academia/deploy/k3s/ingress.yaml

---
# Middleware para redirección HTTP → HTTPS
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: redirect-https
  namespace: student-enrollment
spec:
  redirectScheme:
    permanent: true
    scheme: https
---
# Middleware para security headers
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: security-headers
  namespace: student-enrollment
spec:
  headers:
    frameDeny: true
    contentTypeNosniff: true
    browserXssFilter: true
    referrerPolicy: "strict-origin-when-cross-origin"
    customResponseHeaders:
      X-Robots-Tag: "noindex, nofollow"
---
# IngressRoute HTTP - Redirección a HTTPS
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: academia-http-redirect
  namespace: student-enrollment
spec:
  entryPoints:
    - web
  routes:
    - kind: Rule
      match: Host(`academia.ingeniumcodex.com`)
      middlewares:
        - name: redirect-https
          namespace: student-enrollment
      services:
        - name: student-frontend
          port: 80
---
# IngressRoute HTTPS - Principal con TLS
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: academia-https
  namespace: student-enrollment
spec:
  entryPoints:
    - websecure
  routes:
    # API GraphQL
    - kind: Rule
      match: Host(`academia.ingeniumcodex.com`) && PathPrefix(`/graphql`)
      middlewares:
        - name: security-headers
          namespace: student-enrollment
      services:
        - name: student-api
          port: 5000
    # Health check
    - kind: Rule
      match: Host(`academia.ingeniumcodex.com`) && PathPrefix(`/health`)
      services:
        - name: student-api
          port: 5000
    # Frontend (catch-all)
    - kind: Rule
      match: Host(`academia.ingeniumcodex.com`)
      middlewares:
        - name: security-headers
          namespace: student-enrollment
      services:
        - name: student-frontend
          port: 80
  tls:
    certResolver: letsencrypt
feat(deploy): add Docker and Kubernetes deployment Docker: - Multi-stage Dockerfile for API (.NET 10) - Multi-stage Dockerfile for frontend (Angular + Nginx) - docker-compose.yml with resource optimization - Nginx reverse proxy configuration - Health checks for all services Kubernetes (k3s): - Namespace and ConfigMap - SQL Server StatefulSet with PVC - API Deployment with HPA - Frontend Deployment - Services and Ingress - Network policies for security - Secrets management Resource optimization: - SQL Server Express with 1GB RAM limit - API with 512MB limit - Frontend with 128MB limit 2026-01-08 04:00:41 +00:00			`---`
			`# Middleware para redirección HTTP → HTTPS`
			`apiVersion: traefik.io/v1alpha1`
			`kind: Middleware`
			`metadata:`
			`name: redirect-https`
			`namespace: student-enrollment`
			`spec:`
			`redirectScheme:`
			`permanent: true`
			`scheme: https`
			`---`
			`# Middleware para security headers`
			`apiVersion: traefik.io/v1alpha1`
			`kind: Middleware`
			`metadata:`
			`name: security-headers`
			`namespace: student-enrollment`
			`spec:`
			`headers:`
			`frameDeny: true`
			`contentTypeNosniff: true`
			`browserXssFilter: true`
			`referrerPolicy: "strict-origin-when-cross-origin"`
			`customResponseHeaders:`
			`X-Robots-Tag: "noindex, nofollow"`
			`---`
			`# IngressRoute HTTP - Redirección a HTTPS`
			`apiVersion: traefik.io/v1alpha1`
			`kind: IngressRoute`
			`metadata:`
			`name: academia-http-redirect`
			`namespace: student-enrollment`
			`spec:`
			`entryPoints:`
			`- web`
			`routes:`
			`- kind: Rule`
			match: Host(`academia.ingeniumcodex.com`)
			`middlewares:`
			`- name: redirect-https`
			`namespace: student-enrollment`
			`services:`
			`- name: student-frontend`
			`port: 80`
			`---`
			`# IngressRoute HTTPS - Principal con TLS`
			`apiVersion: traefik.io/v1alpha1`
			`kind: IngressRoute`
			`metadata:`
			`name: academia-https`
			`namespace: student-enrollment`
			`spec:`
			`entryPoints:`
			`- websecure`
			`routes:`
			`# API GraphQL`
			`- kind: Rule`
			match: Host(`academia.ingeniumcodex.com`) && PathPrefix(`/graphql`)
			`middlewares:`
			`- name: security-headers`
			`namespace: student-enrollment`
			`services:`
			`- name: student-api`
			`port: 5000`
			`# Health check`
			`- kind: Rule`
			match: Host(`academia.ingeniumcodex.com`) && PathPrefix(`/health`)
			`services:`
			`- name: student-api`
			`port: 5000`
			`# Frontend (catch-all)`
			`- kind: Rule`
			match: Host(`academia.ingeniumcodex.com`)
			`middlewares:`
			`- name: security-headers`
			`namespace: student-enrollment`
			`services:`
			`- name: student-frontend`
			`port: 80`
			`tls:`
			`certResolver: letsencrypt`