From 539483b4b522212cf680028efe5890d925924b46 Mon Sep 17 00:00:00 2001
From: Claude AI <claude@thedevops.dev>
Date: Wed, 4 Mar 2026 18:41:08 +0000
Subject: [PATCH 1/6] feat: canary ExternalName proxy service (namespace
 bridge)

---
 apps/nginx-weighted/canary-proxy-svc.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 apps/nginx-weighted/canary-proxy-svc.yaml

diff --git a/apps/nginx-weighted/canary-proxy-svc.yaml b/apps/nginx-weighted/canary-proxy-svc.yaml
new file mode 100644
index 0000000..1afe9ee
--- /dev/null
+++ b/apps/nginx-weighted/canary-proxy-svc.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-canary-proxy
+  namespace: nginx-mcp
+  labels:
+    app: nginx-canary-proxy
+  annotations:
+    description: >
+      ExternalName proxy required because Traefik v3 does not allow
+      cross-namespace service references inside TraefikService weighted config.
+      This service bridges nginx-mcp namespace → nginx-canary namespace.
+spec:
+  type: ExternalName
+  externalName: nginx-canary.nginx-canary.svc.cluster.local
+  ports:
+    - port: 80
+      targetPort: 80

From 9447fe8b014be85b58a5b54822ff91f59f4b3c09 Mon Sep 17 00:00:00 2001
From: Claude AI <claude@thedevops.dev>
Date: Wed, 4 Mar 2026 18:41:15 +0000
Subject: [PATCH 2/6] feat: TraefikService weighted routing 90/10 stable/canary

---
 apps/nginx-weighted/traefikservice.yaml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 apps/nginx-weighted/traefikservice.yaml

diff --git a/apps/nginx-weighted/traefikservice.yaml b/apps/nginx-weighted/traefikservice.yaml
new file mode 100644
index 0000000..912f3fe
--- /dev/null
+++ b/apps/nginx-weighted/traefikservice.yaml
@@ -0,0 +1,25 @@
+---
+# TraefikService — weighted load balancer between stable and canary.
+# THIS IS THE ONLY FILE YOU NEED TO EDIT to shift traffic weights.
+#
+# Weight scenarios:
+#   Initial canary test    → stable: 90  canary: 10
+#   Extended testing       → stable: 50  canary: 50
+#   Full promote to canary → stable:  0  canary: 100
+#   Emergency rollback     → stable: 100 canary:  0
+apiVersion: traefik.io/v1alpha1
+kind: TraefikService
+metadata:
+  name: nginx-weighted
+  namespace: nginx-mcp
+spec:
+  weighted:
+    services:
+      - name: nginx-mcp
+        namespace: nginx-mcp
+        port: 80
+        weight: 90
+      - name: nginx-canary-proxy
+        namespace: nginx-mcp
+        port: 80
+        weight: 10

From ebef2bf36ef9f96c8940cbc34a4cd69196268cc2 Mon Sep 17 00:00:00 2001
From: Claude AI <claude@thedevops.dev>
Date: Wed, 4 Mar 2026 18:41:21 +0000
Subject: [PATCH 3/6] feat: cert-manager Certificate for nginx.thedevops.dev

---
 apps/nginx-weighted/certificate.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 apps/nginx-weighted/certificate.yaml

diff --git a/apps/nginx-weighted/certificate.yaml b/apps/nginx-weighted/certificate.yaml
new file mode 100644
index 0000000..1c2ccf9
--- /dev/null
+++ b/apps/nginx-weighted/certificate.yaml
@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nginx-weighted-tls
+  namespace: nginx-mcp
+spec:
+  secretName: nginx-weighted-tls
+  issuerRef:
+    name: letsencrypt-http
+    kind: ClusterIssuer
+  dnsNames:
+    - nginx.thedevops.dev

From d906dd2d258b27f91649fc7558ba613621af3a2d Mon Sep 17 00:00:00 2001
From: Claude AI <claude@thedevops.dev>
Date: Wed, 4 Mar 2026 18:41:26 +0000
Subject: [PATCH 4/6] =?UTF-8?q?feat:=20Traefik=20Middleware=20HTTP?=
 =?UTF-8?q?=E2=86=92HTTPS=20permanent=20redirect?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/nginx-weighted/middleware.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 apps/nginx-weighted/middleware.yaml

diff --git a/apps/nginx-weighted/middleware.yaml b/apps/nginx-weighted/middleware.yaml
new file mode 100644
index 0000000..554375c
--- /dev/null
+++ b/apps/nginx-weighted/middleware.yaml
@@ -0,0 +1,9 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: redirect-https
+  namespace: nginx-mcp
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true

From e9823e56ad1a634c554068ec24b5ec71ac8093c7 Mon Sep 17 00:00:00 2001
From: Claude AI <claude@thedevops.dev>
Date: Wed, 4 Mar 2026 18:41:33 +0000
Subject: [PATCH 5/6] =?UTF-8?q?feat:=20IngressRoutes=20=E2=80=94=20websecu?=
 =?UTF-8?q?re=20(weighted)=20+=20web=20(redirect)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/nginx-weighted/ingressroute.yaml | 38 +++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 apps/nginx-weighted/ingressroute.yaml

diff --git a/apps/nginx-weighted/ingressroute.yaml b/apps/nginx-weighted/ingressroute.yaml
new file mode 100644
index 0000000..5e2c31f
--- /dev/null
+++ b/apps/nginx-weighted/ingressroute.yaml
@@ -0,0 +1,38 @@
+---
+# HTTPS entrypoint — routes nginx.thedevops.dev through weighted TraefikService
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx-weighted
+  namespace: nginx-mcp
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`nginx.thedevops.dev`)
+      kind: Rule
+      services:
+        - name: nginx-weighted
+          namespace: nginx-mcp
+          kind: TraefikService
+  tls:
+    secretName: nginx-weighted-tls
+---
+# HTTP entrypoint — redirects all HTTP traffic to HTTPS via middleware
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx-weighted-http
+  namespace: nginx-mcp
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`nginx.thedevops.dev`)
+      kind: Rule
+      middlewares:
+        - name: redirect-https
+          namespace: nginx-mcp
+      services:
+        - name: nginx-mcp
+          port: 80

From cdb736d5b20e86fdc02275748d22ea893d3981a4 Mon Sep 17 00:00:00 2001
From: Claude AI <claude@thedevops.dev>
Date: Wed, 4 Mar 2026 18:41:39 +0000
Subject: [PATCH 6/6] =?UTF-8?q?feat:=20nginx-weighted=20ArgoCD=20applicati?=
 =?UTF-8?q?on=20=E2=80=94=20destination=20nginx-mcp=20namespace?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/nginx-weighted/application.yaml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 apps/nginx-weighted/application.yaml

diff --git a/apps/nginx-weighted/application.yaml b/apps/nginx-weighted/application.yaml
new file mode 100644
index 0000000..84bfcbb
--- /dev/null
+++ b/apps/nginx-weighted/application.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: nginx-weighted
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k3s-gitops
+    path: apps/nginx-weighted
+    targetRevision: HEAD
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: nginx-mcp
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true