From 205baa7e018ff50ad2c56972738b3f0c11293dec Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <wolfgang.hottgenroth@icloud.com>
Date: Sat, 29 Nov 2025 22:19:12 +0100
Subject: [PATCH] mtls fix 3

---
 .woodpecker/predeploy.yml      | 2 +-
 deployment/api-deployment.yaml | 4 ++--
 deployment/mtls-config.yaml    | 3 +++
 deployment/ui-deployment.yaml  | 4 ++--
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/.woodpecker/predeploy.yml b/.woodpecker/predeploy.yml
index b43af7e..34786fe 100644
--- a/.woodpecker/predeploy.yml
+++ b/.woodpecker/predeploy.yml
@@ -33,7 +33,7 @@ steps:
         --namespace=$NAMESPACE 
         --dry-run=client -o yaml | kubectl apply -f - 
       - kubectl apply -f deployment/configmap.yaml -n $NAMESPACE
-      - kubectl apply -f deployment/mtls-config.yaml -n $NAMESPACE
+      - kubectl apply -f deployment/mtls-config.yaml # NO NAMESPACE HERE
     when:
       event: [tag]
 
diff --git a/deployment/api-deployment.yaml b/deployment/api-deployment.yaml
index 73f4d45..1536303 100644
--- a/deployment/api-deployment.yaml
+++ b/deployment/api-deployment.yaml
@@ -107,8 +107,8 @@ metadata:
   name: api-ingress
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-production-http
-    traefik.ingress.kubernetes.io/router.middlewares: homea2-mtls-auth@kubernetescrd,homea2-security-headers@kubernetescrd
-    traefik.ingress.kubernetes.io/router.tls.options: homea2-mtls@kubernetescrd
+    traefik.ingress.kubernetes.io/router.middlewares: default-mtls-auth@kubernetescrd,default-security-headers@kubernetescrd
+    traefik.ingress.kubernetes.io/router.tls.options: default-homea2-mtls@kubernetescrd
 spec:
   tls:
     - hosts:
diff --git a/deployment/mtls-config.yaml b/deployment/mtls-config.yaml
index bf66781..4193f66 100644
--- a/deployment/mtls-config.yaml
+++ b/deployment/mtls-config.yaml
@@ -2,6 +2,7 @@ apiVersion: traefik.containo.us/v1alpha1
 kind: TLSOption
 metadata:
   name: homea2-mtls
+  namespace: default
 spec:
   clientAuth:
     secretNames:
@@ -19,6 +20,7 @@ apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
   name: mtls-auth
+  namespace: default
 spec:
   headers:
     customRequestHeaders:
@@ -35,6 +37,7 @@ apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
   name: security-headers
+  namespace: default
 spec:
   headers:
     customResponseHeaders:
diff --git a/deployment/ui-deployment.yaml b/deployment/ui-deployment.yaml
index f7179dc..0f91653 100644
--- a/deployment/ui-deployment.yaml
+++ b/deployment/ui-deployment.yaml
@@ -84,8 +84,8 @@ metadata:
   name: ui-ingress
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-production-http
-    traefik.ingress.kubernetes.io/router.middlewares: homea2-mtls-auth@kubernetescrd,homea2-security-headers@kubernetescrd
-    traefik.ingress.kubernetes.io/router.tls.options: homea2-mtls@kubernetescrd
+    traefik.ingress.kubernetes.io/router.middlewares: default-mtls-auth@kubernetescrd,default-security-headers@kubernetescrd
+    traefik.ingress.kubernetes.io/router.tls.options: default-homea2-mtls@kubernetescrd
 spec:
   tls:
     - hosts: