apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: non-auth-proxy
  namespace: auth-proxy
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
    nginx.ingress.kubernetes.io/server-snippets: |
      location / {
        proxy_set_header Upgrade $http_upgrade;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header Connection "upgrade";
        proxy_cache_bypass $http_upgrade;
      }
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - hello-world.cluster.fun
    - ombi.cluster.fun
    - bsky-feeds.cluster.fun
    - ai.cluster.fun
    secretName: non-auth-proxy-ingress
  rules:
  - host: hello-world.cluster.fun
    http:
      paths:
      - path: /
        pathType: ImplementationSpecific
        backend:
          service:
            name: tailscale-proxy
            port:
              name: non-auth
  - host: ombi.cluster.fun
    http:
      paths:
      - path: /
        pathType: ImplementationSpecific
        backend:
          service:
            name: tailscale-proxy
            port:
              name: non-auth
  - host: bsky-feeds.cluster.fun
    http:
      paths:
      - path: /
        pathType: ImplementationSpecific
        backend:
          service:
            name: tailscale-proxy
            port:
              name: non-auth
  - host: ai.cluster.fun
    http:
      paths:
      - path: /
        pathType: ImplementationSpecific
        backend:
          service:
            name: tailscale-proxy
            port:
              name: non-auth