feat(ingress): add TLS configuration for staging hosts

Add TLS configuration for staging-shiny and staging-shiny-api hosts in the ingress resources. Create a new namespace for ingress-nginx to better organize resources. Update kustomization files to include new certificates and secrets. Streamline setup process with improved wait commands for pod readiness.
2025-12-10 08:16:27 +01:00
parent 7dd42187fe
commit 58b04fe47e
12 changed files with 68 additions and 24 deletions
@@ -0,0 +1,79 @@
+# Local development proxy configuration
+# Proxies traffic from KinD cluster to host machine for local development
+#
+# Add to /etc/hosts:
+#   192.168.228.2 staging-shiny.unbound.se staging-shiny-api.unbound.se
+#
+# Apply with: kubectl apply -f local-proxy.yaml
+# Delete with: kubectl delete -f local-proxy.yaml
+
+---
+# Frontend proxy (port 3300)
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend-external
+spec:
+  type: ExternalName
+  externalName: host.docker.internal
+  ports:
+    - port: 3300
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: frontend
+  annotations:
+    nginx.ingress.kubernetes.io/upstream-vhost: "localhost:3300"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - staging-shiny.unbound.se
+      secretName: self-signed-cert-tls
+  rules:
+    - host: staging-shiny.unbound.se
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: frontend-external
+                port:
+                  number: 3300
+---
+# API proxy (port 4444)
+apiVersion: v1
+kind: Service
+metadata:
+  name: api-external
+spec:
+  type: ExternalName
+  externalName: host.docker.internal
+  ports:
+    - port: 4444
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: api
+  annotations:
+    nginx.ingress.kubernetes.io/upstream-vhost: "localhost:4444"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - staging-shiny-api.unbound.se
+      secretName: self-signed-cert-tls
+  rules:
+    - host: staging-shiny-api.unbound.se
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: api-external
+                port:
+                  number: 4444