# TLS termination via cert-manager — same `letsencrypt-prod` ClusterIssuer
# as embertime/gitea. Traffic forwarded to jitsi-web on :80. JVB media
# (UDP 10000) goes around the ingress entirely (hostNetwork on the node).
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: jitsi
  namespace: jitsi
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - meet.it.financeflow.de
      secretName: jitsi-tls
  rules:
    - host: meet.it.financeflow.de
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: jitsi-web
                port:
                  number: 80