# Simple hostname-based Ingress — no TLS (Cloudflare Flexible handles edge # TLS, CF→origin is plain HTTP on 80). Upgrade to Full (strict) by # adding back a `tls:` block with a Cloudflare Origin CA cert stored in # secret/cloudflare-origin-cert. # # Middleware chain (security headers, rate limit, CF-only allowlist, admin # basic auth) is defined in `middleware.yaml` but NOT attached here — # annotate this ingress to turn any of them on. apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: honeydue-api namespace: honeydue labels: app.kubernetes.io/part-of: honeydue spec: ingressClassName: traefik rules: - host: api.myhoneydue.com http: paths: - path: / pathType: Prefix backend: service: name: api port: number: 8000 # Root domain serves the marketing landing page from the Go API's # STATIC_DIR. ALLOWED_HOSTS in honeydue-config includes myhoneydue.com. - host: myhoneydue.com http: paths: - path: / pathType: Prefix backend: service: name: api port: number: 8000 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: honeydue-admin namespace: honeydue labels: app.kubernetes.io/part-of: honeydue spec: ingressClassName: traefik rules: - host: admin.myhoneydue.com http: paths: - path: / pathType: Prefix backend: service: name: admin port: number: 3000 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: honeydue-web namespace: honeydue labels: app.kubernetes.io/part-of: honeydue spec: ingressClassName: traefik rules: - host: app.myhoneydue.com http: paths: - path: / pathType: Prefix backend: service: name: web port: number: 3000