bug: fix backend api ingress config

src/deployment/kubernetes/consolidated-ingress.yaml

+# ------------------------------------------------------------
+# 1. Everything except /api/v2/**
+# ------------------------------------------------------------
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -10,7 +13,7 @@ metadata:
     nginx.ingress.kubernetes.io/proxy-buffers-size: "256k"
     nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k"
     nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "300" 
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
     nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
     nginx.ingress.kubernetes.io/enable-cors: "true"
     nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, OPTIONS, PUT, DELETE"
@@ -20,32 +23,22 @@ metadata:
 spec:
   ingressClassName: nginx
   tls:
-    - hosts:
-      - dev02.ki-lab.nrw 
+    - hosts: [dev02.ki-lab.nrw]
       secretName: ingress-cert
   rules:
     - host: dev02.ki-lab.nrw
       http:
         paths:
-          # New UI API path
-          - path: "/api/v2"
-            pathType: Prefix
-            backend:
-              service:
-                name: portal-be-service
-                port: 
-                  number: 8083
-          
-          # Old UI API path - goes to frontend
+          # OLD-UI gateway (Zuul)
           - path: "/api"
             pathType: Prefix
             backend:
               service:
                 name: portal-fe-service
-                port: 
+                port:
                   number: 8085
-                  
-          # Public endpoints
+
+          # Public endpoints served directly by portal-be
           - path: "/public"
             pathType: Prefix
             backend:
@@ -67,8 +60,8 @@ spec:
                 name: portal-be-service
                 port:
                   number: 8083
-                  
-          # New Angular UI
+
+          # NEW Angular 17 front-end (static assets)
           - path: "/v2"
             pathType: Prefix
             backend:
@@ -76,12 +69,41 @@ spec:
                 name: angular-frontend-service
                 port:
                   number: 80
-                  
-          # Root path (for static assets and old UI)
+
+          # Root path – legacy AngularJS UI
           - path: "/"
             pathType: Prefix
             backend:
               service:
                 name: portal-fe-service
                 port:
-                  number: 8085
+                  number: 8085
\ No newline at end of file
+---
+# ------------------------------------------------------------
+# 2. Regex rule for /api/v2/**   →   /**   (strips the prefix)
+# ------------------------------------------------------------
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: api-v2-ingress
+  namespace: graphene
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts: [dev02.ki-lab.nrw]
+      secretName: ingress-cert
+  rules:
+    - host: dev02.ki-lab.nrw
+      http:
+        paths:
+          - path: /api/v2(/|$)(.*)
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: portal-be-service
+                port:
+                  number: 8083

src/deployment/kubernetes/dsce-double-prefix.yaml → src/deployment/kubernetes/dsce-ingress.yaml

 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: dsce-double-prefix
+  name: dsce-ingress
   namespace: graphene
   annotations:
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
     kubernetes.io/ingress.class: nginx
     nginx.ingress.kubernetes.io/use-regex: "true"
     nginx.ingress.kubernetes.io/rewrite-target: /dsce$1
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
-    nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
 spec:
   ingressClassName: nginx
+  tls:
+    - hosts: [dev02.ki-lab.nrw]
+      secretName: ingress-cert
   rules:
     - host: dev02.ki-lab.nrw
       http:
         paths:
-          # /dsce/dsce/<anything>  →  /dsce/<anything>
+          # old UI calls  /dsce/dsce/…
           - path: /dsce/dsce(/.*)
             pathType: ImplementationSpecific
+            backend:
+              service:
+                name: dsce-service
+                port:
+                  number: 8088
+          # future UI (or API) can use the cleaner single prefix /dsce/…
+          - path: /dsce/
+            pathType: Prefix
             backend:
               service:
                 name: dsce-service

src/deployment/kubernetes/dsce-prefix.yaml

-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: dsce-prefix
-  namespace: graphene
-  annotations:
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
-    nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
-spec:
-  ingressClassName: nginx
-  rules:
-    - host: dev02.ki-lab.nrw
-      http:
-        paths:
-          - path: /dsce/
-            pathType: Prefix
-            backend:
-              service:
-                name: dsce-service
-                port:
-                  number: 8088
\ No newline at end of file

src/deployment/kubernetes/setup_ingress.sh

+#!/bin/bash
+# ===============LICENSE_START=======================================================
+# Graphene Apache-2.0
+# ===================================================================================
+# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# ===================================================================================
+# This Graphene software file is distributed by AT&T
+# under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# This file is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ===============LICENSE_END=========================================================
+#
+# What this is: script to setup an Nginx-based ingress controller and related
+# ingress rules for the Graphene platform, as deployed under kubernetes. See
+# https://github.com/helm/charts/tree/master/stable/nginx-ingress for more
+# info.
+#
+# Prerequisites:
+# - Graphene core components through oneclick_deploy.sh
+#
+# Usage:
+# For k8s-based deployment, run this script on the AIO host or a workstation
+# connected to the k8s cluster via kubectl (e.g. via tools/setup_kubectl.sh)
+# $ bash setup_ingress.sh
+#
+# Openshift
+# oc login -u system:admin
+# oc project default
+# oc get -o yaml service/router dc/router clusterrolebinding/router-router-role serviceaccount/router > default-router-backup.yam
+# git clone https://github.com/nginxinc/nginx-openshift-router
+# cd nginx-openshift-router/src/nginx
+# docker build -t nginx-openshift-router:0.2 .
+# cd ~
+# oc delete -f default-router-backup.yaml
+# oc adm router router --images=nginx-openshift-router:0.2 --type=''
+
+function clean_ingress() {
+  trap 'fail' ERR
+  apps="cds kubernetes-client onboarding license-profile-editor playground-deployer federation dsce consolidated api-v2"
+  for app in $apps; do
+    if [[ $(kubectl get ingress -n $GRAPHENE_NAMESPACE $app-ingress) ]]; then
+      kubectl delete ingress -n $GRAPHENE_NAMESPACE $app-ingress
+      log "Ingress $app-ingress deleted"
+    fi
+  done
+}
+
+function setup_ingress() {
+  trap 'fail' ERR
+  log "Create ingress resources for services"
+  if [[ ! -d deploy ]]; then mkdir deploy; fi
+  cp templates/* deploy/.
+  replace_env deploy
+  ings=$(ls deploy)
+  for ing in $ings; do
+    kubectl create -f deploy/$ing
+  done
+}
+
+set -x
+trap 'fail' ERR
+WORK_DIR=$(pwd)
+cd $(dirname "$0")
+if [[ -z "$AIO_ROOT" ]]; then export AIO_ROOT="$(cd ..; pwd -P)"; fi
+source $AIO_ROOT/utils.sh
+source $AIO_ROOT/graphene_env.sh
+clean_ingress
+setup_ingress
+cd $WORK_DIR