apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-python-ingress
  namespace: demo-space
  # ▼▼▼ 1. 新增：告诉 Cert-Manager 用哪个签发机构 (和之前 Registry 一样) ▼▼▼
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  # ▼▼▼ 2. 新增：开启 HTTPS 并指定证书存放的 Secret 名字 ▼▼▼
  tls:
  - hosts:
    - dev.u9.net3w.com
    secretName: my-python-tls-secret
  rules:
  - host: dev.u9.net3w.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-python-service
            port:
              number: 80