jac-scale deploys per-namespace nginx ingress instead of shared ALB ingress rules

[udithishanka]

Problem

When jac start --scale runs; on AWS, jac-scale creates a per-namespace nginx ingress controller (Deployment + LoadBalancer Service) for each app. This means every deployed app gets its own NLB, and the ingress has no host rule — just a wildcard * catch-all.

This causes two issues:

1. DNS mismatch: If the app's domain (e.g., jac-shadcn.jaseci.org) points to the shared ALB (jaseci-cluster-alb-2), there's no ALB rule for that host — the wildcard *.jaseci.org catches it and routes to jac-builder instead of the intended app.

2. NLB sprawl: Each app gets its own NLB (~$16/month each), instead of sharing the existing ALB. With 25+ apps this adds up.

Expected behavior

On AWS, jac deploy should create an ALB Ingress resource in the shared ALB group (jaseci-cluster-alb-2) with:

• Host-based routing for the app's domain
• TLS termination via ACM certificate
• HTTP → HTTPS redirect
• ip target type for direct pod routing

This is how every other app in the cluster is routed (via the infra repo's ingress manifests).

Current behavior

jac-scale creates:

• A per-namespace nginx IngressClass
• A nginx ingress controller Deployment
• A LoadBalancer Service (provisions a new NLB)
• An Ingress with ingressClassName: <namespace>-nginx and no host rule

Suggested config additions

[plugins.scale.kubernetes]
ingress_enabled = true
ingress_host = "myapp.jaseci.org"
ingress_tls_cert_arn = "arn:aws:acm:..."
ingress_alb_group = "jaseci-cluster-alb-2"

When these are set, jac-scale should generate an ALB ingress instead of deploying a per-namespace nginx controller.