CodeForPhilly · TineoC · Mar 21, 2026 · Mar 21, 2026 · Mar 21, 2026 · Mar 21, 2026
diff --git a/deploy/manifests/balancer/base/balancer.env b/deploy/manifests/balancer/base/balancer.env
diff --git a/deploy/manifests/balancer/base/deployment.yaml b/deploy/manifests/balancer/base/deployment.yaml
@@ -21,6 +21,8 @@ spec:
           envFrom:
             - secretRef:
                 name: balancer-config
+            - configMapRef:
+                name: balancer-config
           ports:
             - containerPort: 8000
           readinessProbe:

diff --git a/deploy/manifests/balancer/base/gateway-listeners.yaml b/deploy/manifests/balancer/base/gateway-listeners.yaml
@@ -0,0 +1,26 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: ListenerSet
+metadata:
+  name: balancer-listeners
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  parentRef:
+    name: main-gateway
+    namespace: envoy-gateway-system
+    group: gateway.networking.k8s.io
+    kind: Gateway
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      hostname: HOSTNAME_PLACEHOLDER
+    - name: https
+      protocol: HTTPS
+      port: 443
+      hostname: HOSTNAME_PLACEHOLDER
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - name: balancer-tls
+            kind: Secret
diff --git a/deploy/manifests/balancer/base/httproute.yaml b/deploy/manifests/balancer/base/httproute.yaml
@@ -0,0 +1,39 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: balancer-redirect
+spec:
+  parentRefs:
+    - name: balancer-listeners
+      kind: ListenerSet
+      group: gateway.networking.k8s.io
+      sectionName: http
+  hostnames:
+    - HOSTNAME_PLACEHOLDER
+  rules:
+    - filters:
+        - type: RequestRedirect
+          requestRedirect:
+            scheme: https
+            statusCode: 301
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: balancer
+spec:
+  parentRefs:
+    - name: balancer-listeners
+      kind: ListenerSet
+      group: gateway.networking.k8s.io
+      sectionName: https
+  hostnames:
+    - HOSTNAME_PLACEHOLDER
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: balancer
+          port: 80
diff --git a/deploy/manifests/balancer/base/ingress.yaml b/deploy/manifests/balancer/base/ingress.yaml
diff --git a/deploy/manifests/balancer/base/kustomization.yaml b/deploy/manifests/balancer/base/kustomization.yaml
@@ -5,4 +5,10 @@ resources:
   - namespace.yaml
   - deployment.yaml
   - service.yaml
-  - ingress.yaml
+  - gateway-listeners.yaml
+  - httproute.yaml
+
+configMapGenerator:
+  - name: balancer-config
+    envs:
+      - balancer.env
diff --git a/deploy/manifests/balancer/base/service.yaml b/deploy/manifests/balancer/base/service.yaml
@@ -7,7 +7,7 @@ metadata:
 spec:
   ports:
     - name: http
-      port: 8000
+      port: 80
       targetPort: 8000
   selector:
     app: balancer
diff --git a/deploy/manifests/balancer/overlays/dev/kustomization.yaml b/deploy/manifests/balancer/overlays/dev/kustomization.yaml
diff --git a/deploy/manifests/balancer/overlays/production/balancer.env b/deploy/manifests/balancer/overlays/production/balancer.env
@@ -0,0 +1 @@
+CORS_ALLOWED_ORIGINS=https://balancerproject.org
diff --git a/deploy/manifests/balancer/overlays/production/kustomization.yaml b/deploy/manifests/balancer/overlays/production/kustomization.yaml
@@ -0,0 +1,43 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: balancer
+
+resources:
+  - ../../base
+
+images:
+  - name: ghcr.io/codeforphilly/balancer-main/app
+    newTag: latest
+
+configMapGenerator:
+  - name: balancer-config
+    behavior: merge
+    envs:
+      - balancer.env
+
+patches:
+  - target:
+      kind: ListenerSet
+      name: balancer-listeners
+    patch: |-
+      - op: replace
+        path: /spec/listeners/0/hostname
+        value: balancerproject.org
+      - op: replace
+        path: /spec/listeners/1/hostname
+        value: balancerproject.org
+  - target:
+      kind: HTTPRoute
+      name: balancer
+    patch: |-
+      - op: add
+        path: /spec/hostnames
+        value: ["balancerproject.org"]
+  - target:
+      kind: HTTPRoute
+      name: balancer-redirect
+    patch: |-
+      - op: add
+        path: /spec/hostnames
+        value: ["balancerproject.org"]
diff --git a/deploy/manifests/balancer/overlays/sandbox/balancer.env b/deploy/manifests/balancer/overlays/sandbox/balancer.env
@@ -0,0 +1 @@
+CORS_ALLOWED_ORIGINS=https://sandbox.balancerproject.org
diff --git a/deploy/manifests/balancer/overlays/sandbox/cnpg/database.yaml b/deploy/manifests/balancer/overlays/sandbox/cnpg/database.yaml
@@ -0,0 +1,10 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: balancer
+  namespace: cloudnative-pg
+spec:
+  name: balancer
+  owner: balancer
+  cluster:
+    name: shared-cluster
diff --git a/deploy/manifests/balancer/overlays/sandbox/cnpg/kustomization.yaml b/deploy/manifests/balancer/overlays/sandbox/cnpg/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - database.yaml
diff --git a/deploy/manifests/balancer/overlays/sandbox/configmap.yaml b/deploy/manifests/balancer/overlays/sandbox/configmap.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: balancer-db-config
+data:
+  SQL_HOST: shared-cluster-rw.cloudnative-pg.svc.cluster.local
+  SQL_PORT: "5432"
+  SQL_DATABASE: balancer
+  SQL_USER: balancer
+  SQL_ENGINE: django.db.backends.postgresql
diff --git a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml
@@ -0,0 +1,61 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: balancer
+
+resources:
+  - ../../base
+  - configmap.yaml
+
+images:
+  - name: ghcr.io/codeforphilly/balancer-main/app
+    newTag: latest
+
+configMapGenerator:
+  - name: balancer-config
+    behavior: merge
+    envs:
+      - balancer.env
+
+patches:
+  - target:
+      kind: ListenerSet
+      name: balancer-listeners
+    patch: |-
+      - op: replace
+        path: /spec/listeners/0/hostname
+        value: sandbox.balancerproject.org
+      - op: replace
+        path: /spec/listeners/1/hostname
+        value: sandbox.balancerproject.org
+  - target:
+      kind: HTTPRoute
+      name: balancer
+    patch: |-
+      - op: add
+        path: /spec/hostnames
+        value: ["sandbox.balancerproject.org"]
+  - target:
+      kind: HTTPRoute
+      name: balancer-redirect
+    patch: |-
+      - op: add
+        path: /spec/hostnames
+        value: ["sandbox.balancerproject.org"]
+  - target:
+      kind: Deployment
+      name: balancer
+    patch: |-
+      - op: add
+        path: /spec/template/spec/containers/0/envFrom/-
+        value:
+          configMapRef:
+            name: balancer-db-config
+      - op: add
+        path: /spec/template/spec/containers/0/env
+        value:
+          - name: SQL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: balancer-db-credentials
+                key: password
diff --git a/server/balancer_backend/settings.py b/server/balancer_backend/settings.py
@@ -67,7 +67,10 @@
 
 ROOT_URLCONF = "balancer_backend.urls"
 
-CORS_ALLOW_ALL_ORIGINS = True
+# CORS configuration
+CORS_ALLOWED_ORIGINS = os.environ.get("CORS_ALLOWED_ORIGINS", "http://localhost:3000").split(",")
+# Ensure no empty strings if input was empty or trailing comma
+CORS_ALLOWED_ORIGINS = [origin.strip() for origin in CORS_ALLOWED_ORIGINS if origin.strip()]
 
 TEMPLATES = [
     {
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		CORS_ALLOWED_ORIGINS=https://balancerproject.org
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		CORS_ALLOWED_ORIGINS=https://sandbox.balancerproject.org