From 3f50782f5865b205a770a5bda32b7b59171b275b Mon Sep 17 00:00:00 2001
From: Laur IVAN <laur.ivan@ec.europa.eu>
Date: Wed, 25 Feb 2026 15:55:45 +0100
Subject: [PATCH] chore: Add echo-internal.laurivan.com to make sure the
 internal sites are accessible.

---
 .../echo-internal/app/helmrelease.yaml        | 72 +++++++++++++++++++
 .../echo-internal/app/kustomization.yaml      |  5 ++
 kubernetes/apps/default/echo-internal/ks.yaml | 19 +++++
 kubernetes/apps/default/kustomization.yaml    |  1 +
 .../rook-ceph/cluster/helmrelease.yaml        |  2 +-
 .../rook-ceph/cluster/kustomization.yaml      |  2 +-
 6 files changed, 99 insertions(+), 2 deletions(-)
 create mode 100644 kubernetes/apps/default/echo-internal/app/helmrelease.yaml
 create mode 100644 kubernetes/apps/default/echo-internal/app/kustomization.yaml
 create mode 100644 kubernetes/apps/default/echo-internal/ks.yaml

diff --git a/kubernetes/apps/default/echo-internal/app/helmrelease.yaml b/kubernetes/apps/default/echo-internal/app/helmrelease.yaml
new file mode 100644
index 0000000..0726624
--- /dev/null
+++ b/kubernetes/apps/default/echo-internal/app/helmrelease.yaml
@@ -0,0 +1,72 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: echo-internal
+spec:
+  chartRef:
+    kind: OCIRepository
+    name: echo
+    namespace: default
+  interval: 1h
+  values:
+    controllers:
+      echo-internal:
+        strategy: RollingUpdate
+        containers:
+          app:
+            image:
+              repository: ghcr.io/mendhak/http-https-echo
+              tag: 39
+            env:
+              HTTP_PORT: &port 80
+              LOG_WITHOUT_NEWLINE: true
+              LOG_IGNORE_PATH: /healthz
+              PROMETHEUS_ENABLED: true
+            probes:
+              liveness: &probes
+                enabled: true
+                custom: true
+                spec:
+                  httpGet:
+                    path: /healthz
+                    port: *port
+                  initialDelaySeconds: 0
+                  periodSeconds: 10
+                  timeoutSeconds: 1
+                  failureThreshold: 3
+              readiness: *probes
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+            resources:
+              requests:
+                cpu: 10m
+              limits:
+                memory: 64Mi
+    defaultPodOptions:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+        runAsGroup: 65534
+    service:
+      app:
+        ports:
+          http:
+            port: *port
+    serviceMonitor:
+      app:
+        endpoints:
+          - port: http
+    route:
+      app:
+        hostnames: ["echo-internal.${SECRET_DOMAIN}"]
+        parentRefs:
+          - name: envoy-internal
+            namespace: network
+            sectionName: https
+        rules:
+          - backendRefs:
+              - identifier: app
+                port: *port
diff --git a/kubernetes/apps/default/echo-internal/app/kustomization.yaml b/kubernetes/apps/default/echo-internal/app/kustomization.yaml
new file mode 100644
index 0000000..5dd7bac
--- /dev/null
+++ b/kubernetes/apps/default/echo-internal/app/kustomization.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
diff --git a/kubernetes/apps/default/echo-internal/ks.yaml b/kubernetes/apps/default/echo-internal/ks.yaml
new file mode 100644
index 0000000..049d7c8
--- /dev/null
+++ b/kubernetes/apps/default/echo-internal/ks.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: echo-internal
+spec:
+  interval: 1h
+  path: ./kubernetes/apps/default/echo-internal/app
+  postBuild:
+    substituteFrom:
+      - name: cluster-secrets
+        kind: Secret
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  targetNamespace: default
+  wait: false
diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml
index d7271b1..aa7a323 100644
--- a/kubernetes/apps/default/kustomization.yaml
+++ b/kubernetes/apps/default/kustomization.yaml
@@ -9,3 +9,4 @@ components:
 resources:
   - ./namespace.yaml
   - ./echo/ks.yaml
+  - ./echo-internal/ks.yaml
diff --git a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml
index 9cae8b7..0f2b114 100644
--- a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml
+++ b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml
@@ -181,4 +181,4 @@ spec:
       name: csi-ceph-filesystem
       deletionPolicy: Delete
       isDefault: false
-    cephObjectStores: []
\ No newline at end of file
+    cephObjectStores: []
diff --git a/kubernetes/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml b/kubernetes/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml
index 4879312..97c6f5f 100644
--- a/kubernetes/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml
+++ b/kubernetes/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml
@@ -4,4 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./helmrelease.yaml
-  - ./ocirepository.yaml
\ No newline at end of file
+  - ./ocirepository.yaml