From 083e7f41cd6fe9663e9f279a5567d5d1a6e553a4 Mon Sep 17 00:00:00 2001
From: Andrew Stoltz <1578013+astoltz@users.noreply.github.com>
Date: Wed, 17 Jun 2026 01:57:47 -0500
Subject: [PATCH] fix(fc-php): restore missing IngressRoute + TLS cert (php-web
 404 on GX10)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

php.iamworkin.lan returned 404 on every path: the GX10 GitOps capture grabbed
fc-php's deployment/service but NOT its IngressRoute (chicken-egg — php wasn't
routed at capture time), so Traefik matched no route. Pod is 1/1 Running 37h —
the 404 was pure missing-route, confirmed by diffing against the healthy sibling
mysql-web (which has its IngressRoute).

Mirrors the mysql-web / fc-network pattern: a cert-manager Certificate (step-ca-acme
ClusterIssuer) to mint php-web-tls + an IngressRoute Host(php.iamworkin.lan)->php-web:5400.
Additive only.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 apps-gx10/fc-php/certificate-php-web-tls.json | 18 ++++++++++++
 apps-gx10/fc-php/ingressroute-php-web.json    | 29 +++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 apps-gx10/fc-php/certificate-php-web-tls.json
 create mode 100644 apps-gx10/fc-php/ingressroute-php-web.json

diff --git a/apps-gx10/fc-php/certificate-php-web-tls.json b/apps-gx10/fc-php/certificate-php-web-tls.json
new file mode 100644
index 0000000..178d990
--- /dev/null
+++ b/apps-gx10/fc-php/certificate-php-web-tls.json
@@ -0,0 +1,18 @@
+{
+  "apiVersion": "cert-manager.io/v1",
+  "kind": "Certificate",
+  "metadata": {
+    "name": "php-web-tls",
+    "namespace": "fc-php"
+  },
+  "spec": {
+    "dnsNames": [
+      "php.iamworkin.lan"
+    ],
+    "issuerRef": {
+      "kind": "ClusterIssuer",
+      "name": "step-ca-acme"
+    },
+    "secretName": "php-web-tls"
+  }
+}
diff --git a/apps-gx10/fc-php/ingressroute-php-web.json b/apps-gx10/fc-php/ingressroute-php-web.json
new file mode 100644
index 0000000..178abc2
--- /dev/null
+++ b/apps-gx10/fc-php/ingressroute-php-web.json
@@ -0,0 +1,29 @@
+{
+  "apiVersion": "traefik.io/v1alpha1",
+  "kind": "IngressRoute",
+  "metadata": {
+    "name": "php-web",
+    "namespace": "fc-php"
+  },
+  "spec": {
+    "entryPoints": [
+      "websecure"
+    ],
+    "routes": [
+      {
+        "kind": "Rule",
+        "match": "Host(`php.iamworkin.lan`)",
+        "priority": 100,
+        "services": [
+          {
+            "name": "php-web",
+            "port": 5400
+          }
+        ]
+      }
+    ],
+    "tls": {
+      "secretName": "php-web-tls"
+    }
+  }
+}