From c4a94772d90cf1b9f7e7a546be0c46ac2a257652 Mon Sep 17 00:00:00 2001
From: Shahab Dogar <shahab@dogar.dev>
Date: Sun, 23 Nov 2025 00:20:36 +0500
Subject: [PATCH] feat: NetworkSecurity | add secure routes for
 longhorn+grafana

---
 network-security/index.ts | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/network-security/index.ts b/network-security/index.ts
index 0f63593..211d3e4 100644
--- a/network-security/index.ts
+++ b/network-security/index.ts
@@ -9,6 +9,7 @@ import {
   IpAllowListMiddlewareTCP,
 } from "./traefik";
 import { ValkeyCluster } from "./valkey";
+import { InternalIngressRoute } from "../utils";
 
 export class NetworkSecurity extends TerraformStack {
   constructor(scope: Construct, id: string) {
@@ -79,5 +80,23 @@ export class NetworkSecurity extends TerraformStack {
       name: "tcp-ip-allow-list",
       sourceRanges: ["192.168.18.0/24", "10.42.0.0/16"],
     });
+
+    new InternalIngressRoute(this, "longhorn-ui", {
+      provider: kubernetes,
+      namespace: "longhorn-system",
+      name: "longhorn-ui",
+      host: "longhorn.dogar.dev",
+      serviceName: "longhorn-frontend",
+      servicePort: 80,
+    });
+
+    new InternalIngressRoute(this, "grafana-ui", {
+      provider: kubernetes,
+      namespace: "monitoring",
+      name: "grafana-ui",
+      host: "grafana.dogar.dev",
+      serviceName: "prometheus-operator-grafana",
+      servicePort: 80,
+    });
   }
 }