apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    cert-manager.io/issuer: "self-signed"
    # nginx.ingress.kubernetes.io/configuration-snippet: |
    #   more_set_headers "X-Forwarded-Proto: https";
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - ssokustom
    secretName: ssokustom-example-tls
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: app
            port:
              name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: auth-saml
  annotations:
    cert-manager.io/issuer: "self-signed"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - ssokustom
    secretName: ssokustom-example-tls
  rules:
  - http:
      paths:
      - path: /auth/saml(/|$)(.*)
        pathType: Prefix
        backend:
          service:
            name: hydra-saml
            port:
              name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: auth-dispatcher
  annotations:
    cert-manager.io/issuer: "self-signed"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
    nginx.ingress.kubernetes.io/x-forwarded-prefix: /auth/dispatcher
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - ssokustom
    secretName: ssokustom-example-tls
  rules:
  - http:
      paths:      
      - path: /auth/dispatcher(/|$)(.*)
        pathType: Prefix
        backend:
          service:
            name: hydra-dispatcher
            port:
              name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: auth
  annotations:
    cert-manager.io/issuer: "self-signed"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - ssokustom
    secretName: ssokustom-example-tls
  rules:
  - http:
      paths:      
      - path: /auth(/|$)(.*)
        pathType: Prefix
        backend:
          service:
            name: hydra
            port:
              name: hydra-public
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: saml-idp
  annotations:
    cert-manager.io/issuer: "self-signed"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /simplesaml/$2
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - ssokustom
    secretName: ssokustom-example-tls
  rules:
  - http:
      paths:     
      - path: /simplesaml(/|$)(.*)
        pathType: Prefix
        backend:
          service:
            name: saml-idp
            port:
              name: https