rckrdmrd
ea1879f4ad
- Configure workspace Git repository with comprehensive .gitignore - Add Odoo as submodule for ERP reference code - Include documentation: SETUP.md, GIT-STRUCTURE.md - Add gitignore templates for projects (backend, frontend, database) - Structure supports independent repos per project/subproject level Workspace includes: - core/ - Reusable patterns, modules, orchestration system - projects/ - Active projects (erp-suite, gamilit, trading-platform, etc.) - knowledge-base/ - Reference code and patterns (includes Odoo submodule) - devtools/ - Development tools and templates - customers/ - Client implementations template 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
90 lines
2.9 KiB
YAML
90 lines
2.9 KiB
YAML
# =============================================================================
|
|
# GAMILIT Backend - Ingress
|
|
# =============================================================================
|
|
# Purpose: Exposes backend API to the internet via HTTPS
|
|
# Domain: api.gamilit.com
|
|
# TLS: Enabled with Let's Encrypt
|
|
# Annotations: nginx ingress controller
|
|
# =============================================================================
|
|
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: gamilit-backend-ingress
|
|
namespace: gamilit-production
|
|
labels:
|
|
app: gamilit
|
|
component: backend
|
|
annotations:
|
|
# Ingress controller
|
|
kubernetes.io/ingress.class: "nginx"
|
|
|
|
# TLS/SSL
|
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
|
|
# CORS
|
|
nginx.ingress.kubernetes.io/enable-cors: "true"
|
|
nginx.ingress.kubernetes.io/cors-allow-origin: "https://gamilit.com,https://www.gamilit.com"
|
|
nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, PATCH, OPTIONS"
|
|
nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization"
|
|
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
|
|
|
|
# Rate limiting
|
|
nginx.ingress.kubernetes.io/limit-rps: "100"
|
|
nginx.ingress.kubernetes.io/limit-connections: "50"
|
|
|
|
# Timeouts
|
|
nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
|
|
nginx.ingress.kubernetes.io/proxy-send-timeout: "60"
|
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "60"
|
|
|
|
# Request size
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "10m"
|
|
|
|
# Security headers
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
more_set_headers "X-Frame-Options: SAMEORIGIN";
|
|
more_set_headers "X-Content-Type-Options: nosniff";
|
|
more_set_headers "X-XSS-Protection: 1; mode=block";
|
|
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
|
|
more_set_headers "Permissions-Policy: geolocation=(), microphone=(), camera=()";
|
|
|
|
spec:
|
|
tls:
|
|
- hosts:
|
|
- api.gamilit.com
|
|
secretName: gamilit-backend-tls
|
|
|
|
rules:
|
|
- host: api.gamilit.com
|
|
http:
|
|
paths:
|
|
# API routes
|
|
- path: /api
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: gamilit-backend
|
|
port:
|
|
number: 3006
|
|
|
|
# Health check
|
|
- path: /health
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: gamilit-backend
|
|
port:
|
|
number: 3006
|
|
|
|
# Metrics (optional, restrict access)
|
|
- path: /metrics
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: gamilit-backend
|
|
port:
|
|
number: 9090
|