diff --git a/values/cilium/cilium-manifests/gateway.yaml b/values/cilium/cilium-manifests/gateway.yaml new file mode 100644 index 00000000..c907ab62 --- /dev/null +++ b/values/cilium/cilium-manifests/gateway.yaml @@ -0,0 +1,45 @@ +{{- if .Values.cilium.gatewayTest.enabled }} +# TODO: Move to ListernerSets when those get Promoted to GA +# Resources: +# - https://gateway-api.sigs.k8s.io/geps/gep-1713/ +# - https://github.com/kubernetes-sigs/gateway-api/issues/1713 +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: shared-gateway + namespace: kube-system +spec: + gatewayClassName: cilium + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: Selector + selector: + matchLabels: + shared-gateway-access: "true" + - name: https + protocol: HTTPS + port: 443 + tls: + certificateRefs: + - kind: Secret + name: wildcard-oceanbox-io + allowedRoutes: + namespaces: + from: Selector + selector: + matchLabels: + shared-gateway-access: "true" + - name: ssh + protocol: TCP + port: 22 + allowedRoutes: + namespaces: + from: Selector + selector: + matchLabels: + shared-gateway-access: "true" +{{- end}} diff --git a/values/cilium/cilium-manifests/hetzner-gateway.yaml b/values/cilium/cilium-manifests/hetzner-gateway.yaml new file mode 100644 index 00000000..005f846c --- /dev/null +++ b/values/cilium/cilium-manifests/hetzner-gateway.yaml @@ -0,0 +1,29 @@ +{{- if eq .Values.dapr.cluster "hel1" }} +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: shared-gateway +spec: + infrastructure: + annotations: + load-balancer.hetzner.cloud/location: hel1 + load-balancer.hetzner.cloud/type: lb11 + load-balancer.hetzner.cloud/name: load-balancer-2 + load-balancer.hetzner.cloud/use-private-ip: "true" + load-balancer.hetzner.cloud/uses-proxyprotocol: "true" + load-balancer.hetzner.cloud/http-redirect-https: "false" +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: wildcard-oceanbox-io +spec: + secretName: wildcard-oceanbox-io + commonName: oceanbox.io + dnsNames: + - oceanbox.io + - "*.oceanbox.io" + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer +{{- end }} diff --git a/values/cilium/env.yaml.gotmpl b/values/cilium/env.yaml.gotmpl index b15cb8db..84279966 100644 --- a/values/cilium/env.yaml.gotmpl +++ b/values/cilium/env.yaml.gotmpl @@ -32,3 +32,4 @@ cilium: loadbalancerPool: enabled: false cidr: [] + cluster: {{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }} diff --git a/values/gitea/manifests/gateway-routes.yaml b/values/gitea/manifests/gateway-routes.yaml new file mode 100644 index 00000000..64c5bf95 --- /dev/null +++ b/values/gitea/manifests/gateway-routes.yaml @@ -0,0 +1,38 @@ +--- +# HTTP Route for Gitea web interface +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: gitea-http + namespace: gitea +spec: + parentRefs: + - name: shared-gateway + namespace: kube-system + hostnames: + - {{ .Values.gitea.hostname }} + rules: + - matches: + - path: + type: PathPrefix + value: "/" + backendRefs: + - name: gitea-http + port: 3000 + +--- +# TCP Route for Gitea SSH +apiVersion: gateway.networking.k8s.io/v1alpha2 +kind: TCPRoute +metadata: + name: gitea-ssh + namespace: gitea +spec: + parentRefs: + - name: shared-gateway + namespace: kube-system + sectionName: ssh + rules: + - backendRefs: + - name: gitea-ssh + port: 22 \ No newline at end of file diff --git a/values/gitea/manifests/gitea.yaml b/values/gitea/manifests/gitea.yaml index e6ca7980..79c3b8ea 100644 --- a/values/gitea/manifests/gitea.yaml +++ b/values/gitea/manifests/gitea.yaml @@ -30,6 +30,7 @@ spec: managedNamespaceMetadata: labels: component: sys + shared-gateway-access: "true" syncOptions: - CreateNamespace=true - ApplyOutOfSyncOnly=true