add gateway

2025-03-02 21:19:28 -06:00
parent 6d0d1a7f85
commit 15e5d2616f
3 changed files with 50 additions and 45 deletions
--- a/clusters/cl01tl/deployment/argocd/templates/http-route.yaml
+++ b/clusters/cl01tl/deployment/argocd/templates/http-route.yaml
@@ -1,30 +1,30 @@
-# apiVersion: gateway.networking.k8s.io/v1
-# kind: HTTPRoute
-# metadata:
-#   name: http-route-argocd
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: http-route-argocd
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: web
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   parentRefs:
-#     - group: gateway.networking.k8s.io
-#       kind: Gateway
-#       name: http-gateway
-#       namespace: kube-system
-#   hostnames:
-#     - argocd.alexlebens.net
-#   rules:
-#     - matches:
-#       - path:
-#           type: PathPrefix
-#           value: /
-#       backendRefs:
-#         - group: ''
-#           kind: Service
-#           name: argocd-server
-#           port: 80
-#           weight: 100
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http-route-argocd
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: http-route-argocd
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: traefik-gateway
+      namespace: traefik
+  hostnames:
+    - argocd.alexlebens.net
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: /
+      backendRefs:
+        - group: ''
+          kind: Service
+          name: argocd-server
+          port: 80
+          weight: 100
--- a/clusters/cl01tl/services/traefik/templates/namespace.yaml
+++ b/clusters/cl01tl/services/traefik/templates/namespace.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: traefik
+  labels:
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/warn: privileged
--- a/clusters/cl01tl/services/traefik/values.yaml
+++ b/clusters/cl01tl/services/traefik/values.yaml
@@ -4,27 +4,28 @@ traefik:
  ingressClass:
    enabled: false
    isDefaultClass: true
-  experimental:
  kubernetesGateway:
    enabled: true
  gateway:
    enabled: true
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-issuer
    listeners:
      web:
        port: 8000
        hostname: "*.alexlebens.net"
        protocol: HTTP
        namespacePolicy: All
-      # websecure:
-      #   port: 443
-      #   hostname: "*.alexlebens.net"
-      #   protocol: HTTPS
-      #   namespacePolicy: All
-      #   certificateRefs:
-      #     - kind: Secret
-      #       name: websecure-gateway-cert
-      #       namespace: traefik
-      #   mode: Terminate
+      websecure:
+        port: 8443
+        hostname: "*.alexlebens.net"
+        protocol: HTTPS
+        namespacePolicy: All
+        certificateRefs:
+          - kind: Secret
+            name: websecure-gateway-cert
+            namespace: traefik
+        mode: Terminate
  ingressRoute:
    dashboard:
      enabled: true
@@ -103,10 +104,6 @@ traefik:
    metrics:
      expose:
        default: false
-  tlsStore:
-    default:
-      defaultCertificate:
-        secretName: traefik-secret-tls
  service:
    enabled: true
    type: LoadBalancer