feat(cilium): Enable gateway

values/cilium/cilium-manifests/gateway.yaml

@@ -0,0 +1,45 @@
+{{- if .Values.cilium.gatewayTest.enabled }}
+# TODO: Move to ListernerSets when those get Promoted to GA
+# Resources:
+# - https://gateway-api.sigs.k8s.io/geps/gep-1713/
+# - https://github.com/kubernetes-sigs/gateway-api/issues/1713
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: shared-gateway
+  namespace: kube-system
+spec:
+  gatewayClassName: cilium
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      allowedRoutes:
+        namespaces:
+          from: Selector
+          selector:
+            matchLabels:
+              shared-gateway-access: "true"
+    - name: https
+      protocol: HTTPS
+      port: 443
+      tls:
+        certificateRefs:
+          - kind: Secret
+            name: wildcard-oceanbox-io
+      allowedRoutes:
+        namespaces:
+          from: Selector
+          selector:
+            matchLabels:
+              shared-gateway-access: "true"
+    - name: ssh
+      protocol: TCP
+      port: 22
+      allowedRoutes:
+        namespaces:
+          from: Selector
+          selector:
+            matchLabels:
+              shared-gateway-access: "true"
+{{- end}}

values/cilium/cilium-manifests/hetzner-gateway.yaml

@@ -0,0 +1,29 @@
+{{- if eq .Values.dapr.cluster "hel1" }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: shared-gateway
+spec:
+  infrastructure:
+    annotations:
+      load-balancer.hetzner.cloud/location: hel1
+      load-balancer.hetzner.cloud/type: lb11
+      load-balancer.hetzner.cloud/name: load-balancer-2
+      load-balancer.hetzner.cloud/use-private-ip: "true"
+      load-balancer.hetzner.cloud/uses-proxyprotocol: "true"
+      load-balancer.hetzner.cloud/http-redirect-https: "false"
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-oceanbox-io
+spec:
+  secretName: wildcard-oceanbox-io
+  commonName: oceanbox.io
+  dnsNames:
+    - oceanbox.io
+    - "*.oceanbox.io"
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+{{- end }}

values/cilium/env.yaml.gotmpl

@@ -32,3 +32,4 @@ cilium:
   loadbalancerPool:
     enabled: false
     cidr: []
+  cluster: {{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}