apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: bakery-ingress-prod labels: app.kubernetes.io/name: bakery-ia app.kubernetes.io/component: ingress annotations: # Nginx ingress controller annotations nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "10m" nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" # CORS configuration for production nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-origin: "https://bakewise.ai" nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS, PATCH" nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization, X-Requested-With, Accept, Origin" nginx.ingress.kubernetes.io/cors-allow-credentials: "true" # Security headers nginx.ingress.kubernetes.io/configuration-snippet: | more_set_headers "X-Frame-Options: DENY"; more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "X-XSS-Protection: 1; mode=block"; more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; # Rate limiting nginx.ingress.kubernetes.io/limit-rps: "100" nginx.ingress.kubernetes.io/limit-connections: "50" # Cert-manager annotations for automatic certificate issuance cert-manager.io/cluster-issuer: "letsencrypt-production" cert-manager.io/acme-challenge-type: http01 spec: ingressClassName: nginx tls: - hosts: - bakewise.ai secretName: bakery-ia-prod-tls-cert rules: - host: bakewise.ai http: paths: - path: / pathType: Prefix backend: service: name: frontend-service port: number: 3000 - path: /api/v1 pathType: Prefix backend: service: name: gateway-service port: number: 8000 # Note: SigNoz monitoring is deployed via Helm in the 'signoz' namespace # SigNoz creates its own Ingress via Helm chart configuration # Access at: https://monitoring.bakewise.ai (configured in signoz-values-prod.yaml)