bakery-ia/infrastructure/kubernetes/overlays/prod/prod-ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: bakery-ingress-prod
  labels:
    app.kubernetes.io/name: bakery-ia
    app.kubernetes.io/component: ingress
  annotations:
    # Nginx ingress controller annotations
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "10m"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"

    # CORS configuration for production
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-origin: "https://bakewise.ai"
    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS, PATCH"
    nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization, X-Requested-With, Accept, Origin"
    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"

    # Security headers
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "X-Frame-Options: DENY";
      more_set_headers "X-Content-Type-Options: nosniff";
      more_set_headers "X-XSS-Protection: 1; mode=block";
      more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";

    # Rate limiting
    nginx.ingress.kubernetes.io/limit-rps: "100"
    nginx.ingress.kubernetes.io/limit-connections: "50"

    # Cert-manager annotations for automatic certificate issuance
    cert-manager.io/cluster-issuer: "letsencrypt-production"
    cert-manager.io/acme-challenge-type: http01

spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - bakewise.ai
    secretName: bakery-ia-prod-tls-cert
  rules:
  - host: bakewise.ai
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: frontend-service
            port:
              number: 3000
      - path: /api/v1
        pathType: Prefix
        backend:
          service:
            name: gateway-service
            port:
              number: 8000
  # Note: SigNoz monitoring is deployed via Helm in the 'signoz' namespace
  # SigNoz creates its own Ingress via Helm chart configuration
  # Access at: https://monitoring.bakewise.ai (configured in signoz-values-prod.yaml)
Fix issues 2025-10-01 16:25:53 +02:00			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: bakery-ingress-prod`
			`labels:`
			`app.kubernetes.io/name: bakery-ia`
			`app.kubernetes.io/component: ingress`
			`annotations:`
			`# Nginx ingress controller annotations`
			`nginx.ingress.kubernetes.io/ssl-redirect: "true"`
			`nginx.ingress.kubernetes.io/force-ssl-redirect: "true"`
			`nginx.ingress.kubernetes.io/proxy-body-size: "10m"`
			`nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"`
			`nginx.ingress.kubernetes.io/proxy-send-timeout: "600"`
			`nginx.ingress.kubernetes.io/proxy-read-timeout: "600"`

			`# CORS configuration for production`
			`nginx.ingress.kubernetes.io/enable-cors: "true"`
Add signoz 2026-01-08 12:58:00 +01:00			`nginx.ingress.kubernetes.io/cors-allow-origin: "https://bakewise.ai"`
Fix issues 2025-10-01 16:25:53 +02:00			`nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS, PATCH"`
			`nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization, X-Requested-With, Accept, Origin"`
			`nginx.ingress.kubernetes.io/cors-allow-credentials: "true"`

			`# Security headers`
			`nginx.ingress.kubernetes.io/configuration-snippet: \|`
			`more_set_headers "X-Frame-Options: DENY";`
			`more_set_headers "X-Content-Type-Options: nosniff";`
			`more_set_headers "X-XSS-Protection: 1; mode=block";`
			`more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";`

			`# Rate limiting`
			`nginx.ingress.kubernetes.io/limit-rps: "100"`
			`nginx.ingress.kubernetes.io/limit-connections: "50"`

			`# Cert-manager annotations for automatic certificate issuance`
			`cert-manager.io/cluster-issuer: "letsencrypt-production"`
			`cert-manager.io/acme-challenge-type: http01`

			`spec:`
			`ingressClassName: nginx`
			`tls:`
			`- hosts:`
Add signoz 2026-01-08 12:58:00 +01:00			`- bakewise.ai`
Fix issues 2025-10-01 16:25:53 +02:00			`secretName: bakery-ia-prod-tls-cert`
			`rules:`
Add signoz 2026-01-08 12:58:00 +01:00			`- host: bakewise.ai`
Fix issues 2025-10-01 16:25:53 +02:00			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: frontend-service`
			`port:`
			`number: 3000`
Add signoz 2026-01-08 12:58:00 +01:00			`- path: /api/v1`
Fix issues 2025-10-01 16:25:53 +02:00			`pathType: Prefix`
			`backend:`
			`service:`
			`name: gateway-service`
			`port:`
			`number: 8000`
Update monitoring packages to latest versions - Updated all OpenTelemetry packages to latest versions: - opentelemetry-api: 1.27.0 → 1.39.1 - opentelemetry-sdk: 1.27.0 → 1.39.1 - opentelemetry-exporter-otlp-proto-grpc: 1.27.0 → 1.39.1 - opentelemetry-exporter-otlp-proto-http: 1.27.0 → 1.39.1 - opentelemetry-instrumentation-fastapi: 0.48b0 → 0.60b1 - opentelemetry-instrumentation-httpx: 0.48b0 → 0.60b1 - opentelemetry-instrumentation-redis: 0.48b0 → 0.60b1 - opentelemetry-instrumentation-sqlalchemy: 0.48b0 → 0.60b1 - Removed prometheus-client==0.23.1 from all services - Unified all services to use the same monitoring package versions Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai> 2026-01-08 19:25:52 +01:00			`# Note: SigNoz monitoring is deployed via Helm in the 'signoz' namespace`
			`# SigNoz creates its own Ingress via Helm chart configuration`
			`# Access at: https://monitoring.bakewise.ai (configured in signoz-values-prod.yaml)`