redaction (#1)

Add the redacted source file for demo purposes

Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1
Co-authored-by: Michael DiLeo <michael_dileo@proton.me>
Co-committed-by: Michael DiLeo <michael_dileo@proton.me>

manifests/applications/bookwyrm/ingress.yaml

@@ -0,0 +1,39 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: bookwyrm-ingress
+  namespace: bookwyrm-application
+  labels:
+    app: bookwyrm
+  annotations:
+    # NGINX Ingress Configuration - Zero Trust Mode
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
+    nginx.ingress.kubernetes.io/client-max-body-size: "50m"
+    # BookWyrm specific optimizations
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
+    nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization"
+    
+    # ActivityPub federation rate limiting - Light federation traffic for book reviews/reading
+    # Uses real client IPs from CF-Connecting-IP header (configured in nginx ingress controller)
+    nginx.ingress.kubernetes.io/limit-rps: "10"
+    nginx.ingress.kubernetes.io/limit-burst-multiplier: "5"  # 50 burst capacity (10*5) for federation bursts
+spec:
+  ingressClassName: nginx
+  tls: []  # Empty - TLS handled by Cloudflare Zero Trust
+  rules:
+  - host: bookwyrm.keyboardvagabond.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: bookwyrm-web
+            port:
+              number: 80