stack/kustomizations/matrix/ingress.yaml

153 lines
4.2 KiB
YAML

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: matrix
labels:
app.kubernetes.io/name: matrix
app.kubernetes.io/part-of: matrix
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 110m
spec:
ingressClassName: nginx
tls:
- hosts:
- matrix.distrust.co
secretName: matrix-distrust-co-tls
- hosts:
- matrix-fed.distrust.co
secretName: matrix-fed-distrust-co-tls
rules:
- host: matrix.distrust.co
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: synapse
port:
name: http
- host: matrix-fed.distrust.co
http:
paths:
- path: /_matrix/
pathType: Prefix
backend:
service:
name: synapse
port:
name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: matrix-media-repo
labels:
app.kubernetes.io/name: matrix
app.kubernetes.io/part-of: matrix
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 110m
# This combination of configurations allows for the media-repo to function
# properly
nginx.ingress.kubernetes.io/upstream-vhost: distrust.co
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_input_headers 'Host: distrust.co';
more_set_input_headers 'X-Forwarded-Host: distrust.co';
spec:
ingressClassName: nginx
tls:
- hosts:
- matrix.distrust.co
secretName: matrix-distrust-co-tls
rules:
- host: matrix.distrust.co
http:
paths:
- path: /_matrix/media/
pathType: Prefix
backend:
service:
name: media-repo
port:
name: http
- host: matrix-fed.distrust.co
http:
paths:
- path: /_matrix/
pathType: Prefix
backend:
service:
name: synapse
port:
name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: element-web
labels:
app.kubernetes.io/name: element-web
app.kubernetes.io/part-of: matrix
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/configuration-snippet: |
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'self'";
spec:
ingressClassName: nginx
tls:
- hosts:
- chat.distrust.co
secretName: element-distrust-co-tls
rules:
- host: chat.distrust.co
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: element-web
port:
name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: appservice-slack
labels:
app.kubernetes.io/name: appservice-slack
app.kubernetes.io/part-of: matrix
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/configuration-snippet: |
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'self'";
spec:
ingressClassName: nginx
tls:
- hosts:
- slack-bridge.matrix.distrust.co
secretName: slack-bridge-matrix-distrust-co-tls
rules:
- host: slack-bridge.matrix.distrust.co
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: appservice-slack
port:
name: rtm