apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
    nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle"
    nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/"
    nginx.ingress.kubernetes.io/server-snippet: |
      location ~* /metrics {
        deny all;
        return 403;
      }
  name: site
  namespace: web
spec:
  tls:
  - hosts:
      - "*.pythondiscord.com"
    secretName: pythondiscord.com-tls
  rules:
  - host: www.pythondiscord.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: site
            port:
              number: 80