass_identity_headers: "true"
+    ingress.pomerium.io/preserve_host_header: "true"
+    ingress.pomerium.io/allow_websockets: "true"
+    ingress.pomerium.io/allow_public_unauthenticated_access: "false"
+    ingress.pomerium.io/policy: |
+      allow:
+        or: 
+          - { email: { is: "drewpca@gmail.com" }}
+          - { email: { is: "kelsimp@gmail.com" }}
+          - { email: { is: "david.mcclosky@gmail.com" }}
+spec:
+  ingressClassName: pomerium
+  rules:
+    - host: "light9.bigasterisk.com"
+      http:
+        paths:
+          - { pathType: Prefix, path: "/", backend: { service: { name: light9, port: { number: 8200 } } } }
+  tls:
+    - hosts: [light9.bigasterisk.com]
+      secretName: light9.bigasterisk.com-tls