switch to gateway

2024-08-22 00:49:17 -05:00
parent ea8ef30b71
commit 2eafe1dd62
2 changed files with 41 additions and 41 deletions
--- a/clusters/cl01tl/standalone/cilium/templates/gateway.yaml
+++ b/clusters/cl01tl/standalone/cilium/templates/gateway.yaml
@@ -1,36 +1,36 @@
-# apiVersion: gateway.networking.k8s.io/v1
-# kind: Gateway
-# metadata:
-#   name: cilium-tls-gateway
-#   namespace: cilium
-#   labels:
-#     app.kubernetes.io/name: cilium-tls-gateway
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: network
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-#   annotations:
-#     cert-manager.io/cluster-issuer: letsencrypt-issuer
-# spec:
-#   gatewayClassName: cilium
-#   listeners:
-#     - name: http
-#       protocol: HTTP
-#       port: 80
-#       hostname: "*.alexlebens.net"      
-#       allowedRoutes:
-#         namespaces:
-#           from: All
-#     - name: https
-#       protocol: HTTPS
-#       port: 443
-#       hostname: "*.alexlebens.net"
-#       allowedRoutes:
-#         namespaces:
-#           from: All
-#       tls:
-#         mode: Terminate
-#         certificateRefs:
-#           - kind: Secret
-#             group: core
-#             name: wildcard-tls-alexlebens-net
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: cilium-tls-gateway
+  namespace: cilium
+  labels:
+    app.kubernetes.io/name: cilium-tls-gateway
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: network
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-issuer
+spec:
+  gatewayClassName: cilium
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      hostname: "*.alexlebens.net"      
+      allowedRoutes:
+        namespaces:
+          from: All
+    - name: https
+      protocol: HTTPS
+      port: 443
+      hostname: "*.alexlebens.net"
+      allowedRoutes:
+        namespaces:
+          from: All
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - kind: Secret
+            group: core
+            name: wildcard-tls-alexlebens-net
--- a/clusters/cl01tl/standalone/cilium/values.yaml
+++ b/clusters/cl01tl/standalone/cilium/values.yaml
@@ -27,7 +27,7 @@ cilium:
  enableK8sEndpointSlice: true
  enableCiliumEndpointSlice: false
  ingressController:
-    enabled: true
+    enabled: false
    default: true
    loadbalancerMode: shared
    enforceHttps: true
@@ -45,10 +45,10 @@ cilium:
      insecureNodePort: 30000
      secureNodePort: 30001
  gatewayAPI:
-    enabled: false
-    enableProxyProtocol: true
-    enableAppProtocol: true
-    enableAlpn: true
+    enabled: true
+    enableProxyProtocol: false
+    enableAppProtocol: false
+    enableAlpn: false
    xffNumTrustedHops: 0
    externalTrafficPolicy: Cluster
    gatewayClass: