improvement(helm): follow ingress best practices

waleedlatif1 · waleedlatif1 · commit 285a4c4bebb4 · 2026-01-23T18:37:59.000-08:00
- Remove orphan comments that appeared when services were disabled
- Add documentation about path ordering requirements
- Paths rendered in order: realtime, copilot, app (specific before catch-all)
- Clean template output matching industry Helm chart standards
diff --git a/helm/sim/templates/ingress-internal.yaml b/helm/sim/templates/ingress-internal.yaml
@@ -29,7 +29,6 @@ spec:
       secretName: {{ .Values.ingressInternal.tls.secretName }}
   {{- end }}
   rules:
-    # Main application
     - host: {{ .Values.ingressInternal.app.host | quote }}
       http:
         paths:
@@ -64,8 +63,6 @@ spec:
                 port:
                   number: {{ $.Values.app.service.port }}
           {{- end }}
-
-    # Realtime service
     {{- if and .Values.realtime.enabled (ne .Values.ingressInternal.realtime.host .Values.ingressInternal.app.host) }}
     - host: {{ .Values.ingressInternal.realtime.host | quote }}
       http:
@@ -79,7 +76,7 @@ spec:
                 port:
                   number: {{ $.Values.realtime.service.port }}
           {{- end }}
-          {{- if and .Values.copilot.enabled .Values.ingressInternal.copilot (eq .Values.ingressInternal.copilot.host .Values.ingressInternal.realtime.host) (ne .Values.ingressInternal.copilot.host .Values.ingressInternal.app.host) }}
+          {{- if and .Values.copilot.enabled .Values.ingressInternal.copilot (eq .Values.ingressInternal.copilot.host .Values.ingressInternal.realtime.host) }}
           {{- range .Values.ingressInternal.copilot.paths }}
           - path: {{ .path }}
             pathType: {{ .pathType }}
@@ -91,8 +88,6 @@ spec:
           {{- end }}
           {{- end }}
     {{- end }}
-
-    # Copilot service
     {{- if and .Values.copilot.enabled .Values.ingressInternal.copilot (and (ne .Values.ingressInternal.copilot.host .Values.ingressInternal.app.host) (ne .Values.ingressInternal.copilot.host .Values.ingressInternal.realtime.host)) }}
     - host: {{ .Values.ingressInternal.copilot.host | quote }}
       http:
diff --git a/helm/sim/templates/ingress.yaml b/helm/sim/templates/ingress.yaml
@@ -29,7 +29,6 @@ spec:
       secretName: {{ .Values.ingress.tls.secretName }}
   {{- end }}
   rules:
-    # Main application
     - host: {{ .Values.ingress.app.host | quote }}
       http:
         paths:
@@ -64,8 +63,6 @@ spec:
                 port:
                   number: {{ $.Values.app.service.port }}
           {{- end }}
-
-    # Realtime service
     {{- if and .Values.realtime.enabled (ne .Values.ingress.realtime.host .Values.ingress.app.host) }}
     - host: {{ .Values.ingress.realtime.host | quote }}
       http:
@@ -79,7 +76,7 @@ spec:
                 port:
                   number: {{ $.Values.realtime.service.port }}
           {{- end }}
-          {{- if and .Values.copilot.enabled .Values.ingress.copilot (eq .Values.ingress.copilot.host .Values.ingress.realtime.host) (ne .Values.ingress.copilot.host .Values.ingress.app.host) }}
+          {{- if and .Values.copilot.enabled .Values.ingress.copilot (eq .Values.ingress.copilot.host .Values.ingress.realtime.host) }}
           {{- range .Values.ingress.copilot.paths }}
           - path: {{ .path }}
             pathType: {{ .pathType }}
@@ -91,8 +88,6 @@ spec:
           {{- end }}
           {{- end }}
     {{- end }}
-
-    # Copilot service
     {{- if and .Values.copilot.enabled .Values.ingress.copilot (and (ne .Values.ingress.copilot.host .Values.ingress.app.host) (ne .Values.ingress.copilot.host .Values.ingress.realtime.host)) }}
     - host: {{ .Values.ingress.copilot.host | quote }}
       http:
diff --git a/helm/sim/values.yaml b/helm/sim/values.yaml
@@ -552,64 +552,66 @@ ollama:
   extraVolumeMounts: []
 
 # Ingress configuration
+# When services share the same host, paths are consolidated into a single rule.
+# Path order: realtime paths, copilot paths, then app paths (most specific first).
+# Ensure specific paths (e.g., /socket.io, /copilot) come before catch-all paths (/).
 ingress:
-  # Enable/disable ingress
   enabled: false
-  
-  # Ingress class name
   className: nginx
-  
-  # Annotations
+
   annotations:
     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-  
-  # Main application host configuration
+
+  # Main application (use / as catch-all)
   app:
     host: sim.local
     paths:
       - path: /
         pathType: Prefix
-  
-  # Realtime service host configuration
+
+  # Realtime service (use /socket.io when sharing host with app)
   realtime:
     host: sim-ws.local
     paths:
       - path: /
         pathType: Prefix
-  
-  # TLS configuration
+
+  # Copilot service (optional, use /copilot when sharing host)
+  # copilot:
+  #   host: sim.local
+  #   paths:
+  #     - path: /copilot
+  #       pathType: Prefix
+
   tls:
     enabled: false
     secretName: sim-tls-secret
 
 # Internal Ingress configuration
+# Same path ordering rules apply as above.
 ingressInternal:
   enabled: false
   className: nginx
   annotations: {}
 
-  # Main application
   app:
     host: sim-internal.local
     paths:
       - path: /
         pathType: Prefix
 
-  # Realtime service
   realtime:
     host: sim-internal.local
     paths:
       - path: /socket.io
         pathType: Prefix
 
-  # Copilot service (optional)
   # copilot:
   #   host: sim-internal.local
   #   paths:
   #     - path: /copilot
   #       pathType: Prefix
 
-  # TLS configuration
   tls:
     enabled: false
     secretName: sim-internal-tls-secret
