wip: Gateway Setup

2026-03-13 16:05:15 +01:00
parent 6dc57af5ae
commit ae01e69fc2
32 changed files with 638 additions and 77 deletions
@@ -0,0 +1,46 @@
+{{- if .Values.httpRoute.enabled -}}
+{{- $fullName := include "docs.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "docs.labels" . | nindent 4 }}
+spec:
+  parentRefs:
+    {{- toYaml .Values.httpRoute.parentRefs | nindent 4 }}
+  {{- with .Values.httpRoute.hostnames }}
+  hostnames:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    {{- range .Values.httpRoute.rules }}
+    - {{- with .matches }}
+      matches:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      backendRefs:
+        - name: {{ $fullName }}
+          port: {{ $svcPort }}
+    {{- end }}
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-gateway-to-{{ $fullName }}
+  labels:
+    {{- include "docs.labels" . | nindent 4 }}
+spec:
+  endpointSelector:
+    matchLabels:
+      {{- include "docs.selectorLabels" . | nindent 6 }}
+  ingress:
+  - fromCIDRSet:
+    {{- range .Values.clusterConfig.ingress_whitelist }}
+    - cidr: {{ . }}
+    {{- end }}
+  - fromEndpoints:
+    - matchLabels:
+        "k8s:io.kubernetes.pod.namespace": {{ .Release.Namespace }}
+{{- end }}
@@ -46,8 +46,13 @@ service:
  type: ClusterIP
  port: 8080
 ingress:
-  enabled: true
+  enabled: false
  className: nginx
+httpRoute:
+  enabled: false
+  parentRefs: []
+  hostnames: []
+  rules: []
 persistence:
  enabled: false
  size: 1G
@@ -0,0 +1,46 @@
+{{- if .Values.httpRoute.enabled -}}
+{{- $fullName := include "makai.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "makai.labels" . | nindent 4 }}
+spec:
+  parentRefs:
+    {{- toYaml .Values.httpRoute.parentRefs | nindent 4 }}
+  {{- with .Values.httpRoute.hostnames }}
+  hostnames:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    {{- range .Values.httpRoute.rules }}
+    - {{- with .matches }}
+      matches:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      backendRefs:
+        - name: {{ $fullName }}
+          port: {{ $svcPort }}
+    {{- end }}
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-gateway-to-{{ $fullName }}
+  labels:
+    {{- include "makai.labels" . | nindent 4 }}
+spec:
+  endpointSelector:
+    matchLabels:
+      {{- include "makai.selectorLabels" . | nindent 6 }}
+  ingress:
+  - fromCIDRSet:
+    {{- range .Values.clusterConfig.ingress_whitelist }}
+    - cidr: {{ . }}
+    {{- end }}
+  - fromEndpoints:
+    - matchLabels:
+        "k8s:io.kubernetes.pod.namespace": {{ .Release.Namespace }}
+{{- end }}
@@ -46,8 +46,13 @@ service:
  type: ClusterIP
  port: 8080
 ingress:
-  enabled: true
+  enabled: false
  className: nginx
+httpRoute:
+  enabled: false
+  parentRefs: []
+  hostnames: []
+  rules: []
 persistence:
  enabled: false
  size: 1G