apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: the-hub namespace: the-hub labels: app.kubernetes.io/name: the-hub app.kubernetes.io/part-of: mk-labs annotations: # TLS certificate managed by cert-manager + Cloudflare DNS-01 cert-manager.io/cluster-issuer: letsencrypt-prod # When Authentik forward-auth is ready, uncomment these: # nginx.ingress.kubernetes.io/auth-url: "https://guest-relations.local.mk-labs.cloud/outpost.goauthentik.io/auth/nginx" # nginx.ingress.kubernetes.io/auth-signin: "https://guest-relations.local.mk-labs.cloud/outpost.goauthentik.io/start?rd=$escaped_request_uri" # nginx.ingress.kubernetes.io/auth-response-headers: "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" # nginx.ingress.kubernetes.io/auth-snippet: | # proxy_set_header X-Original-URL $scheme://$http_host$request_uri; spec: ingressClassName: nginx tls: - hosts: - the-hub.local.mk-labs.cloud secretName: the-hub-tls rules: - host: the-hub.local.mk-labs.cloud http: paths: - path: / pathType: Prefix backend: service: name: the-hub port: name: http