---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: pinniped-supervisor
  name: pinniped-supervisor
  namespace: pinniped-supervisor
spec:
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    deployment.pinniped.dev: supervisor
  sessionAffinity: None
  type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/backend-protocol: https
    nginx.ingress.kubernetes.io/configuration-snippet: |
           proxy_ssl_protocols TLSv1.2 TLSv1.3;
           proxy_ssl_name pinniped-supervisor.blog.tremolo.dev;
           proxy_ssl_server_name on;
  name: pinniped-supervisor
  namespace: pinniped-supervisor
spec:
  rules:
  - host: pinniped-supervisor.blog.tremolo.dev
    http:
      paths:
      - backend:
          service:
            name: pinniped-supervisor
            port:
              number: 443
        path: /
        pathType: ImplementationSpecific
  tls:
  - hosts:
    - pinniped-supervisor-api.blog.tremolo.dev
    secretName: tls-pinniped-supervisor-api-doesnotexist