linode · merll · May 13, 2026 · May 13, 2026
@@ -129,9 +129,7 @@ export const getSpec = (): OtomiSpec => {
   return otomiSpec
 }
 export const getAppSchema = (appId: string): Schema => {
-  let id: string = appId
-  if (appId.startsWith('ingress-nginx')) id = 'ingress-nginx-platform'
-  return getSpec().valuesSchema.properties.apps.properties[id]
+  return getSpec().valuesSchema.properties.apps.properties[appId]
 }
 
 export const getAppList = (): string[] => {

@@ -12,7 +12,6 @@ AppList:
     - gitea
     - grafana
     - harbor
-    - ingress-nginx
     - istio
     - keycloak
     - knative

@@ -99,6 +99,8 @@ import {
   EDITOR_INACTIVITY_TIMEOUT,
   GIT_BRANCH,
   GIT_EMAIL,
+  GIT_INIT_MAX_RETRIES,
+  GIT_INIT_RETRY_INTERVAL_MS,
   GIT_LOCAL_PATH,
   GIT_PASSWORD,
   GIT_REPO_URL,
@@ -111,8 +113,6 @@ import {
   PREINSTALLED_EXCLUDED_APPS,
   TOOLS_HOST,
   VERSIONS,
-  GIT_INIT_MAX_RETRIES,
-  GIT_INIT_RETRY_INTERVAL_MS,
 } from 'src/validators'
 import { v4 as uuidv4 } from 'uuid'
 import { parse as parseYaml, stringify as stringifyYaml } from 'yaml'
@@ -278,12 +278,7 @@ export default class OtomiStack {
   }
 
   async getAppList() {
-    let apps = getAppList()
-    apps = apps.filter((item) => item !== 'ingress-nginx')
-    const { ingress } = await this.getSettings()
-    const allClasses = ['platform'].concat(ingress?.classes?.map((obj) => obj.className as string) || [])
-    const ingressApps = allClasses.map((name) => `ingress-nginx-${name}`)
-    return apps.concat(ingressApps)
+    return getAppList()
   }
 
   async getValues(query): Promise<Record<string, any>> {
@@ -607,62 +602,8 @@ export default class OtomiStack {
     }
   }
 
-  async loadIngressApps(id: string): Promise<void> {
-    try {
-      debug(`Loading ingress apps for ${id}`)
-      const content = await this.git.loadConfig('env/apps/ingress-nginx.yaml', 'env/apps/secrets.ingress-nginx.yaml')
-      const values = content?.apps?.['ingress-nginx'] ?? {}
-
-      const filePath = getResourceFilePath('AplApp', id)
-      const aplApp = toPlatformObject('AplApp', id, { enabled: true, rawValues: {}, ...values })
-      this.fileStore.set(filePath, aplApp)
-
-      debug(`Ingress app loaded for ${id}`)
-    } catch (error) {
-      debug(`Failed to load ingress apps for ${id}:`)
-    }
-  }
-
-  async removeIngressApps(id: string): Promise<void> {
-    try {
-      debug(`Removing ingress apps for ${id}`)
-      const filePath = `env/apps/${id}.yaml`
-      const secretsPath = `env/apps/secrets.${id}.yaml`
-
-      this.fileStore.delete(filePath)
-      await this.git.removeFile(filePath)
-      await this.git.removeFile(secretsPath)
-      debug(`Ingress app removed for ${id}`)
-    } catch (error) {
-      debug(`Failed to remove ingress app for ${id}:`)
-    }
-  }
-
-  async editIngressApps(settings: Settings, data: Settings, settingId: string): Promise<void> {
-    if (settingId !== 'ingress') return
-    const initClasses = settings[settingId]?.classes || []
-    const initClassNames = initClasses.map((obj) => obj.className)
-    const dataClasses = data[settingId]?.classes || []
-    const dataClassNames = dataClasses.map((obj) => obj.className)
-    // Ingress app addition
-    for (const ingressClass of dataClasses) {
-      if (!initClassNames.includes(ingressClass.className)) {
-        const id = `ingress-nginx-${ingressClass.className}`
-        await this.loadIngressApps(id)
-      }
-    }
-    // Ingress app deletion
-    for (const ingressClass of initClasses) {
-      if (!dataClassNames.includes(ingressClass.className)) {
-        const id = `ingress-nginx-${ingressClass.className}`
-        await this.removeIngressApps(id)
-      }
-    }
-  }
-
   async editSettings(data: Settings, settingId: string): Promise<Settings> {
     const settings = await this.getSettings()
-    await this.editIngressApps(settings, data, settingId)
     const updatedSettingsData: any = { ...data }
     if (settingId === 'otomi') {
       // convert otomi.nodeSelector to object

@@ -93,7 +93,7 @@ export const PREINSTALLED_EXCLUDED_APPS = json({
 export const HIDDEN_APPS = json({
   desc: 'Applications that are hidden from the apps page',
   default: {
-    apps: ['ingress-nginx-platform'],
+    apps: [],
   },
 })
 export const OBJ_STORAGE_APPS = json({

@@ -85,16 +85,6 @@ appsInfo:
     dependencies: None
     about: Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. Having a registry closer to the build and run environment can improve the image transfer efficiency. Harbor supports replication of images between registries, and also offers advanced security features such as user management, access control and activity auditing.
     integration: Harbor can be enabled to provide each team with a private registry. Harbor has been made user and tenant aware. APL runs automated tasks that take care of creating a project in Harbor for each team, creating a bot-account for each team, and creating a Kubernetes pull secret in the team namespace to enable pulling of images out of the local registry.
-  ingress-nginx:
-    title: Ingress-NGINX
-    appVersion: 1.13.1
-    repo: https://github.com/kubernetes/ingress-nginx
-    maintainers: NGINX
-    relatedLinks:
-      - https://docs.nginx.com/nginx-ingress-controller
-    license: Apache 2.0
-    about: ingress-nginx is an Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer.
-    integration: APL integrated ingress-nginx into an advanced ingress architecture.
   istio:
     title: Istio
     appVersion: 1.26.3

@@ -19,6 +19,7 @@ k8s:
       app: harbor
     - name: apl-harbor-operator
       disableIstioInjection: true
+    - name: git-server
     - name: gitea
     - name: apl-gitea-operator
       disableIstioInjection: true
@@ -28,14 +29,6 @@ k8s:
       app: grafana
     - name: istio-system
       disableIstioInjection: true
-      labels:
-        'apl.io/ingress-controller-scope': 'true'
-    - name: ingress
-      # disabling istio sidecar as it does not preserve client ip (yet)
-      # TODO: enable once it does
-      disableIstioInjection: true
-      labels:
-        'apl.io/ingress-controller-scope': 'true'
     - name: keycloak
     - name: apl-keycloak-operator
       disableIstioInjection: true
@@ -58,6 +51,8 @@ k8s:
     - name: kyverno
       app: kyverno
       disableIstioInjection: true
+    - name: tekton-dashboard
+      app: tekton-pipelines
     - name: tekton-pipelines
       disableIstioInjection: true
       disablePolicyChecks: true
@@ -87,6 +82,11 @@ k8s:
       disablePolicyChecks: true
     - name: sealed-secrets
       app: sealed-secrets
+    - name: external-secrets
+      app: external-secrets
+      disableIstioInjection: true
+    - name: apl-secrets
+      disableIstioInjection: true
     - name: policy-reporter
       app: policy-reporter
       disablePolicyChecks: true
@@ -97,22 +97,10 @@ adminApps:
     tags: [alerting, observability]
     deps: [prometheus]
     ownHost: true
-    ingress:
-      - svc: po-alertmanager
-        namespace: monitoring
-        # namespace: alertmanager
-        port: 9093
-        type: public
-        auth: true
   - name: argocd
     tags: [cicd, gitops]
     isShared: true
     ownHost: true
-    ingress:
-      - svc: argocd-server
-        namespace: argocd
-        type: public
-        auth: true
   - name: cert-manager
     tags: [ingress, security, tls]
   - name: cnpg
@@ -121,101 +109,44 @@ adminApps:
     tags: [tty]
     isShared: true
     ownHost: true
-    ingress:
-      - svc: tty
-        # virtual service is not going to be used.
-        namespace: ingress
-        type: public
-        auth: true
   - name: external-dns
     tags: [ingress, security, tls]
   - name: gitea
     tags: [git]
     isShared: true
     ownHost: true
     path: /user/oauth2/otomi-idp
-    ingress:
-      - namespace: gitea
-        svc: gitea-http
-        port: 3000
-        type: public
   - name: grafana
     tags: [tracing, telemetry, observability]
     deps: [prometheus]
     path: /dashboards
     ownHost: true
-    ingress:
-      - svc: po-grafana
-        namespace: grafana
-        removeRequestHeaders:
-          - authorization
-        type: public
-        auth: true
   - name: harbor
     tags: [security]
     isShared: true
     ownHost: true
-    ingress:
-      - svc: harbor-portal
-        namespace: harbor
-        type: public
-        auth: true
-      - svc: harbor-core
-        namespace: harbor
-        paths: [/api/, /c/]
-        forwardPath: true
-        type: public
-        auth: true
-      - svc: harbor-core
-        namespace: harbor
-        paths: [/chartrepo/, /service/, /v1/, /v2/]
-        forwardPath: true
-        type: public
-        hasOwnIngress: true
   - name: hello
     hide: true
     tags: [demo]
-  - name: ingress-nginx
-    tags: [ingress, auth]
   - name: istio
     tags: [ingress, egress, routing, security, tls, observability, policies]
   - name: keycloak
     path: /admin/otomi/console/
     tags: [auth, sso]
-    # isShared: true
     ownHost: true
-    ingress:
-      - namespace: keycloak
-        svc: keycloak-keycloakx-http
-        type: public
-        port: 8080
   - name: knative
     tags: [serverless, functions]
     deps: [istio]
   - name: kubeflow-pipelines
     tags: [ai, ml]
     ownHost: true
     isShared: true
-    ingress:
-      - svc: ml-pipeline-ui
-        namespace: kfp
-        port: 80
-        type: public
-        auth: true
   - name: kserve
     tags: [ai]
   - name: tekton
     tags: [buildpacks, ci, pipelines]
     ownHost: true
     path: /#/namespaces/team-admin/pipelineruns
-    ingress:
-      - svc: tekton-dashboard
-        namespace: tekton-pipelines
-        port: 9097
-        type: public
-        auth: true
-        removeRequestHeaders:
-          - authorization
   - name: loki
     tags: [logging, telemetry, observability]
     deps: [grafana, prometheus, otel]
@@ -225,37 +156,13 @@ adminApps:
     hide: true
     isShared: true
     ownHost: true
-    ingress:
-      - svc: otomi-api
-        namespace: otomi
-        paths: [/api/]
-        type: public
-        auth: true
-      - svc: otomi-console
-        namespace: otomi
-        type: public
-        auth: true
   - name: api # Used by any client that do not support cookies
     hide: true
     isShared: true
     ownHost: true
-    ingress:
-      - svc: otomi-api
-        namespace: otomi
-        type: public
-        # RequestAuthentication and AuthorizationPolicy ensure Authorization header validation
-        auth: false
-
   - name: prometheus
     tags: [metrics, observability]
     ownHost: true
-    ingress:
-      - svc: po-prometheus
-        port: 9090
-        namespace: monitoring
-        # namespace: prometheus
-        type: public
-        auth: true
   - name: sealed-secrets
     tags: [secrets, security, observability]
     ownHost: true
@@ -273,33 +180,11 @@ teamApps:
   - name: alertmanager
     ownHost: true
     path: /#/alerts?silenced=false&inhibited=false&active=true&filter=%7Bnamespace%3D"team-#TEAM#"%7D
-    ingress:
-      - svc: po-alertmanager
-        hasPrefix: true
-        port: 9093
-        type: public
-        auth: true
   - name: grafana
     ownHost: true
     path: /dashboards
-    ingress:
-      - svc: po-grafana
-        hasPrefix: true
-        forwardPath: true
-        removeRequestHeaders:
-          - authorization
-        type: public
-        auth: true
   - name: loki
     useHost: grafana
     path: /explore?orgId=1&left=%7B"datasource":"loki","queries":%5B%7B"refId":"A","expr":"","queryType":"range","datasource":%7B"type":"loki","uid":"loki"%7D%7D%5D,"range":%7B"from":"now-1h","to":"now"%7D%7D
   - name: tekton
     ownHost: true
-    ingress:
-      - svc: tekton-dashboard
-        hasPrefix: true
-        port: 9097
-        type: public
-        auth: true
-        removeRequestHeaders:
-          - authorization
@@ -9,7 +9,6 @@ teamConfig:
             gitea: {}
             grafana: {}
             harbor: {}
-            ingress-nginx: {}
             istio: {}
             keycloak: {}
             knative: {}
-Original file line number
+Diff line change
@@ Expand Up / @@ -12,7 +12,6 @@ AppList: @@
         - gitea
         - grafana
         - harbor
-        - ingress-nginx
         - istio
         - keycloak
         - knative
@@ Expand Down @@