From 5decf79beed1d0a590d24da1b10bb4c150c703d1 Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <wolfgang.hottgenroth@icloud.com>
Date: Sat, 29 Nov 2025 21:41:50 +0100
Subject: [PATCH] mTLS 2

---
 .gitignore                     | 1 +
 deployment/api-deployment.yaml | 2 ++
 deployment/ui-deployment.yaml  | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/.gitignore b/.gitignore
index 4a63331..2c4d835 100644
--- a/.gitignore
+++ b/.gitignore
@@ -65,3 +65,4 @@ poetry.lock
 apps/homekit/homekit.state
 
 tools/ca/
+tools/clients/
diff --git a/deployment/api-deployment.yaml b/deployment/api-deployment.yaml
index c433592..c1a67c5 100644
--- a/deployment/api-deployment.yaml
+++ b/deployment/api-deployment.yaml
@@ -107,6 +107,8 @@ metadata:
   name: api-ingress
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-production-http
+    traefik.ingress.kubernetes.io/router.middlewares: homea2-mtls-auth@kubernetescrd,homea2-security-headers@kubernetescrd
+    traefik.ingress.kubernetes.io/router.tls.options: homea2-homea2-mtls@kubernetescrd
     # Traefik 2 mTLS Configuration
     traefik.ingress.kubernetes.io/router.tls.options: homea2-mtls@kubernetescrd
     traefik.ingress.kubernetes.io/router.middlewares: homea2-mtls-auth@kubernetescrd
diff --git a/deployment/ui-deployment.yaml b/deployment/ui-deployment.yaml
index 5d915e9..82ea94c 100644
--- a/deployment/ui-deployment.yaml
+++ b/deployment/ui-deployment.yaml
@@ -84,6 +84,8 @@ metadata:
   name: ui-ingress
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-production-http
+    traefik.ingress.kubernetes.io/router.middlewares: homea2-mtls-auth@kubernetescrd,homea2-security-headers@kubernetescrd
+    traefik.ingress.kubernetes.io/router.tls.options: homea2-homea2-mtls@kubernetescrd
     # Traefik 2 mTLS Configuration
     traefik.ingress.kubernetes.io/router.tls.options: homea2-mtls@kubernetescrd
     traefik.ingress.kubernetes.io/router.middlewares: homea2-mtls-auth@kubernetescrd