apiVersion: v1
kind: Service
metadata:
  name: vault
  namespace: external-services
spec:
  externalName: noctowl.cascade.strudelline.net
  type: ExternalName
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: vault
  namespace: external-services
  annotations:
    #haproxy-ingress.github.io/ssl-redirect: "true"
    #haproxy-ingress.github.io/backend-protocol: "h1-ssl"
    ingress.kubernetes.io/config-backend: |
      http-request set-header X-Real-IP %[src]
spec:
  ingressClassName: haproxy
  rules:
  - host: vault.strudelline.net
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: vault
            port:
              number: 5005
  tls:
  - hosts:
    - vault.strudelline.net
    secretName: wildcard-tls