wip: Gateway Setup

values/fornix/manifests/fornix.yaml

@@ -31,6 +31,9 @@ spec:
     targetRevision: main
     ref: values
   syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        shared-gateway-access: "true"
     syncOptions:
       - CreateNamespace=true
       - ApplyOutOfSyncOnly=true

values/fornix/manifests/gateway-routes.yaml

@@ -0,0 +1,38 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: fornix
+  namespace: fornix
+spec:
+  parentRefs:
+  - name: shared-gateway
+    namespace: kube-system
+    sectionName: https-hel1
+  hostnames:
+  - fornix.hel1.oceanbox.io
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: "/"
+    backendRefs:
+    - name: fornix
+      port: 8085
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-gateway-to-fornix
+  namespace: fornix
+spec:
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/name: fornix
+  ingress:
+  - fromCIDRSet:
+    {{- range .Values.clusterConfig.ingress_whitelist }}
+    - cidr: {{ . }}
+    {{- end }}
+  - fromEndpoints:
+    - matchLabels:
+        "k8s:io.kubernetes.pod.namespace": fornix

values/fornix/values/values.yaml

@@ -3,7 +3,7 @@ drupalUrl: http://drupal
 
 replicaCount: 1
 ingress:
-  enabled: true
+  enabled: false
   className: "nginx"
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-production