68 lines
1.7 KiB
YAML
68 lines
1.7 KiB
YAML
{{- if eq .Values.cilium.cluster "hel1" }}
|
|
# TODO: Move to ListernerSets when those get Promoted to GA
|
|
# Resources:
|
|
# - https://gateway-api.sigs.k8s.io/geps/gep-1713/
|
|
# - https://github.com/kubernetes-sigs/gateway-api/issues/1713
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: Gateway
|
|
metadata:
|
|
name: shared-gateway
|
|
namespace: kube-system
|
|
spec:
|
|
infrastructure:
|
|
annotations:
|
|
load-balancer.hetzner.cloud/location: hel1
|
|
load-balancer.hetzner.cloud/type: lb11
|
|
load-balancer.hetzner.cloud/name: load-balancer-2
|
|
load-balancer.hetzner.cloud/use-private-ip: "true"
|
|
load-balancer.hetzner.cloud/uses-proxyprotocol: "true"
|
|
load-balancer.hetzner.cloud/http-redirect-https: "false"
|
|
gatewayClassName: cilium
|
|
listeners:
|
|
- name: http
|
|
protocol: HTTP
|
|
port: 80
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: Selector
|
|
selector:
|
|
matchLabels:
|
|
shared-gateway-access: "true"
|
|
- name: https
|
|
protocol: HTTPS
|
|
port: 443
|
|
tls:
|
|
certificateRefs:
|
|
- kind: Secret
|
|
name: wildcard-oceanbox-io
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: Selector
|
|
selector:
|
|
matchLabels:
|
|
shared-gateway-access: "true"
|
|
- name: ssh
|
|
protocol: TCP
|
|
port: 22
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: Selector
|
|
selector:
|
|
matchLabels:
|
|
shared-gateway-access: "true"
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: wildcard-oceanbox-io
|
|
spec:
|
|
secretName: wildcard-oceanbox-io
|
|
commonName: oceanbox.io
|
|
dnsNames:
|
|
- oceanbox.io
|
|
- "*.oceanbox.io"
|
|
issuerRef:
|
|
name: letsencrypt-prod-dns01
|
|
kind: ClusterIssuer
|
|
{{- end}}
|