honeyDueAPI/deploy-k3s/manifests/ingress/ingress-simple.yaml

# Simple hostname-based Ingress — no TLS (Cloudflare Flexible handles edge
# TLS, CF→origin is plain HTTP on 80). Upgrade to Full (strict) by
# adding back a `tls:` block with a Cloudflare Origin CA cert stored in
# secret/cloudflare-origin-cert.
#
# Middleware chain (security headers, rate limit, CF-only allowlist, admin
# basic auth) is defined in `middleware.yaml` but NOT attached here —
# annotate this ingress to turn any of them on.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: honeydue-api
  namespace: honeydue
  labels:
    app.kubernetes.io/part-of: honeydue
spec:
  ingressClassName: traefik
  rules:
    - host: api.myhoneydue.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: api
                port:
                  number: 8000
    # Root domain serves the marketing landing page from the Go API's
    # STATIC_DIR. ALLOWED_HOSTS in honeydue-config includes myhoneydue.com.
    - host: myhoneydue.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: api
                port:
                  number: 8000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: honeydue-admin
  namespace: honeydue
  labels:
    app.kubernetes.io/part-of: honeydue
spec:
  ingressClassName: traefik
  rules:
    - host: admin.myhoneydue.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: admin
                port:
                  number: 3000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: honeydue-web
  namespace: honeydue
  labels:
    app.kubernetes.io/part-of: honeydue
spec:
  ingressClassName: traefik
  rules:
    - host: app.myhoneydue.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: web
                port:
                  number: 3000