alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

disable gateway

Browse Source
This commit is contained in:
Alex Lebens
2024-08-22 12:37:23 -05:00
parent e5d065329c
commit 052f936a5f
3 changed files with 61 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
clusters/cl01tl/standalone/cilium/templates/certificate.yaml
View File

@@ -1,21 +1,21 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wildcard-tls-alexlebens-net
namespace: cilium
labels:
app.kubernetes.io/name: wildcard-tls-alexlebens-net
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: network
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretName: wildcard-tls-alexlebens-net
duration: 2160h0m0s
renewBefore: 360h0m0s
dnsNames:
- "*.alexlebens.net"
issuerRef:
name: letsencrypt-issuer
kind: ClusterIssuer
commonName: "*.alexlebens.net"
# apiVersion: cert-manager.io/v1
# kind: Certificate
# metadata:
# name: wildcard-tls-alexlebens-net
# namespace: cilium
# labels:
# app.kubernetes.io/name: wildcard-tls-alexlebens-net
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: network
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretName: wildcard-tls-alexlebens-net
# duration: 2160h0m0s
# renewBefore: 360h0m0s
# dnsNames:
# - "*.alexlebens.net"
# issuerRef:
# name: letsencrypt-issuer
# kind: ClusterIssuer
# commonName: "*.alexlebens.net"

78
clusters/cl01tl/standalone/cilium/templates/gateway.yaml
View File

@@ -1,39 +1,39 @@
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: cilium-tls-gateway
namespace: cilium
labels:
app.kubernetes.io/name: cilium-tls-gateway
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: network
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
spec:
gatewayClassName: cilium
infrastructure:
annotations:
io.cilium/lb-ipam-ips: 192.168.1.15
listeners:
- name: http
protocol: HTTP
port: 80
hostname: "*.alexlebens.net"
allowedRoutes:
namespaces:
from: All
- name: https
protocol: HTTPS
port: 443
hostname: "*.alexlebens.net"
allowedRoutes:
namespaces:
from: All
tls:
mode: Terminate
certificateRefs:
- kind: Secret
group: core
name: wildcard-tls-alexlebens-net
# apiVersion: gateway.networking.k8s.io/v1
# kind: Gateway
# metadata:
# name: cilium-tls-gateway
# namespace: cilium
# labels:
# app.kubernetes.io/name: cilium-tls-gateway
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: network
# app.kubernetes.io/part-of: {{ .Release.Name }}
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-issuer
# spec:
# gatewayClassName: cilium
# infrastructure:
# annotations:
# io.cilium/lb-ipam-ips: 192.168.1.15
# listeners:
# - name: http
# protocol: HTTP
# port: 80
# hostname: "*.alexlebens.net"
# allowedRoutes:
# namespaces:
# from: All
# - name: https
# protocol: HTTPS
# port: 443
# hostname: "*.alexlebens.net"
# allowedRoutes:
# namespaces:
# from: All
# tls:
# mode: Terminate
# certificateRefs:
# - kind: Secret
# group: core
# name: wildcard-tls-alexlebens-net

15
clusters/cl01tl/standalone/cilium/values.yaml
View File

@@ -31,20 +31,7 @@ cilium:
ingressController:
enabled: false
gatewayAPI:
enabled: true
enableProxyProtocol: false
enableAppProtocol: false
enableAlpn: false
xffNumTrustedHops: 0
externalTrafficPolicy: Cluster
gatewayClass:
create: auto
secretsNamespace:
create: false
name: cilium
sync: true
hostNetwork:
enabled: false
enabled: false
hubble:
enabled: true
metrics: