admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

deploy(ingress): drop obsolete scaffold ingress.yaml
Backend CI / Test (push) Has been cancelled
Details
Backend CI / Contract Tests (push) Has been cancelled
Details
Backend CI / Lint (push) Has been cancelled
Details
Backend CI / Secret Scanning (push) Has been cancelled
Details
Backend CI / Build (push) Has been cancelled
Details

Browse Source 
The directory had two ingress manifests that both define
honeydue-api and honeydue-admin:

  - ingress.yaml          (Mar 28, scaffold from `deploy-k3s/`
                           greenfield template)
  - ingress-simple.yaml   (Apr 24, corrected for our actual cluster
                           shape per MIGRATION_NOTES.md)

`kubectl apply -f manifests/ingress/` applies both, and ingress.yaml
happens to apply last alphabetically (`-` < `.` so `ingress-simple`
sorts before `ingress.yaml`), clobbering the corrected manifest.
That left the live cluster with two regressions:

  1. honeydue-admin had `admin-auth` Traefik middleware in its chain,
     referencing the `admin-basic-auth` secret. Per MIGRATION_NOTES
     basic auth is intentionally not applied on this cluster (admin
     uses in-app auth), so the secret was never created.  Traefik
     logs `secret 'honeydue/admin-basic-auth' not found` on every
     reconcile and refuses to materialize the admin router → 404.

  2. honeydue-api lost the apex `myhoneydue.com` rule that
     ingress-simple.yaml adds for the marketing landing page →
     apex 404.

`kubectl apply -f ingress-simple.yaml` against the live cluster
restored both routes (admin/apex back to 200). Removing the stale
file from the repo prevents the next deploy from regressing.

Refs: deploy-k3s/MIGRATION_NOTES.md ("Admin basic auth | Not applied
— in-app auth only").
This commit is contained in:
Trey t
2026-04-26 23:44:21 -05:00
parent 8d9ca2e6ed
commit 289a23f7e6
1 changed files with 0 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy-k3s/manifests/ingress/ingress.yaml
-54
View File
@@ -1,54 +0,0 @@
# API Ingress — Cloudflare-only + security headers + rate limiting
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: honeydue-api
namespace: honeydue
labels:
app.kubernetes.io/part-of: honeydue
annotations:
traefik.ingress.kubernetes.io/router.middlewares: honeydue-cloudflare-only@kubernetescrd,honeydue-security-headers@kubernetescrd,honeydue-rate-limit@kubernetescrd
spec:
tls:
- hosts:
- api.myhoneydue.com
secretName: cloudflare-origin-cert
rules:
- host: api.myhoneydue.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: api
port:
number: 8000
---
# Admin Ingress — Cloudflare-only + security headers + rate limiting + basic auth
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: honeydue-admin
namespace: honeydue
labels:
app.kubernetes.io/part-of: honeydue
annotations:
traefik.ingress.kubernetes.io/router.middlewares: honeydue-cloudflare-only@kubernetescrd,honeydue-security-headers@kubernetescrd,honeydue-rate-limit@kubernetescrd,honeydue-admin-auth@kubernetescrd
spec:
tls:
- hosts:
- admin.myhoneydue.com
secretName: cloudflare-origin-cert
rules:
- host: admin.myhoneydue.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: admin
port:
number: 3000