From c6ec43a1d42b55a6e5e0d73fb9fcd2f7019f00f3 Mon Sep 17 00:00:00 2001 From: Steven Kreitzer Date: Mon, 10 Mar 2025 14:41:11 -0500 Subject: [PATCH 1/6] feat(networking): move to gateway api --- .../kube-system/cilium/app/helm/values.yaml | 8 +- .../kube-system/cilium/ingress/external.yaml | 39 ++++++++ .../kube-system/cilium/ingress/internal.yaml | 39 ++++++++ .../cilium/ingress}/kustomization.yaml | 3 +- kubernetes/apps/kube-system/cilium/ks.yaml | 27 ++++++ .../apps/media/autobrr/app/helmrelease.yaml | 22 ++--- kubernetes/apps/networking/kustomization.yaml | 1 - .../nginx/external/helmrelease.yaml | 89 ------------------- .../nginx/internal/helmrelease.yaml | 88 ------------------ .../nginx/internal/kustomization.yaml | 5 -- kubernetes/apps/networking/nginx/ks.yaml | 46 ---------- .../meta/repositories/helm/ingress-nginx.yaml | 9 -- .../meta/repositories/helm/kustomization.yaml | 1 - talos/controlplane.yaml.j2 | 2 + 14 files changed, 125 insertions(+), 254 deletions(-) create mode 100644 kubernetes/apps/kube-system/cilium/ingress/external.yaml create mode 100644 kubernetes/apps/kube-system/cilium/ingress/internal.yaml rename kubernetes/apps/{networking/nginx/external => kube-system/cilium/ingress}/kustomization.yaml (66%) delete mode 100644 kubernetes/apps/networking/nginx/external/helmrelease.yaml delete mode 100644 kubernetes/apps/networking/nginx/internal/helmrelease.yaml delete mode 100644 kubernetes/apps/networking/nginx/internal/kustomization.yaml delete mode 100644 kubernetes/apps/networking/nginx/ks.yaml delete mode 100644 kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/helm/values.yaml b/kubernetes/apps/kube-system/cilium/app/helm/values.yaml index d9ec500466..924a0f41c7 100644 --- a/kubernetes/apps/kube-system/cilium/app/helm/values.yaml +++ b/kubernetes/apps/kube-system/cilium/app/helm/values.yaml @@ -25,7 +25,10 @@ enableIPv4BIGTCP: true endpointRoutes: enabled: true envoy: - enabled: false + enabled: true +gatewayAPI: + enabled: true + enableAlpn: true hubble: enabled: false ipam: @@ -77,6 +80,3 @@ securityContext: - NET_ADMIN - SYS_ADMIN - SYS_RESOURCE -tls: - secretsNamespace: - create: false diff --git a/kubernetes/apps/kube-system/cilium/ingress/external.yaml b/kubernetes/apps/kube-system/cilium/ingress/external.yaml new file mode 100644 index 0000000000..d8f11adea2 --- /dev/null +++ b/kubernetes/apps/kube-system/cilium/ingress/external.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: external + annotations: + external-dns.alpha.kubernetes.io/hostname: external.ktwo.io +spec: + gatewayClassName: cilium + addresses: + - type: IPAddress + value: 192.168.20.80 + - type: IPAddress + value: ::ffff:c0a8:1450 + - type: Hostname + value: external.ktwo.io + infrastructure: + annotations: + lbipam.cilium.io/ips: 192.168.20.80, ::ffff:c0a8:1450 + listeners: + - name: http + protocol: HTTP + port: 80 + hostname: "*.ktwo.io" + allowedRoutes: + namespaces: + from: All + - name: https + protocol: HTTPS + port: 443 + hostname: "*.ktwo.io" + allowedRoutes: + namespaces: + from: All + tls: + certificateRefs: + - kind: Secret + name: ktwo-io-tls + namespace: cert-manager diff --git a/kubernetes/apps/kube-system/cilium/ingress/internal.yaml b/kubernetes/apps/kube-system/cilium/ingress/internal.yaml new file mode 100644 index 0000000000..0e409f3aa1 --- /dev/null +++ b/kubernetes/apps/kube-system/cilium/ingress/internal.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: internal + annotations: + external-dns.alpha.kubernetes.io/hostname: internal.ktwo.io +spec: + gatewayClassName: cilium + addresses: + - type: IPAddress + value: 192.168.20.81 + - type: IPAddress + value: ::ffff:c0a8:1451 + - type: Hostname + value: internal.ktwo.io + infrastructure: + annotations: + lbipam.cilium.io/ips: 192.168.20.81, ::ffff:c0a8:1451 + listeners: + - name: http + protocol: HTTP + port: 80 + hostname: "*.ktwo.io" + allowedRoutes: + namespaces: + from: All + - name: https + protocol: HTTPS + port: 443 + hostname: "*.ktwo.io" + allowedRoutes: + namespaces: + from: All + tls: + certificateRefs: + - kind: Secret + name: ktwo-io-tls + namespace: cert-manager diff --git a/kubernetes/apps/networking/nginx/external/kustomization.yaml b/kubernetes/apps/kube-system/cilium/ingress/kustomization.yaml similarity index 66% rename from kubernetes/apps/networking/nginx/external/kustomization.yaml rename to kubernetes/apps/kube-system/cilium/ingress/kustomization.yaml index 5dd7baca73..e88ad6d92e 100644 --- a/kubernetes/apps/networking/nginx/external/kustomization.yaml +++ b/kubernetes/apps/kube-system/cilium/ingress/kustomization.yaml @@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./helmrelease.yaml + - ./external.yaml + - ./internal.yaml diff --git a/kubernetes/apps/kube-system/cilium/ks.yaml b/kubernetes/apps/kube-system/cilium/ks.yaml index 45f8034d0c..8f2ba6d83a 100644 --- a/kubernetes/apps/kube-system/cilium/ks.yaml +++ b/kubernetes/apps/kube-system/cilium/ks.yaml @@ -41,3 +41,30 @@ spec: targetNamespace: *namespace timeout: 5m wait: true +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app cilium-ingress + namespace: &namespace kube-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: cert-manager-tls + namespace: cert-manager + - name: cilium + namespace: *namespace + - name: cilium-config + namespace: *namespace + interval: 1h + path: ./kubernetes/apps/kube-system/cilium/ingress + prune: true + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + targetNamespace: *namespace + timeout: 5m + wait: true diff --git a/kubernetes/apps/media/autobrr/app/helmrelease.yaml b/kubernetes/apps/media/autobrr/app/helmrelease.yaml index e814a5248e..ba9e6ddf27 100644 --- a/kubernetes/apps/media/autobrr/app/helmrelease.yaml +++ b/kubernetes/apps/media/autobrr/app/helmrelease.yaml @@ -72,19 +72,21 @@ spec: runAsNonRoot: true runAsUser: 568 runAsGroup: 568 - ingress: - app: - className: internal - hosts: - - host: "{{ .Release.Name }}.ktwo.io" - paths: - - path: / - service: - identifier: app - port: http persistence: tmp: type: emptyDir + route: + app: + hostNames: + - "{{ .Release.Name }}.ktwo.io" + parentRefs: + - name: external + namespace: kube-system + sectionName: https + rules: + - backendRefs: + - port: *port + name: *app service: app: controller: *app diff --git a/kubernetes/apps/networking/kustomization.yaml b/kubernetes/apps/networking/kustomization.yaml index e44afaea71..a8b8b87a18 100644 --- a/kubernetes/apps/networking/kustomization.yaml +++ b/kubernetes/apps/networking/kustomization.yaml @@ -9,5 +9,4 @@ resources: - ./echo-server/ks.yaml - ./external-dns/ks.yaml - ./multus/ks.yaml - - ./nginx/ks.yaml - ./smtp-relay/ks.yaml diff --git a/kubernetes/apps/networking/nginx/external/helmrelease.yaml b/kubernetes/apps/networking/nginx/external/helmrelease.yaml deleted file mode 100644 index 27f5a1f8e2..0000000000 --- a/kubernetes/apps/networking/nginx/external/helmrelease.yaml +++ /dev/null @@ -1,89 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: &app nginx-external -spec: - interval: 1h - chart: - spec: - chart: ingress-nginx - version: 4.12.0 - sourceRef: - kind: HelmRepository - name: ingress-nginx - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - strategy: rollback - retries: 3 - values: - fullnameOverride: *app - controller: - replicaCount: 2 - admissionWebhooks: - objectSelector: - matchExpressions: - - key: ingress-class - operator: In - values: - - external - config: - allow-snippet-annotations: true - annotations-risk-level: Critical - client-body-buffer-size: 100M - client-body-timeout: 120 - client-header-timeout: 120 - enable-brotli: true - enable-ocsp: true - enable-real-ip: true - force-ssl-redirect: true - hide-headers: Server,X-Powered-By - hsts-max-age: 31449600 - keep-alive-requests: 10000 - keep-alive: 120 - log-format-escape-json: true - log-format-upstream: > - {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", - "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, - "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", - "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", - "http_user_agent": "$http_user_agent"} - proxy-body-size: 0 - proxy-buffer-size: 16k - ssl-early-data: true - ssl-protocols: TLSv1.3 TLSv1.2 - use-forwarded-headers: true - extraArgs: - default-ssl-certificate: cert-manager/ktwo-io-tls - publish-status-address: &hostname external.ktwo.io - ingressClass: external - ingressClassResource: - name: external - default: false - controllerValue: k8s.io/external - metrics: - enabled: true - serviceMonitor: - enabled: true - namespace: networking - namespaceSelector: - any: true - publishService: - enabled: false - resources: - requests: - cpu: 100m - limits: - memory: 512Mi - service: - annotations: - external-dns.alpha.kubernetes.io/hostname: *hostname - lbipam.cilium.io/ips: 192.168.20.80, ::ffff:c0a8:1450 - terminationGracePeriodSeconds: 120 - defaultBackend: - enabled: false diff --git a/kubernetes/apps/networking/nginx/internal/helmrelease.yaml b/kubernetes/apps/networking/nginx/internal/helmrelease.yaml deleted file mode 100644 index cae4bb1661..0000000000 --- a/kubernetes/apps/networking/nginx/internal/helmrelease.yaml +++ /dev/null @@ -1,88 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: &app nginx-internal -spec: - interval: 1h - chart: - spec: - chart: ingress-nginx - version: 4.12.0 - sourceRef: - kind: HelmRepository - name: ingress-nginx - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - strategy: rollback - retries: 3 - values: - fullnameOverride: *app - controller: - replicaCount: 2 - admissionWebhooks: - objectSelector: - matchExpressions: - - key: ingress-class - operator: In - values: - - internal - config: - allow-snippet-annotations: true - annotations-risk-level: Critical - client-body-buffer-size: 100M - client-body-timeout: 120 - client-header-timeout: 120 - enable-brotli: true - enable-ocsp: true - enable-real-ip: true - force-ssl-redirect: true - hide-headers: Server,X-Powered-By - hsts-max-age: 31449600 - keep-alive-requests: 10000 - keep-alive: 120 - log-format-escape-json: true - log-format-upstream: > - {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", - "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, - "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", - "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", - "http_user_agent": "$http_user_agent"} - proxy-body-size: 0 - proxy-buffer-size: 16k - ssl-early-data: true - ssl-protocols: TLSv1.3 TLSv1.2 - extraArgs: - default-ssl-certificate: cert-manager/ktwo-io-tls - publish-status-address: &hostname internal.ktwo.io - ingressClass: internal - ingressClassResource: - name: internal - default: true - controllerValue: k8s.io/internal - metrics: - enabled: true - serviceMonitor: - enabled: true - namespace: networking - namespaceSelector: - any: true - publishService: - enabled: false - resources: - requests: - cpu: 100m - limits: - memory: 512Mi - service: - annotations: - external-dns.alpha.kubernetes.io/hostname: *hostname - lbipam.cilium.io/ips: 192.168.20.81, ::ffff:c0a8:1451 - terminationGracePeriodSeconds: 120 - defaultBackend: - enabled: false diff --git a/kubernetes/apps/networking/nginx/internal/kustomization.yaml b/kubernetes/apps/networking/nginx/internal/kustomization.yaml deleted file mode 100644 index 5dd7baca73..0000000000 --- a/kubernetes/apps/networking/nginx/internal/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/kubernetes/apps/networking/nginx/ks.yaml b/kubernetes/apps/networking/nginx/ks.yaml deleted file mode 100644 index c93630d076..0000000000 --- a/kubernetes/apps/networking/nginx/ks.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app nginx-external - namespace: &namespace networking -spec: - commonMetadata: - labels: - app.kubernetes.io/name: *app - dependsOn: - - name: cert-manager-tls - namespace: cert-manager - interval: 1h - path: ./kubernetes/apps/networking/nginx/external - prune: true - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - targetNamespace: *namespace - timeout: 5m - wait: true ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app nginx-internal - namespace: &namespace networking -spec: - commonMetadata: - labels: - app.kubernetes.io/name: *app - dependsOn: - - name: cert-manager-tls - namespace: cert-manager - interval: 1h - path: ./kubernetes/apps/networking/nginx/internal - prune: true - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - targetNamespace: *namespace - timeout: 5m - wait: true diff --git a/kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml b/kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml deleted file mode 100644 index 831b34b49f..0000000000 --- a/kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: ingress-nginx - namespace: flux-system -spec: - interval: 12h - url: https://kubernetes.github.io/ingress-nginx diff --git a/kubernetes/flux/meta/repositories/helm/kustomization.yaml b/kubernetes/flux/meta/repositories/helm/kustomization.yaml index b83c1174ce..b067cafe86 100644 --- a/kubernetes/flux/meta/repositories/helm/kustomization.yaml +++ b/kubernetes/flux/meta/repositories/helm/kustomization.yaml @@ -9,7 +9,6 @@ resources: - ./emqx.yaml - ./external-dns.yaml - ./grafana.yaml - - ./ingress-nginx.yaml - ./intel.yaml - ./jetstack.yaml - ./metrics-server.yaml diff --git a/talos/controlplane.yaml.j2 b/talos/controlplane.yaml.j2 index 23f44bba11..c6c6c919d9 100644 --- a/talos/controlplane.yaml.j2 +++ b/talos/controlplane.yaml.j2 @@ -138,6 +138,8 @@ cluster: service: disabled: false extraManifests: + - # renovate: datasource=github-releases depName=kubernetes-sigs/gateway-api + https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml {% for crd in ["alertmanagerconfigs", "alertmanagers", "podmonitors", "probes", "prometheusagents", "prometheuses", "prometheusrules", "scrapeconfigs", "servicemonitors", "thanosrulers"] %} - # renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.1/example/prometheus-operator-crd/monitoring.coreos.com_{{ crd }}.yaml From 1e91ed5d00d915afeaec1c801dd6ec7e426a917a Mon Sep 17 00:00:00 2001 From: Steven Kreitzer Date: Mon, 10 Mar 2025 14:42:47 -0500 Subject: [PATCH 2/6] feat(networking): move to gateway api --- kubernetes/apps/media/autobrr/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/media/autobrr/app/helmrelease.yaml b/kubernetes/apps/media/autobrr/app/helmrelease.yaml index ba9e6ddf27..dddeb19078 100644 --- a/kubernetes/apps/media/autobrr/app/helmrelease.yaml +++ b/kubernetes/apps/media/autobrr/app/helmrelease.yaml @@ -77,7 +77,7 @@ spec: type: emptyDir route: app: - hostNames: + hostnames: - "{{ .Release.Name }}.ktwo.io" parentRefs: - name: external From 27585e407199270165d5ca81015f037996f93c27 Mon Sep 17 00:00:00 2001 From: Steven Kreitzer Date: Mon, 10 Mar 2025 14:49:56 -0500 Subject: [PATCH 3/6] feat(networking): move to gateway api --- .../kube-system/cilium/ingress/external.yaml | 39 -------- .../cilium/ingress/kustomization.yaml | 1 - .../apps/media/autobrr/app/helmrelease.yaml | 2 +- .../external-dns/unifi/helmrelease.yaml | 2 +- kubernetes/apps/networking/kustomization.yaml | 1 + .../nginx/external/helmrelease.yaml | 89 +++++++++++++++++++ .../nginx/external/kustomization.yaml | 5 ++ kubernetes/apps/networking/nginx/ks.yaml | 23 +++++ .../meta/repositories/helm/ingress-nginx.yaml | 9 ++ .../meta/repositories/helm/kustomization.yaml | 1 + 10 files changed, 130 insertions(+), 42 deletions(-) delete mode 100644 kubernetes/apps/kube-system/cilium/ingress/external.yaml create mode 100644 kubernetes/apps/networking/nginx/external/helmrelease.yaml create mode 100644 kubernetes/apps/networking/nginx/external/kustomization.yaml create mode 100644 kubernetes/apps/networking/nginx/ks.yaml create mode 100644 kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml diff --git a/kubernetes/apps/kube-system/cilium/ingress/external.yaml b/kubernetes/apps/kube-system/cilium/ingress/external.yaml deleted file mode 100644 index d8f11adea2..0000000000 --- a/kubernetes/apps/kube-system/cilium/ingress/external.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: Gateway -metadata: - name: external - annotations: - external-dns.alpha.kubernetes.io/hostname: external.ktwo.io -spec: - gatewayClassName: cilium - addresses: - - type: IPAddress - value: 192.168.20.80 - - type: IPAddress - value: ::ffff:c0a8:1450 - - type: Hostname - value: external.ktwo.io - infrastructure: - annotations: - lbipam.cilium.io/ips: 192.168.20.80, ::ffff:c0a8:1450 - listeners: - - name: http - protocol: HTTP - port: 80 - hostname: "*.ktwo.io" - allowedRoutes: - namespaces: - from: All - - name: https - protocol: HTTPS - port: 443 - hostname: "*.ktwo.io" - allowedRoutes: - namespaces: - from: All - tls: - certificateRefs: - - kind: Secret - name: ktwo-io-tls - namespace: cert-manager diff --git a/kubernetes/apps/kube-system/cilium/ingress/kustomization.yaml b/kubernetes/apps/kube-system/cilium/ingress/kustomization.yaml index e88ad6d92e..91a3fa8a08 100644 --- a/kubernetes/apps/kube-system/cilium/ingress/kustomization.yaml +++ b/kubernetes/apps/kube-system/cilium/ingress/kustomization.yaml @@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./external.yaml - ./internal.yaml diff --git a/kubernetes/apps/media/autobrr/app/helmrelease.yaml b/kubernetes/apps/media/autobrr/app/helmrelease.yaml index dddeb19078..f95f2dfc6b 100644 --- a/kubernetes/apps/media/autobrr/app/helmrelease.yaml +++ b/kubernetes/apps/media/autobrr/app/helmrelease.yaml @@ -80,7 +80,7 @@ spec: hostnames: - "{{ .Release.Name }}.ktwo.io" parentRefs: - - name: external + - name: internal namespace: kube-system sectionName: https rules: diff --git a/kubernetes/apps/networking/external-dns/unifi/helmrelease.yaml b/kubernetes/apps/networking/external-dns/unifi/helmrelease.yaml index d899ebf602..02f8970a7b 100644 --- a/kubernetes/apps/networking/external-dns/unifi/helmrelease.yaml +++ b/kubernetes/apps/networking/external-dns/unifi/helmrelease.yaml @@ -58,7 +58,7 @@ spec: - --ignore-ingress-tls-spec triggerLoopOnEvent: true policy: sync - sources: ["ingress", "service"] + sources: ["ingress", "service", "httproute"] txtOwnerId: k8s txtPrefix: k8s. domainFilters: ["ktwo.io"] diff --git a/kubernetes/apps/networking/kustomization.yaml b/kubernetes/apps/networking/kustomization.yaml index a8b8b87a18..e44afaea71 100644 --- a/kubernetes/apps/networking/kustomization.yaml +++ b/kubernetes/apps/networking/kustomization.yaml @@ -9,4 +9,5 @@ resources: - ./echo-server/ks.yaml - ./external-dns/ks.yaml - ./multus/ks.yaml + - ./nginx/ks.yaml - ./smtp-relay/ks.yaml diff --git a/kubernetes/apps/networking/nginx/external/helmrelease.yaml b/kubernetes/apps/networking/nginx/external/helmrelease.yaml new file mode 100644 index 0000000000..27f5a1f8e2 --- /dev/null +++ b/kubernetes/apps/networking/nginx/external/helmrelease.yaml @@ -0,0 +1,89 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app nginx-external +spec: + interval: 1h + chart: + spec: + chart: ingress-nginx + version: 4.12.0 + sourceRef: + kind: HelmRepository + name: ingress-nginx + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + fullnameOverride: *app + controller: + replicaCount: 2 + admissionWebhooks: + objectSelector: + matchExpressions: + - key: ingress-class + operator: In + values: + - external + config: + allow-snippet-annotations: true + annotations-risk-level: Critical + client-body-buffer-size: 100M + client-body-timeout: 120 + client-header-timeout: 120 + enable-brotli: true + enable-ocsp: true + enable-real-ip: true + force-ssl-redirect: true + hide-headers: Server,X-Powered-By + hsts-max-age: 31449600 + keep-alive-requests: 10000 + keep-alive: 120 + log-format-escape-json: true + log-format-upstream: > + {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", + "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, + "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", + "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", + "http_user_agent": "$http_user_agent"} + proxy-body-size: 0 + proxy-buffer-size: 16k + ssl-early-data: true + ssl-protocols: TLSv1.3 TLSv1.2 + use-forwarded-headers: true + extraArgs: + default-ssl-certificate: cert-manager/ktwo-io-tls + publish-status-address: &hostname external.ktwo.io + ingressClass: external + ingressClassResource: + name: external + default: false + controllerValue: k8s.io/external + metrics: + enabled: true + serviceMonitor: + enabled: true + namespace: networking + namespaceSelector: + any: true + publishService: + enabled: false + resources: + requests: + cpu: 100m + limits: + memory: 512Mi + service: + annotations: + external-dns.alpha.kubernetes.io/hostname: *hostname + lbipam.cilium.io/ips: 192.168.20.80, ::ffff:c0a8:1450 + terminationGracePeriodSeconds: 120 + defaultBackend: + enabled: false diff --git a/kubernetes/apps/networking/nginx/external/kustomization.yaml b/kubernetes/apps/networking/nginx/external/kustomization.yaml new file mode 100644 index 0000000000..5dd7baca73 --- /dev/null +++ b/kubernetes/apps/networking/nginx/external/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/networking/nginx/ks.yaml b/kubernetes/apps/networking/nginx/ks.yaml new file mode 100644 index 0000000000..5fc31225bb --- /dev/null +++ b/kubernetes/apps/networking/nginx/ks.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app nginx-external + namespace: &namespace networking +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: cert-manager-tls + namespace: cert-manager + interval: 1h + path: ./kubernetes/apps/networking/nginx/external + prune: true + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + targetNamespace: *namespace + timeout: 5m + wait: true diff --git a/kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml b/kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml new file mode 100644 index 0000000000..831b34b49f --- /dev/null +++ b/kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: ingress-nginx + namespace: flux-system +spec: + interval: 12h + url: https://kubernetes.github.io/ingress-nginx diff --git a/kubernetes/flux/meta/repositories/helm/kustomization.yaml b/kubernetes/flux/meta/repositories/helm/kustomization.yaml index b067cafe86..b83c1174ce 100644 --- a/kubernetes/flux/meta/repositories/helm/kustomization.yaml +++ b/kubernetes/flux/meta/repositories/helm/kustomization.yaml @@ -9,6 +9,7 @@ resources: - ./emqx.yaml - ./external-dns.yaml - ./grafana.yaml + - ./ingress-nginx.yaml - ./intel.yaml - ./jetstack.yaml - ./metrics-server.yaml From 32db00f277d05c444d627bf255d09bdb8aa247a5 Mon Sep 17 00:00:00 2001 From: Steven Kreitzer Date: Mon, 10 Mar 2025 15:01:39 -0500 Subject: [PATCH 4/6] feat(networking): move to gateway api --- .../apps/databases/emqx/cluster/ingress.yaml | 18 ------------- .../databases/emqx/cluster/kustomization.yaml | 1 - .../onepassword/app/helmrelease.yaml | 10 ------- .../apps/home/atuin/app/helmrelease.yaml | 25 +++++++++--------- .../apps/home/go2rtc/app/helmrelease.yaml | 22 +++++++++------- .../home/home-assistant/app/helmrelease.yaml | 25 +++++++++--------- .../home/zigbee2mqtt/app/helmrelease.yaml | 25 +++++++++--------- .../apps/media/bazarr/app/helmrelease.yaml | 22 +++++++++------- .../apps/media/prowlarr/app/helmrelease.yaml | 22 +++++++++------- .../media/qbittorrent/app/helmrelease.yaml | 25 +++++++++--------- .../apps/media/radarr/app/helmrelease.yaml | 22 +++++++++------- .../apps/media/sabnzbd/app/helmrelease.yaml | 25 +++++++++--------- .../apps/media/sonarr/app/helmrelease.yaml | 22 +++++++++------- .../apps/media/tautulli/app/helmrelease.yaml | 22 +++++++++------- .../blackbox-exporter/app/helmrelease.yaml | 8 ------ .../monitoring/grafana/app/helmrelease.yaml | 13 +++++++--- .../monitoring/karma/app/helmrelease.yaml | 22 +++++++++------- .../app/helmrelease.yaml | 26 +++++++++++++------ .../rook-ceph/cluster/helmrelease.yaml | 6 ----- 19 files changed, 176 insertions(+), 185 deletions(-) delete mode 100644 kubernetes/apps/databases/emqx/cluster/ingress.yaml diff --git a/kubernetes/apps/databases/emqx/cluster/ingress.yaml b/kubernetes/apps/databases/emqx/cluster/ingress.yaml deleted file mode 100644 index 37c8eb2d62..0000000000 --- a/kubernetes/apps/databases/emqx/cluster/ingress.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: emqx -spec: - ingressClassName: internal - rules: - - host: emqx.ktwo.io - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: emqx-dashboard - port: - number: 18083 diff --git a/kubernetes/apps/databases/emqx/cluster/kustomization.yaml b/kubernetes/apps/databases/emqx/cluster/kustomization.yaml index 6b159eb925..9f07f9f61e 100644 --- a/kubernetes/apps/databases/emqx/cluster/kustomization.yaml +++ b/kubernetes/apps/databases/emqx/cluster/kustomization.yaml @@ -3,5 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./cluster.yaml - - ./ingress.yaml - ./podmonitor.yaml diff --git a/kubernetes/apps/external-secrets/onepassword/app/helmrelease.yaml b/kubernetes/apps/external-secrets/onepassword/app/helmrelease.yaml index 733c054e82..1d167e37e2 100644 --- a/kubernetes/apps/external-secrets/onepassword/app/helmrelease.yaml +++ b/kubernetes/apps/external-secrets/onepassword/app/helmrelease.yaml @@ -106,16 +106,6 @@ spec: runAsNonRoot: true runAsUser: 999 runAsGroup: 999 - ingress: - app: - className: internal - hosts: - - host: "{{ .Release.Name }}.ktwo.io" - paths: - - path: / - service: - identifier: app - port: http persistence: config: type: emptyDir diff --git a/kubernetes/apps/home/atuin/app/helmrelease.yaml b/kubernetes/apps/home/atuin/app/helmrelease.yaml index 8a21801816..25c5469d60 100644 --- a/kubernetes/apps/home/atuin/app/helmrelease.yaml +++ b/kubernetes/apps/home/atuin/app/helmrelease.yaml @@ -76,21 +76,22 @@ spec: runAsNonRoot: true runAsUser: 568 runAsGroup: 568 - ingress: - app: - className: internal - hosts: - - host: "{{ .Release.Name }}.ktwo.io" - paths: &paths - - path: / - service: - identifier: app - port: http - - host: sh.ktwo.io - paths: *paths persistence: config: type: emptyDir + route: + app: + hostnames: + - "{{ .Release.Name }}.ktwo.io" + - sh.ktwo.io + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + rules: + - backendRefs: + - port: *port + name: *app service: app: controller: *app diff --git a/kubernetes/apps/home/go2rtc/app/helmrelease.yaml b/kubernetes/apps/home/go2rtc/app/helmrelease.yaml index 348391266d..1977dbf1ec 100644 --- a/kubernetes/apps/home/go2rtc/app/helmrelease.yaml +++ b/kubernetes/apps/home/go2rtc/app/helmrelease.yaml @@ -66,16 +66,6 @@ spec: runAsUser: 568 runAsGroup: 568 supplementalGroups: [44] - ingress: - app: - className: internal - hosts: - - host: "{{ .Release.Name }}.ktwo.io" - paths: - - path: / - service: - identifier: app - port: http persistence: config: type: configMap @@ -84,6 +74,18 @@ spec: - path: /config/go2rtc.yaml subPath: go2rtc.yaml readOnly: true + route: + app: + hostnames: + - "{{ .Release.Name }}.ktwo.io" + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + rules: + - backendRefs: + - port: *port + name: *app service: app: controller: *app diff --git a/kubernetes/apps/home/home-assistant/app/helmrelease.yaml b/kubernetes/apps/home/home-assistant/app/helmrelease.yaml index 6f8df06cce..15fbd5e6a6 100644 --- a/kubernetes/apps/home/home-assistant/app/helmrelease.yaml +++ b/kubernetes/apps/home/home-assistant/app/helmrelease.yaml @@ -54,18 +54,6 @@ spec: runAsGroup: 568 fsGroup: 568 fsGroupChangePolicy: OnRootMismatch - ingress: - app: - className: internal - hosts: - - host: "{{ .Release.Name }}.ktwo.io" - paths: &paths - - path: / - service: - identifier: app - port: http - - host: hass.ktwo.io - paths: *paths persistence: config: existingClaim: *app @@ -79,6 +67,19 @@ spec: - path: /config/tts tmp: type: emptyDir + route: + app: + hostnames: + - "{{ .Release.Name }}.ktwo.io" + - hass.ktwo.io + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + rules: + - backendRefs: + - port: *port + name: *app service: app: controller: *app diff --git a/kubernetes/apps/home/zigbee2mqtt/app/helmrelease.yaml b/kubernetes/apps/home/zigbee2mqtt/app/helmrelease.yaml index 8672a7eb36..b8a5ab2b8f 100644 --- a/kubernetes/apps/home/zigbee2mqtt/app/helmrelease.yaml +++ b/kubernetes/apps/home/zigbee2mqtt/app/helmrelease.yaml @@ -80,18 +80,6 @@ spec: runAsGroup: 568 fsGroup: 568 fsGroupChangePolicy: OnRootMismatch - ingress: - app: - className: internal - hosts: - - host: "{{ .Release.Name }}.ktwo.io" - paths: &paths - - path: / - service: - identifier: app - port: http - - host: zigbee.ktwo.io - paths: *paths persistence: config: existingClaim: *app @@ -99,6 +87,19 @@ spec: type: emptyDir globalMounts: - path: /config/log + route: + app: + hostnames: + - "{{ .Release.Name }}.ktwo.io" + - zigbee.ktwo.io + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + rules: + - backendRefs: + - port: *port + name: *app service: app: controller: *app diff --git a/kubernetes/apps/media/bazarr/app/helmrelease.yaml b/kubernetes/apps/media/bazarr/app/helmrelease.yaml index 9804939434..4fef817690 100644 --- a/kubernetes/apps/media/bazarr/app/helmrelease.yaml +++ b/kubernetes/apps/media/bazarr/app/helmrelease.yaml @@ -78,16 +78,6 @@ spec: fsGroup: 568 fsGroupChangePolicy: OnRootMismatch supplementalGroups: [65536] - ingress: - app: - className: internal - hosts: - - host: "{{ .Release.Name }}.ktwo.io" - paths: - - path: / - service: - identifier: app - port: http persistence: add-ons: type: emptyDir @@ -113,6 +103,18 @@ spec: - readOnly: true tmp: type: emptyDir + route: + app: + hostnames: + - "{{ .Release.Name }}.ktwo.io" + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + rules: + - backendRefs: + - port: *port + name: *app service: app: controller: *app diff --git a/kubernetes/apps/media/prowlarr/app/helmrelease.yaml b/kubernetes/apps/media/prowlarr/app/helmrelease.yaml index 1465749434..2293dac523 100644 --- a/kubernetes/apps/media/prowlarr/app/helmrelease.yaml +++ b/kubernetes/apps/media/prowlarr/app/helmrelease.yaml @@ -72,21 +72,23 @@ spec: runAsNonRoot: true runAsUser: 568 runAsGroup: 568 - ingress: - app: - className: internal - hosts: - - host: "{{ .Release.Name }}.ktwo.io" - paths: - - path: / - service: - identifier: app - port: http persistence: config: type: emptyDir tmp: type: emptyDir + route: + app: + hostnames: + - "{{ .Release.Name }}.ktwo.io" + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + rules: + - backendRefs: + - port: *port + name: *app service: app: controller: *app diff --git a/kubernetes/apps/media/qbittorrent/app/helmrelease.yaml b/kubernetes/apps/media/qbittorrent/app/helmrelease.yaml index 1b44f9f4ca..edc1e27313 100644 --- a/kubernetes/apps/media/qbittorrent/app/helmrelease.yaml +++ b/kubernetes/apps/media/qbittorrent/app/helmrelease.yaml @@ -64,18 +64,6 @@ spec: fsGroup: 568 fsGroupChangePolicy: OnRootMismatch supplementalGroups: [65536] - ingress: - app: - className: internal - hosts: - - host: "{{ .Release.Name }}.ktwo.io" - paths: &paths - - path: / - service: - identifier: app - port: http - - host: qb.ktwo.io - paths: *paths persistence: config: existingClaim: *app @@ -88,6 +76,19 @@ spec: subPath: downloads/torrents tmp: type: emptyDir + route: + app: + hostnames: + - "{{ .Release.Name }}.ktwo.io" + - qb.ktwo.io + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + rules: + - backendRefs: + - port: *port + name: *app service: app: controller: *app diff --git a/kubernetes/apps/media/radarr/app/helmrelease.yaml b/kubernetes/apps/media/radarr/app/helmrelease.yaml index ce4b8f462e..7a01dbc2a2 100644 --- a/kubernetes/apps/media/radarr/app/helmrelease.yaml +++ b/kubernetes/apps/media/radarr/app/helmrelease.yaml @@ -75,16 +75,6 @@ spec: fsGroup: 568 fsGroupChangePolicy: OnRootMismatch supplementalGroups: [65536] - ingress: - app: - className: internal - hosts: - - host: "{{ .Release.Name }}.ktwo.io" - paths: - - path: / - service: - identifier: app - port: http persistence: config: existingClaim: *app @@ -98,6 +88,18 @@ spec: path: /volume1/media tmp: type: emptyDir + route: + app: + hostnames: + - "{{ .Release.Name }}.ktwo.io" + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + rules: + - backendRefs: + - port: *port + name: *app service: app: controller: *app diff --git a/kubernetes/apps/media/sabnzbd/app/helmrelease.yaml b/kubernetes/apps/media/sabnzbd/app/helmrelease.yaml index d61b99e54d..86734590b1 100644 --- a/kubernetes/apps/media/sabnzbd/app/helmrelease.yaml +++ b/kubernetes/apps/media/sabnzbd/app/helmrelease.yaml @@ -76,18 +76,6 @@ spec: fsGroup: 568 fsGroupChangePolicy: OnRootMismatch supplementalGroups: [65536] - ingress: - app: - className: internal - hosts: - - host: "{{ .Release.Name }}.ktwo.io" - paths: &paths - - path: / - service: - identifier: app - port: http - - host: sab.ktwo.io - paths: *paths persistence: config: existingClaim: *app @@ -100,6 +88,19 @@ spec: subPath: downloads/nzbs tmp: type: emptyDir + route: + app: + hostnames: + - "{{ .Release.Name }}.ktwo.io" + - sab.ktwo.io + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + rules: + - backendRefs: + - port: *port + name: *app service: app: controller: *app diff --git a/kubernetes/apps/media/sonarr/app/helmrelease.yaml b/kubernetes/apps/media/sonarr/app/helmrelease.yaml index 1206aa48d4..0be2aa0f36 100644 --- a/kubernetes/apps/media/sonarr/app/helmrelease.yaml +++ b/kubernetes/apps/media/sonarr/app/helmrelease.yaml @@ -75,16 +75,6 @@ spec: fsGroup: 568 fsGroupChangePolicy: OnRootMismatch supplementalGroups: [65536] - ingress: - app: - className: internal - hosts: - - host: "{{ .Release.Name }}.ktwo.io" - paths: - - path: / - service: - identifier: app - port: http persistence: config: existingClaim: *app @@ -98,6 +88,18 @@ spec: path: /volume1/media tmp: type: emptyDir + route: + app: + hostnames: + - "{{ .Release.Name }}.ktwo.io" + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + rules: + - backendRefs: + - port: *port + name: *app service: app: controller: *app diff --git a/kubernetes/apps/media/tautulli/app/helmrelease.yaml b/kubernetes/apps/media/tautulli/app/helmrelease.yaml index 8213006557..f2d04566c5 100644 --- a/kubernetes/apps/media/tautulli/app/helmrelease.yaml +++ b/kubernetes/apps/media/tautulli/app/helmrelease.yaml @@ -57,16 +57,6 @@ spec: runAsGroup: 568 fsGroup: 568 fsGroupChangePolicy: OnRootMismatch - ingress: - app: - className: internal - hosts: - - host: "{{ .Release.Name }}.ktwo.io" - paths: - - path: / - service: - identifier: app - port: http persistence: config: existingClaim: *app @@ -80,6 +70,18 @@ spec: - path: /config/logs tmp: type: emptyDir + route: + app: + hostnames: + - "{{ .Release.Name }}.ktwo.io" + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + rules: + - backendRefs: + - port: *port + name: *app service: app: controller: *app diff --git a/kubernetes/apps/monitoring/blackbox-exporter/app/helmrelease.yaml b/kubernetes/apps/monitoring/blackbox-exporter/app/helmrelease.yaml index 50292d9608..2432afec35 100644 --- a/kubernetes/apps/monitoring/blackbox-exporter/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/blackbox-exporter/app/helmrelease.yaml @@ -19,14 +19,6 @@ spec: retries: 3 values: fullnameOverride: *app - ingress: - enabled: true - className: internal - hosts: - - host: blackbox-exporter.ktwo.io - paths: - - path: / - pathType: Prefix securityContext: capabilities: { add: ["NET_RAW"] } config: diff --git a/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml b/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml index 0c6409356b..52a63f8654 100644 --- a/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml @@ -289,10 +289,15 @@ spec: - vonage-status-panel serviceMonitor: enabled: true - ingress: - enabled: true - ingressClassName: internal - hosts: ["{{ .Release.Name }}.ktwo.io"] + route: + main: + enabled: true + hostnames: + - "{{ .Release.Name }}.ktwo.io" + parentRefs: + - name: internal + namespace: kube-system + sectionName: https persistence: enabled: false testFramework: diff --git a/kubernetes/apps/monitoring/karma/app/helmrelease.yaml b/kubernetes/apps/monitoring/karma/app/helmrelease.yaml index 42f4352dfb..c7ebfa9ab7 100644 --- a/kubernetes/apps/monitoring/karma/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/karma/app/helmrelease.yaml @@ -56,22 +56,24 @@ spec: runAsNonRoot: true runAsUser: 568 runAsGroup: 568 - ingress: - app: - className: internal - hosts: - - host: "{{ .Release.Name }}.ktwo.io" - paths: - - path: / - service: - identifier: app - port: http service: app: controller: *app ports: http: port: *port + route: + app: + hostnames: + - "{{ .Release.Name }}.ktwo.io" + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + rules: + - backendRefs: + - port: *port + name: *app serviceMonitor: app: serviceName: *app diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml index dce1b60e58..909ecb7d19 100644 --- a/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml @@ -25,10 +25,15 @@ spec: forceConflicts: true cleanPrometheusOperatorObjectNames: true alertmanager: - ingress: - enabled: true - ingressClassName: internal - hosts: ["am.ktwo.io"] + route: + main: + enabled: true + hostnames: + - am.ktwo.io + parentRefs: + - name: internal + namespace: kube-system + sectionName: https alertmanagerSpec: alertmanagerConfiguration: name: alertmanager @@ -49,10 +54,15 @@ spec: kubeProxy: enabled: false prometheus: - ingress: - enabled: true - ingressClassName: internal - hosts: ["prometheus.ktwo.io"] + route: + main: + enabled: true + hostnames: + - prometheus.ktwo.io + parentRefs: + - name: internal + namespace: kube-system + sectionName: https prometheusSpec: ruleSelectorNilUsesHelmValues: false serviceMonitorSelectorNilUsesHelmValues: false diff --git a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml index ca9676d947..d931d8ad45 100644 --- a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml +++ b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml @@ -26,12 +26,6 @@ spec: monitoring: enabled: true createPrometheusRules: true - ingress: - dashboard: - ingressClassName: internal - host: - name: rook.ktwo.io - path: / toolbox: enabled: true cephClusterSpec: From eb4219c6786d7ed3da28eebf773df04d0e5776d2 Mon Sep 17 00:00:00 2001 From: Steven Kreitzer Date: Mon, 10 Mar 2025 15:03:00 -0500 Subject: [PATCH 5/6] feat(networking): move to gateway api --- kubernetes/apps/networking/external-dns/unifi/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/networking/external-dns/unifi/helmrelease.yaml b/kubernetes/apps/networking/external-dns/unifi/helmrelease.yaml index 02f8970a7b..ff41cc1d53 100644 --- a/kubernetes/apps/networking/external-dns/unifi/helmrelease.yaml +++ b/kubernetes/apps/networking/external-dns/unifi/helmrelease.yaml @@ -58,7 +58,7 @@ spec: - --ignore-ingress-tls-spec triggerLoopOnEvent: true policy: sync - sources: ["ingress", "service", "httproute"] + sources: ["gateway-httproute", "service"] txtOwnerId: k8s txtPrefix: k8s. domainFilters: ["ktwo.io"] From fbb7839884bd9bae1d562ea5649400b2ec3abe9c Mon Sep 17 00:00:00 2001 From: Steven Kreitzer Date: Mon, 10 Mar 2025 15:07:38 -0500 Subject: [PATCH 6/6] feat(networking): move to gateway api --- kubernetes/apps/home/home-assistant/app/helmrelease.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/apps/home/home-assistant/app/helmrelease.yaml b/kubernetes/apps/home/home-assistant/app/helmrelease.yaml index 15fbd5e6a6..1bdbbc3d89 100644 --- a/kubernetes/apps/home/home-assistant/app/helmrelease.yaml +++ b/kubernetes/apps/home/home-assistant/app/helmrelease.yaml @@ -78,11 +78,11 @@ spec: sectionName: https rules: - backendRefs: - - port: *port + - port: &port 8123 name: *app service: app: controller: *app ports: http: - port: 8123 + port: *port