alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

Compare commits

base: alexlebens:c6ef2ef9bbe3e933369c42e53cf92349b471059e
Branches Tags
alexlebens:main alexlebens:renovate/postgres-cluster-6.x alexlebens:renovate/external-dns-1.x alexlebens:renovate/ghcr.io-moghtech-komodo-core-1.x alexlebens:renovate/ghcr.io-karakeep-app-karakeep-0.x alexlebens:renovate/ghcr.io-immich-app-immich-server-1.x alexlebens:renovate/ghcr.io-immich-app-immich-machine-learning-1.x alexlebens:renovate/ghcr.io-linuxserver-qbittorrent-5.x alexlebens:renovate/roundcube-roundcubemail-1.x
..
compare: alexlebens:66f1a537f16a3d531681f106dc58d1071186315f
Branches Tags
alexlebens:renovate/postgres-cluster-6.x alexlebens:renovate/external-dns-1.x alexlebens:renovate/ghcr.io-moghtech-komodo-core-1.x alexlebens:renovate/ghcr.io-karakeep-app-karakeep-0.x alexlebens:renovate/ghcr.io-immich-app-immich-server-1.x alexlebens:renovate/ghcr.io-immich-app-immich-machine-learning-1.x alexlebens:renovate/ghcr.io-linuxserver-qbittorrent-5.x alexlebens:main alexlebens:renovate/roundcube-roundcubemail-1.x

2 Commits
c6ef2ef9bb ... 66f1a537f1

Author SHA1 Message Date
Renovate Bot
66f1a537f1 Update ghcr.io/immich-app/immich-server Docker tag to v1.134.0 2025-06-07 00:45:47 +00:00
Alex Lebens
9f5e38075d add cilium gateway
All checks were successful
renovate / renovate (push) Successful in 1m44s
Details
2025-06-06 19:44:21 -05:00
3 changed files with 53 additions and 2 deletions
Expand all files Collapse all files

2
clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml
View File

@@ -11,3 +11,5 @@ spec:
blocks: blocks:
- start: "10.232.1.21" - start: "10.232.1.21"
stop: "10.232.1.23" stop: "10.232.1.23"
- start: "10.232.2.10"
stop: "10.232.2.100"

45
clusters/cl01tl/standalone/cilium/templates/gateway.yaml Normal file
View File

@@ -0,0 +1,45 @@
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: tls-gateway
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: tls-gateway
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
spec:
gatewayClassName: cilium
addresses:
- type: IPAddress
value: 10.232.2.10
gatewayClassName: cilium
listeners:
- allowedRoutes:
namespaces:
from: All
name: ssh
port: 22
protocol: TCP
- allowedRoutes:
namespaces:
from: All
hostname: '*.alexlebens.net'
name: http
port: 8000
protocol: HTTP
- allowedRoutes:
namespaces:
from: All
hostname: '*.alexlebens.net'
name: https
port: 8443
protocol: HTTPS
tls:
certificateRefs:
- group: ''
kind: Secret
name: https-gateway-cert
namespace: kube-system
mode: Terminate

8
clusters/cl01tl/standalone/cilium/values.yaml
View File

@@ -34,7 +34,9 @@ cilium:
ingressController: ingressController:
enabled: false enabled: false
gatewayAPI: gatewayAPI:
enabled: false enabled: true
enableAlpn: true
enableAppProtocol: true
externalIPs: externalIPs:
enabled: true enabled: true
socketLB: socketLB:
@@ -67,13 +69,15 @@ cilium:
serviceMonitor: serviceMonitor:
enabled: true enabled: true
envoy: envoy:
enabled: true
securityContext: securityContext:
capabilities: capabilities:
keepCapNetBindService: true
envoy: envoy:
- NET_ADMIN - NET_ADMIN
- NET_BIND_SERVICE
- PERFMON - PERFMON
- BPF - BPF
keepCapNetBindService: true
prometheus: prometheus:
enabled: true enabled: true
serviceMonitor: serviceMonitor: