apiVersion: v1
kind: Service
metadata:
  name: switch01
spec:
  ports:
  - name: app
    port: 80
    protocol: TCP
    targetPort: 80
  clusterIP: None
  type: ClusterIP

---

apiVersion: v1
kind: Endpoints
metadata:
  name: switch01
subsets:
- addresses:
  - ip: 192.168.21.3
  ports:
  - name: app
    port: 80
    protocol: TCP

---    

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: switch01-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-production 
    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16"
    nginx.ingress.kubernetes.io/auth-url: |-
        http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
    nginx.ingress.kubernetes.io/auth-signin: |-
        https://switch01.internal.durp.info/outpost.goauthentik.io/start?rd=$escaped_request_uri
    nginx.ingress.kubernetes.io/auth-response-headers: |-
        Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
    nginx.ingress.kubernetes.io/auth-snippet: |
        proxy_set_header X-Forwarded-Host $http_host;
spec:
  rules:
  - host: switch01.internal.durp.info
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: switch01
            port: 
              number: 80         
      - path: /outpost.goauthentik.io
        pathType: Prefix
        backend:
          service:
            name: ak-outpost-authentik-embedded-outpost
            port: 
              number: 9000
  tls:
    - hosts: 
      - switch01.internal.durp.info
      secretName: switch01-tls