apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-production
    #nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    #nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
    nginx.ingress.kubernetes.io/auth-url: |-
        http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
    nginx.ingress.kubernetes.io/auth-signin: |-
        https://whoogle.durp.info/outpost.goauthentik.io/start?rd=$escaped_request_uri
    nginx.ingress.kubernetes.io/auth-response-headers: |-
        Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
    nginx.ingress.kubernetes.io/auth-snippet: |
        proxy_set_header X-Forwarded-Host $http_host;
   # nginx.ingress.kubernetes.io/server-snippets: |
   #   location / {
   #     proxy_set_header Upgrade $http_upgrade;
   #     proxy_http_version 1.1;
   #     proxy_set_header X-Forwarded-Host $http_host;
   #     proxy_set_header X-Forwarded-Proto $scheme;
   #     proxy_set_header X-Forwarded-For $remote_addr;
   #     proxy_set_header Host $host;
   #     proxy_set_header Connection "upgrade";
   #     proxy_set_header X-Real-IP $remote_addr;
   #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   #     proxy_set_header   Upgrade $http_upgrade;
   #     proxy_cache_bypass $http_upgrade;
   #     }
  name: ingress
spec:
  tls:
  - hosts:
    - kuma.durp.info
    secretName: kuma-tls
  rules:
  - host: kuma.durp.info
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: service
            port:
              number: 3001