From 15e5d2616fe2ab058bcd80f0686b36e026ba9760 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 2 Mar 2025 21:19:28 -0600 Subject: [PATCH] add gateway --- .../argocd/templates/http-route.yaml | 60 +++++++++---------- .../services/traefik/templates/namespace.yaml | 8 +++ clusters/cl01tl/services/traefik/values.yaml | 27 ++++----- 3 files changed, 50 insertions(+), 45 deletions(-) create mode 100644 clusters/cl01tl/services/traefik/templates/namespace.yaml diff --git a/clusters/cl01tl/deployment/argocd/templates/http-route.yaml b/clusters/cl01tl/deployment/argocd/templates/http-route.yaml index 74db170c3..263e5fb99 100644 --- a/clusters/cl01tl/deployment/argocd/templates/http-route.yaml +++ b/clusters/cl01tl/deployment/argocd/templates/http-route.yaml @@ -1,30 +1,30 @@ -# apiVersion: gateway.networking.k8s.io/v1 -# kind: HTTPRoute -# metadata: -# name: http-route-argocd -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: http-route-argocd -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: web -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# parentRefs: -# - group: gateway.networking.k8s.io -# kind: Gateway -# name: http-gateway -# namespace: kube-system -# hostnames: -# - argocd.alexlebens.net -# rules: -# - matches: -# - path: -# type: PathPrefix -# value: / -# backendRefs: -# - group: '' -# kind: Service -# name: argocd-server -# port: 80 -# weight: 100 +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http-route-argocd + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: http-route-argocd + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - argocd.alexlebens.net + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - group: '' + kind: Service + name: argocd-server + port: 80 + weight: 100 diff --git a/clusters/cl01tl/services/traefik/templates/namespace.yaml b/clusters/cl01tl/services/traefik/templates/namespace.yaml new file mode 100644 index 000000000..b515fc319 --- /dev/null +++ b/clusters/cl01tl/services/traefik/templates/namespace.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: traefik + labels: + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/services/traefik/values.yaml b/clusters/cl01tl/services/traefik/values.yaml index ba8dd3c5d..96fa38842 100644 --- a/clusters/cl01tl/services/traefik/values.yaml +++ b/clusters/cl01tl/services/traefik/values.yaml @@ -4,27 +4,28 @@ traefik: ingressClass: enabled: false isDefaultClass: true - experimental: kubernetesGateway: enabled: true gateway: enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-issuer listeners: web: port: 8000 hostname: "*.alexlebens.net" protocol: HTTP namespacePolicy: All - # websecure: - # port: 443 - # hostname: "*.alexlebens.net" - # protocol: HTTPS - # namespacePolicy: All - # certificateRefs: - # - kind: Secret - # name: websecure-gateway-cert - # namespace: traefik - # mode: Terminate + websecure: + port: 8443 + hostname: "*.alexlebens.net" + protocol: HTTPS + namespacePolicy: All + certificateRefs: + - kind: Secret + name: websecure-gateway-cert + namespace: traefik + mode: Terminate ingressRoute: dashboard: enabled: true @@ -103,10 +104,6 @@ traefik: metrics: expose: default: false - tlsStore: - default: - defaultCertificate: - secretName: traefik-secret-tls service: enabled: true type: LoadBalancer