apiVersion: v1
kind: Service
metadata:
  name: light9
spec:
  ports:
    - protocol: TCP
      port: 8200
      targetPort: 8200
  type: ExternalName
  externalName: dash5
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: light9
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    ingress.pomerium.io/pass_identity_headers: "true"
    ingress.pomerium.io/preserve_host_header: "true"
    ingress.pomerium.io/allow_websockets: "true"
    ingress.pomerium.io/allow_public_unauthenticated_access: "false"
    ingress.pomerium.io/policy: |
      allow:
        or: 
          - { email: { is: "drewpca@gmail.com" }}
          - { email: { is: "kelsimp@gmail.com" }}
          - { email: { is: "david.mcclosky@gmail.com" }}
spec:
  ingressClassName: pomerium
  rules:
    - host: "light9.bigasterisk.com"
      http:
        paths:
          - { pathType: Prefix, path: "/", backend: { service: { name: light9, port: { number: 8200 } } } }
  tls:
    - hosts: [light9.bigasterisk.com]
      secretName: light9.bigasterisk.com-tls