[traefik] Remove broken rewrite-body plugin and all rybbit/anti-AI injection

The rewrite-body Traefik plugin (both packruler/rewrite-body v1.2.0 and the-ccsn/traefik-plugin-rewritebody v0.1.3) silently fails on Traefik v3.6.12 due to Yaegi interpreter issues with ResponseWriter wrapping. Both plugins load without errors but never inject content. Removed: - rewrite-body plugin download (init container) and registration - strip-accept-encoding middleware (only existed for rewrite-body bug) - anti-ai-trap-links middleware (used rewrite-body for injection) - rybbit_site_id variable from ingress_factory and reverse_proxy factory - rybbit_site_id from 25 service stacks (39 instances) - Per-service rybbit-analytics middleware CRD resources Kept: - compress middleware (entrypoint-level, working correctly) - ai-bot-block middleware (ForwardAuth to bot-block-proxy) - anti-ai-headers middleware (X-Robots-Tag: noai, noimageai) - All CrowdSec, Authentik, rate-limit middleware unchanged Next: Cloudflare Workers with HTMLRewriter for edge-side injection. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-17 12:41:17 +00:00 · 2026-04-17 12:41:17 +00:00 · b034c868db
commit b034c868db
parent b24545ffdb
29 changed files with 32 additions and 197 deletions
--- a/stacks/dbaas/modules/dbaas/main.tf
+++ b/stacks/dbaas/modules/dbaas/main.tf
@ -1004,15 +1004,13 @@ resource "kubernetes_service" "phpmyadmin" {
  }
 }
 module "ingress" {
-  source                         = "../../../../modules/kubernetes/ingress_factory"
-  dns_type                       = "proxied"
-  namespace                      = kubernetes_namespace.dbaas.metadata[0].name
-  name                           = "pma"
-  tls_secret_name                = var.tls_secret_name
-  protected                      = true
-  extra_annotations              = {}
-  rybbit_site_id                 = "942c76b8bd4d"
-  custom_content_security_policy = "script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://rybbit.viktorbarzin.me"
+  source            = "../../../../modules/kubernetes/ingress_factory"
+  dns_type          = "proxied"
+  namespace         = kubernetes_namespace.dbaas.metadata[0].name
+  name              = "pma"
+  tls_secret_name   = var.tls_secret_name
+  protected         = true
+  extra_annotations = {}
 }


@ -1514,7 +1512,6 @@ module "ingress-pgadmin" {
  name            = "pgadmin"
  tls_secret_name = var.tls_secret_name
  protected       = true
-  rybbit_site_id  = "7cef78e30485"
 }