# =============================================================================
# GAMILIT Frontend - Ingress
# =============================================================================

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gamilit-frontend-ingress
  namespace: gamilit-production
  labels:
    app: gamilit
    component: frontend
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"

    # Security headers
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "X-Frame-Options: SAMEORIGIN";
      more_set_headers "X-Content-Type-Options: nosniff";
      more_set_headers "X-XSS-Protection: 1; mode=block";
      more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains";

    # Caching for static assets
    nginx.ingress.kubernetes.io/server-snippet: |
      location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
      }

spec:
  tls:
    - hosts:
        - gamilit.com
        - www.gamilit.com
      secretName: gamilit-frontend-tls

  rules:
    - host: gamilit.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: gamilit-frontend
                port:
                  number: 80

    - host: www.gamilit.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: gamilit-frontend
                port:
                  number: 80