40 lines
1.3 KiB
YAML
40 lines
1.3 KiB
YAML
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
resources:
|
|
- ../../base
|
|
|
|
namePrefix: prod-
|
|
|
|
patches:
|
|
- target:
|
|
kind: Ingress
|
|
name: bakery-ingress
|
|
patch: |-
|
|
- op: replace
|
|
path: /spec/tls/0/hosts/0
|
|
value: bakewise.ai
|
|
- op: replace
|
|
path: /spec/tls/0/secretName
|
|
value: bakery-ia-prod-tls-cert
|
|
- op: replace
|
|
path: /spec/rules/0/host
|
|
value: bakewise.ai
|
|
- op: add
|
|
path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-origin
|
|
value: "https://bakewise.ai,https://www.bakewise.ai,https://mail.bakewise.ai,https://registry.bakewise.ai,https://gitea.bakewise.ai"
|
|
- op: add
|
|
path: /metadata/annotations/nginx.ingress.kubernetes.io~1limit-rps
|
|
value: "100"
|
|
- op: add
|
|
path: /metadata/annotations/nginx.ingress.kubernetes.io~1limit-connections
|
|
value: "50"
|
|
- op: add
|
|
path: /metadata/annotations/cert-manager.io~1cluster-issuer
|
|
value: "letsencrypt-production"
|
|
- op: add
|
|
path: /metadata/annotations/cert-manager.io~1acme-challenge-type
|
|
value: "http01"
|
|
# NOTE: Gitea and Registry ingresses are managed by Gitea Helm chart
|
|
# See infrastructure/cicd/gitea/values-prod.yaml for production ingress configuration
|
|
# NOTE: mail.bakewise.ai is handled by separate mailu ingress |