# HG changeset patch
# User drewp@bigasterisk.com
# Date 2022-09-15 06:16:14
# Node ID f7dea43be3a5213e55570d1736a7b4ac1725f0ff
# Parent  b605b92e89b8de8e71b7fc37dbc0a52c0dcac7e8

add projects.bigasterisk.com (but still fwd it to nginx)

diff --git a/ingress-default.yaml b/ingress-default.yaml
--- a/ingress-default.yaml
+++ b/ingress-default.yaml
@@ -17,3 +17,23 @@ spec:
   tls:
     - hosts: [bigasterisk.com]
       secretName: bigasterisk.com-tls
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: default-projects
+  annotations:
+    cert-manager.io/issuer: letsencrypt-prod
+    ingress.pomerium.io/allow_public_unauthenticated_access: "true"
+    ingress.pomerium.io/pass_identity_headers: "true"
+    ingress.pomerium.io/preserve_host_header: "true"
+spec:
+  ingressClassName: pomerium
+  rules:
+    - host: "projects.bigasterisk.com"
+      http:
+        paths:
+          - { pathType: Prefix, path: /, backend: { service: { name: nginx, port: { number: 11444 } } } }
+  tls:
+    - hosts: [projects.bigasterisk.com]
+      secretName: projects.bigasterisk.com-tls