--- apiVersion: v1 kind: Service metadata: labels: app: pinniped-supervisor name: pinniped-supervisor namespace: pinniped-supervisor spec: internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - port: 443 protocol: TCP targetPort: 8443 selector: deployment.pinniped.dev: supervisor sessionAffinity: None type: ClusterIP --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/backend-protocol: https nginx.ingress.kubernetes.io/configuration-snippet: | proxy_ssl_protocols TLSv1.2 TLSv1.3; proxy_ssl_name pinniped-supervisor.blog.tremolo.dev; proxy_ssl_server_name on; name: pinniped-supervisor namespace: pinniped-supervisor spec: rules: - host: pinniped-supervisor.blog.tremolo.dev http: paths: - backend: service: name: pinniped-supervisor port: number: 443 path: / pathType: ImplementationSpecific tls: - hosts: - pinniped-supervisor-api.blog.tremolo.dev secretName: tls-pinniped-supervisor-api-doesnotexist