apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    cert-manager.io/issuer: "self-signed"
    # nginx.ingress.kubernetes.io/configuration-snippet: |
    #   more_set_headers "X-Forwarded-Proto: https";
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - ssokustom
      secretName: ssokustom-example-tls
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: oidc-test
                port:
                  name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: auth-ldap
  annotations:
    cert-manager.io/issuer: "self-signed"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
    nginx.ingress.kubernetes.io/x-forwarded-prefix: /auth/ldap
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header X-Forwarded-Proto https;
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - ssokustom
      secretName: ssokustom-example-tls
  rules:
    - http:
        paths:
          - path: /auth/ldap(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: hydra-ldap
                port:
                  name: hydra-ldap
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: auth-dispatcher
  annotations:
    cert-manager.io/issuer: "self-signed"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
    nginx.ingress.kubernetes.io/x-forwarded-prefix: /auth/dispatcher
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header X-Forwarded-Proto https;
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - ssokustom
      secretName: ssokustom-example-tls
  rules:
    - http:
        paths:
          - path: /auth/dispatcher(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: hydra-dispatcher
                port:
                  name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: auth
  annotations:
    cert-manager.io/issuer: "self-signed"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
    nginx.ingress.kubernetes.io/x-forwarded-prefix: /auth
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header X-Forwarded-Proto https;
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - ssokustom
      secretName: ssokustom-example-tls
  rules:
    - http:
        paths:
          - path: /auth(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: hydra
                port:
                  name: hydra-public