From 8621c0dd65694c2b33d4b815265427e23af16e6e Mon Sep 17 00:00:00 2001
From: Sienna Meridian Satterwhite <sienna@r3t.io>
Date: Tue, 3 Mar 2026 00:57:58 +0000
Subject: [PATCH] fix: correct Pingora upstream ports and kustomize namespace
 conflict

pingora-config.yaml: kratos-public and people-backend K8s Services
expose port 80, not 4433/8000. The wrong ports caused Pingora to
return timeouts for /kratos/* and all people.* routes.

ory/kustomization.yaml: remove kustomization-level namespace: ory
transformer. All non-Helm resources already declare namespace: ory
explicitly. The transformer was incorrectly moving hydra-maester's
enabledNamespaces Role (generated for the lasuite namespace) into ory,
producing a duplicate-name conflict during kustomize build.
---
 base/ingress/pingora-config.yaml | 4 ++--
 base/ory/kustomization.yaml      | 6 +++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/base/ingress/pingora-config.yaml b/base/ingress/pingora-config.yaml
index cc65c09..0e97968 100644
--- a/base/ingress/pingora-config.yaml
+++ b/base/ingress/pingora-config.yaml
@@ -62,7 +62,7 @@ data:
 
     [[routes]]
     host_prefix = "people"
-    backend     = "http://people-backend.lasuite.svc.cluster.local:8000"
+    backend     = "http://people-backend.lasuite.svc.cluster.local:80"
 
     [[routes]]
     host_prefix = "find"
@@ -93,7 +93,7 @@ data:
       # /kratos prefix is stripped before forwarding so Kratos sees its native paths.
       [[routes.paths]]
       prefix        = "/kratos"
-      backend       = "http://kratos-public.ory.svc.cluster.local:4433"
+      backend       = "http://kratos-public.ory.svc.cluster.local:80"
       strip_prefix  = true
 
     [[routes]]
diff --git a/base/ory/kustomization.yaml b/base/ory/kustomization.yaml
index ee1f525..59aa6bc 100644
--- a/base/ory/kustomization.yaml
+++ b/base/ory/kustomization.yaml
@@ -1,7 +1,11 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-namespace: ory
+# namespace: ory removed — all non-Helm resources already set namespace: ory
+# explicitly, and the Helm charts use namespace: ory in their helmCharts spec.
+# The kustomization-level transformer was incorrectly moving hydra-maester's
+# enabledNamespaces Role (meant for lasuite) into the ory namespace, causing
+# a duplicate-name conflict.
 
 resources:
   - namespace.yaml