Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(networking): move to gateway api #3543

Merged
merged 6 commits into from
Mar 10, 2025
Merged

feat(networking): move to gateway api #3543

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c6ec43a
feat(networking): move to gateway api
buroa Mar 10, 2025
1e91ed5
feat(networking): move to gateway api
buroa Mar 10, 2025
27585e4
feat(networking): move to gateway api
buroa Mar 10, 2025
32db00f
feat(networking): move to gateway api
buroa Mar 10, 2025
eb4219c
feat(networking): move to gateway api
buroa Mar 10, 2025
fbb7839
feat(networking): move to gateway api
buroa Mar 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 0 additions & 18 deletions kubernetes/apps/databases/emqx/cluster/ingress.yaml
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion kubernetes/apps/databases/emqx/cluster/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./cluster.yaml
- ./ingress.yaml
- ./podmonitor.yaml
10 changes: 0 additions & 10 deletions kubernetes/apps/external-secrets/onepassword/app/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,16 +106,6 @@ spec:
runAsNonRoot: true
runAsUser: 999
runAsGroup: 999
ingress:
app:
className: internal
hosts:
- host: "{{ .Release.Name }}.ktwo.io"
paths:
- path: /
service:
identifier: app
port: http
persistence:
config:
type: emptyDir
Expand Down
25 changes: 13 additions & 12 deletions kubernetes/apps/home/atuin/app/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,21 +76,22 @@ spec:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
ingress:
app:
className: internal
hosts:
- host: "{{ .Release.Name }}.ktwo.io"
paths: &paths
- path: /
service:
identifier: app
port: http
- host: sh.ktwo.io
paths: *paths
persistence:
config:
type: emptyDir
route:
app:
hostnames:
- "{{ .Release.Name }}.ktwo.io"
- sh.ktwo.io
parentRefs:
- name: internal
namespace: kube-system
sectionName: https
rules:
- backendRefs:
- port: *port
name: *app
service:
app:
controller: *app
Expand Down
22 changes: 12 additions & 10 deletions kubernetes/apps/home/go2rtc/app/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,16 +66,6 @@ spec:
runAsUser: 568
runAsGroup: 568
supplementalGroups: [44]
ingress:
app:
className: internal
hosts:
- host: "{{ .Release.Name }}.ktwo.io"
paths:
- path: /
service:
identifier: app
port: http
persistence:
config:
type: configMap
Expand All @@ -84,6 +74,18 @@ spec:
- path: /config/go2rtc.yaml
subPath: go2rtc.yaml
readOnly: true
route:
app:
hostnames:
- "{{ .Release.Name }}.ktwo.io"
parentRefs:
- name: internal
namespace: kube-system
sectionName: https
rules:
- backendRefs:
- port: *port
name: *app
service:
app:
controller: *app
Expand Down
27 changes: 14 additions & 13 deletions kubernetes/apps/home/home-assistant/app/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,18 +54,6 @@ spec:
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
ingress:
app:
className: internal
hosts:
- host: "{{ .Release.Name }}.ktwo.io"
paths: &paths
- path: /
service:
identifier: app
port: http
- host: hass.ktwo.io
paths: *paths
persistence:
config:
existingClaim: *app
Expand All @@ -79,9 +67,22 @@ spec:
- path: /config/tts
tmp:
type: emptyDir
route:
app:
hostnames:
- "{{ .Release.Name }}.ktwo.io"
- hass.ktwo.io
parentRefs:
- name: internal
namespace: kube-system
sectionName: https
rules:
- backendRefs:
- port: &port 8123
name: *app
service:
app:
controller: *app
ports:
http:
port: 8123
port: *port
25 changes: 13 additions & 12 deletions kubernetes/apps/home/zigbee2mqtt/app/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,25 +80,26 @@ spec:
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
ingress:
app:
className: internal
hosts:
- host: "{{ .Release.Name }}.ktwo.io"
paths: &paths
- path: /
service:
identifier: app
port: http
- host: zigbee.ktwo.io
paths: *paths
persistence:
config:
existingClaim: *app
config-logs:
type: emptyDir
globalMounts:
- path: /config/log
route:
app:
hostnames:
- "{{ .Release.Name }}.ktwo.io"
- zigbee.ktwo.io
parentRefs:
- name: internal
namespace: kube-system
sectionName: https
rules:
- backendRefs:
- port: *port
name: *app
service:
app:
controller: *app
Expand Down
8 changes: 4 additions & 4 deletions kubernetes/apps/kube-system/cilium/app/helm/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,10 @@ enableIPv4BIGTCP: true
endpointRoutes:
enabled: true
envoy:
enabled: false
enabled: true
gatewayAPI:
enabled: true
enableAlpn: true
hubble:
enabled: false
ipam:
Expand Down Expand Up @@ -77,6 +80,3 @@ securityContext:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
tls:
secretsNamespace:
create: false
39 changes: 39 additions & 0 deletions kubernetes/apps/kube-system/cilium/ingress/internal.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: internal
annotations:
external-dns.alpha.kubernetes.io/hostname: internal.ktwo.io
spec:
gatewayClassName: cilium
addresses:
- type: IPAddress
value: 192.168.20.81
- type: IPAddress
value: ::ffff:c0a8:1451
- type: Hostname
value: internal.ktwo.io
infrastructure:
annotations:
lbipam.cilium.io/ips: 192.168.20.81, ::ffff:c0a8:1451
listeners:
- name: http
protocol: HTTP
port: 80
hostname: "*.ktwo.io"
allowedRoutes:
namespaces:
from: All
- name: https
protocol: HTTPS
port: 443
hostname: "*.ktwo.io"
allowedRoutes:
namespaces:
from: All
tls:
certificateRefs:
- kind: Secret
name: ktwo-io-tls
namespace: cert-manager
2 changes: 1 addition & 1 deletion ...working/nginx/internal/kustomization.yaml → ...-system/cilium/ingress/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml
- ./internal.yaml
27 changes: 27 additions & 0 deletions kubernetes/apps/kube-system/cilium/ks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,3 +41,30 @@ spec:
targetNamespace: *namespace
timeout: 5m
wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app cilium-ingress
namespace: &namespace kube-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cert-manager-tls
namespace: cert-manager
- name: cilium
namespace: *namespace
- name: cilium-config
namespace: *namespace
interval: 1h
path: ./kubernetes/apps/kube-system/cilium/ingress
prune: true
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system
targetNamespace: *namespace
timeout: 5m
wait: true
22 changes: 12 additions & 10 deletions kubernetes/apps/media/autobrr/app/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,19 +72,21 @@ spec:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
ingress:
app:
className: internal
hosts:
- host: "{{ .Release.Name }}.ktwo.io"
paths:
- path: /
service:
identifier: app
port: http
persistence:
tmp:
type: emptyDir
route:
app:
hostnames:
- "{{ .Release.Name }}.ktwo.io"
parentRefs:
- name: internal
namespace: kube-system
sectionName: https
rules:
- backendRefs:
- port: *port
name: *app
service:
app:
controller: *app
Expand Down
22 changes: 12 additions & 10 deletions kubernetes/apps/media/bazarr/app/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,16 +78,6 @@ spec:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups: [65536]
ingress:
app:
className: internal
hosts:
- host: "{{ .Release.Name }}.ktwo.io"
paths:
- path: /
service:
identifier: app
port: http
persistence:
add-ons:
type: emptyDir
Expand All @@ -113,6 +103,18 @@ spec:
- readOnly: true
tmp:
type: emptyDir
route:
app:
hostnames:
- "{{ .Release.Name }}.ktwo.io"
parentRefs:
- name: internal
namespace: kube-system
sectionName: https
rules:
- backendRefs:
- port: *port
name: *app
service:
app:
controller: *app
Expand Down
22 changes: 12 additions & 10 deletions kubernetes/apps/media/prowlarr/app/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,21 +72,23 @@ spec:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
ingress:
app:
className: internal
hosts:
- host: "{{ .Release.Name }}.ktwo.io"
paths:
- path: /
service:
identifier: app
port: http
persistence:
config:
type: emptyDir
tmp:
type: emptyDir
route:
app:
hostnames:
- "{{ .Release.Name }}.ktwo.io"
parentRefs:
- name: internal
namespace: kube-system
sectionName: https
rules:
- backendRefs:
- port: *port
name: *app
service:
app:
controller: *app
Expand Down
Loading
Loading