Keybard-Vagabond-Demo/manifests/applications/mastodon/ingress.yaml

---
# Main Mastodon Web Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: mastodon-web-ingress
  namespace: mastodon-application
  annotations:
    # Basic NGINX Configuration only - no cert-manager or external-dns
    kubernetes.io/ingress.class: nginx
    
    # Basic NGINX Configuration
    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    
    # ActivityPub rate limiting - compatible with Cloudflare tunnels
    # Uses real client IPs from CF-Connecting-IP header (configured in nginx ingress controller)  
    nginx.ingress.kubernetes.io/limit-rps: "30"
    nginx.ingress.kubernetes.io/limit-burst-multiplier: "5"
    
spec:
  ingressClassName: nginx
  tls: []
  rules:
  - host: mastodon.keyboardvagabond.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: mastodon-web
            port:
              number: 3000
---
# Separate Streaming Ingress with WebSocket support
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: mastodon-streaming-ingress
  namespace: mastodon-application
  annotations:
    # Basic NGINX Configuration only - no cert-manager or external-dns
    kubernetes.io/ingress.class: nginx
    
    # WebSocket timeout configuration for long-lived streaming connections  
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    
spec:
  ingressClassName: nginx
  tls: []
  rules:
  - host: streamingmastodon.keyboardvagabond.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: mastodon-streaming
            port:
              number: 4000