apiVersion: getambassador.io/v3alpha1
kind: Mapping
metadata:
  name: bootstrap-mapping
  labels:
    gateway.edge.ncr.com: store-host
    platform.edge.ncr.com/component: device-registrar
spec:
  service: device-registrar-svc.device-registrar
  hostname: edge-bootstrap.store.ncr.corp
  prefix: /bootstrap
  rewrite: /bootstrap
---
apiVersion: getambassador.io/v3alpha1
kind: Mapping
metadata:
  name: connect-mapping
  labels:
    gateway.edge.ncr.com: store-host
    platform.edge.ncr.com/component: device-registrar
spec:
  service: device-registrar-svc.device-registrar
  hostname: edge-bootstrap.store.ncr.corp
  prefix: /connect
  rewrite: /connect
---
apiVersion: getambassador.io/v3alpha1
kind: Mapping
metadata:
  name: discover-mapping
  labels:
    gateway.edge.ncr.com: store-host
    platform.edge.ncr.com/component: device-registrar
spec:
  service: device-registrar-svc.device-registrar
  hostname: edge.store.ncr.corp
  prefix: /discover
  add_request_headers:
    X-Client-DN:
      value: "%DOWNSTREAM_PEER_SUBJECT%"
  rewrite: /discover
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: device-registrar-ca
  namespace: emissary
  labels:
    platform.edge.ncr.com/component: device-registrar
spec:
  commonName: device-registrar-ca
  duration: 17520h0m0s
  isCA: true
  issuerRef:
    name: selfsigned-issuer
    kind: ClusterIssuer
    group: cert-manager.io
  privateKey:
    algorithm: ECDSA
    size: 256
  renewBefore: 4380h0m0s
  secretName: device-registrar-ca
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: device-registrar-ca-issuer
  namespace: emissary
  labels:
    platform.edge.ncr.com/component: device-registrar
spec:
  ca:
    secretName: device-registrar-ca
---
apiVersion: getambassador.io/v3alpha1
kind: TLSContext
metadata:
  name: device-registrar-tlscontext
  namespace: emissary
  labels:
    platform.edge.ncr.com/component: device-registrar
spec:
  alpn_protocols: h2
  ca_secret: device-registrar-ca
  cert_required: true
  hosts:
  - edge.store.ncr.corp
  min_tls_version: v1.3
  secret: emissary-server-cert
---
apiVersion: getambassador.io/v3alpha1
kind: Host
metadata:
  name: device-registrar-host
  namespace: emissary
  labels:
    platform.edge.ncr.com/component: device-registrar
spec:
  hostname: edge.store.ncr.corp
  acmeProvider:
    authority: none
  tlsContext:
    name: device-registrar-tlscontext
  tlsSecret:
    name: emissary-server-cert