fix(cilium): Combine Gateways

values/cilium/cilium-manifests/gateway.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.cilium.gatewayTest.enabled }}
+{{- if eq .Values.cilium.cluster "hel1" }}
 # TODO: Move to ListernerSets when those get Promoted to GA
 # Resources:
 # - https://gateway-api.sigs.k8s.io/geps/gep-1713/
@@ -9,6 +9,14 @@ metadata:
   name: shared-gateway
   namespace: kube-system
 spec:
+  infrastructure:
+    annotations:
+      load-balancer.hetzner.cloud/location: hel1
+      load-balancer.hetzner.cloud/type: lb11
+      load-balancer.hetzner.cloud/name: load-balancer-2
+      load-balancer.hetzner.cloud/use-private-ip: "true"
+      load-balancer.hetzner.cloud/uses-proxyprotocol: "true"
+      load-balancer.hetzner.cloud/http-redirect-https: "false"
   gatewayClassName: cilium
   listeners:
     - name: http
@@ -42,4 +50,18 @@ spec:
           selector:
             matchLabels:
               shared-gateway-access: "true"
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-oceanbox-io
+spec:
+  secretName: wildcard-oceanbox-io
+  commonName: oceanbox.io
+  dnsNames:
+    - oceanbox.io
+    - "*.oceanbox.io"
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
 {{- end}}

values/cilium/cilium-manifests/hetzner-gateway.yaml

@@ -1,29 +0,0 @@
-{{- if eq .Values.cilium.cluster "hel1" }}
-apiVersion: gateway.networking.k8s.io/v1
-kind: Gateway
-metadata:
-  name: shared-gateway
-spec:
-  infrastructure:
-    annotations:
-      load-balancer.hetzner.cloud/location: hel1
-      load-balancer.hetzner.cloud/type: lb11
-      load-balancer.hetzner.cloud/name: load-balancer-2
-      load-balancer.hetzner.cloud/use-private-ip: "true"
-      load-balancer.hetzner.cloud/uses-proxyprotocol: "true"
-      load-balancer.hetzner.cloud/http-redirect-https: "false"
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: wildcard-oceanbox-io
-spec:
-  secretName: wildcard-oceanbox-io
-  commonName: oceanbox.io
-  dnsNames:
-    - oceanbox.io
-    - "*.oceanbox.io"
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-{{- end }}

values/cilium/env.yaml.gotmpl

@@ -19,8 +19,6 @@ cilium:
   # NOTE: Requires that ingresscontroller is also enabled
   gatewayAPI:
     enabled: false
-  gatewayTest:
-    enabled: false
   ingressController:
     enabled: false
     defaultClass: false

values/cilium/values/cilium.yaml.gotmpl

@@ -61,7 +61,7 @@ nodePort:
   enabled: {{ .Values.cilium.nodePort.enabled }}
 gatewayAPI:
   enabled: {{ .Values.cilium.gatewayAPI.enabled }}
-{{- if .Values.cilium.gatewayTest.enabled }}
+{{- if eq .Values.cilium.cluster "hel1"}}
   enableProxyProtocol: true
   hostNetwork:
     enabled: true