apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: default
  annotations:
    cert-manager.io/issuer: letsencrypt-prod
    ingress.pomerium.io/allow_public_unauthenticated_access: "true"
    ingress.pomerium.io/pass_identity_headers: "true"
    ingress.pomerium.io/preserve_host_header: "true"
spec:
  ingressClassName: pomerium
  rules:
    - host: "bigasterisk.com"
      http:
        paths:
          - { pathType: Prefix, path: /, backend: { service: { name: nginx, port: { number: 11444 } } } }
  tls:
    - hosts: [bigasterisk.com]
      secretName: bigasterisk.com-tls
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: default-projects
  annotations:
    cert-manager.io/issuer: letsencrypt-prod
    ingress.pomerium.io/allow_public_unauthenticated_access: "true"
    ingress.pomerium.io/pass_identity_headers: "true"
    ingress.pomerium.io/preserve_host_header: "true"
spec:
  ingressClassName: pomerium
  rules:
    - host: "projects.bigasterisk.com"
      http:
        paths:
          - { pathType: Prefix, path: /, backend: { service: { name: nginx, port: { number: 11444 } } } }
  tls:
    - hosts: [projects.bigasterisk.com]
      secretName: projects.bigasterisk.com-tls