apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: pomerium-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    # kubernetes.io/tls-acme: "true"
    # certmanager.k8s.io/issuer: "letsencrypt-prod"
    # nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    # nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
    # to avoid ingress routing, enable
    # nginx.ingress.kubernetes.io/ssl-passthrough: "true"

spec:
  tls:
    - secretName: pomerium-tls
      hosts:
        - "*.corp.beyondperimeter.com"
        - "authenticate.corp.beyondperimeter.com"

  rules:
    - host: "*.corp.beyondperimeter.com"
      http:
        paths:
          - paths:
            backend:
              serviceName: pomerium-proxy-service
              servicePort: http

    - host: "authenticate.corp.beyondperimeter.com"
      http:
        paths:
          - paths:
            backend:
              serviceName: pomerium-authenticate-service
              servicePort: http