scottk/homelab
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/homelab.git synced 2025-10-30 01:22:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add Gateway API and Gateways

Browse Source
This commit is contained in:
Vegard Hagen
2024-07-07 15:02:41 +02:00
parent fe368b937e
commit 805ab61017
12 changed files with 140 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
remodel/k8s/README.md
View File

@@ -48,6 +48,10 @@ kubectl kustomize --enable-helm infra/storage | kubectl apply -f -
kubectl kustomize --enable-helm infra/controllers | kubectl apply -f - kubectl kustomize --enable-helm infra/controllers | kubectl apply -f -
``` ```
```shell
kubectl kustomize --enable-helm infra | kubectl apply -f -
```
# SBOM # SBOM
@@ -56,6 +60,12 @@ kubectl kustomize --enable-helm infra/controllers | kubectl apply -f -
* [x] Argo CD * [x] Argo CD
* [x] Proxmox CSI Plugin * [x] Proxmox CSI Plugin
* [x] Cert-manager * [x] Cert-manager
* [] Gateway * [X] Gateway
* [] CNPG * [] CNPG
* [] Authentication (Keycloak, Authentik, ...) * [] Authentication (Keycloak, Authentik, ...)
# CRDs
* [] Gateway
* [] Argo CD
* [] Sealed-secrets

6
remodel/k8s/infra/application-set.yaml
View File

@@ -9,9 +9,9 @@ spec:
generators: generators:
- git: - git:
repoURL: https://github.com/vehagn/homelab repoURL: https://github.com/vehagn/homelab
revision: HEAD revision: remodel
directories: directories:
- path: remodel/infra/* - path: remodel/k8s/infra/*
template: template:
metadata: metadata:
name: '{{ path.basename }}' name: '{{ path.basename }}'
@@ -21,7 +21,7 @@ spec:
project: infrastructure project: infrastructure
source: source:
repoURL: https://github.com/vehagn/homelab repoURL: https://github.com/vehagn/homelab
targetRevision: HEAD targetRevision: remodel
path: '{{ path }}' path: '{{ path }}'
destination: destination:
name: in-cluster name: in-cluster

6
remodel/k8s/infra/network/application-set.yaml
View File

@@ -9,9 +9,9 @@ spec:
generators: generators:
- git: - git:
repoURL: https://github.com/vehagn/homelab repoURL: https://github.com/vehagn/homelab
revision: HEAD revision: remodel
directories: directories:
- path: remodel/infra/network/* - path: remodel/k8s/infra/network/*
template: template:
metadata: metadata:
name: '{{ path.basename }}' name: '{{ path.basename }}'
@@ -23,7 +23,7 @@ spec:
plugin: plugin:
name: kustomize-build-with-helm name: kustomize-build-with-helm
repoURL: https://github.com/vehagn/homelab repoURL: https://github.com/vehagn/homelab
targetRevision: HEAD targetRevision: remodel
path: '{{ path }}' path: '{{ path }}'
destination: destination:
name: in-cluster name: in-cluster

12
remodel/k8s/infra/network/gateway/cloudflare-api-token.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: cloudflare-api-token
namespace: gateway
spec:
encryptedData:
api-token: AgCmFZ1eCTYUq41kgZUVr0QjzppHOh/O9frkrupm6WT+QWIaMCK3qq0XmnHWox1K1SHhmix4I4TBzMuvKd8MR2SaI4lfdD4DrNoxpKOKyIKcWWiwz2Lw6CTqTr6Wa+7Iyh5qk2jna20pnGzhp4e0YMwBrVCcelpH/TiZtzXY3FrSnv2+YiPsOR+cohv1OV2E9hUbbHMJGwJQsjVGwTaw1gmEKJIVpMaR86coM7J+5NIoEuG1LeV4ZaqxDG2oQ21V2OBv8gFsO1IrlP17PTKX1Uzvw18Xcvt5ybWQIuXJM8A+0YxwEYUDYj7FyYeDIhKwo/IyUWQKMHu0MKkLMcJ7dHI7fNGH8olvR1ZcTNvtiswa7Fx3c8c70V9Ldw1B09tj+hVfv8hoW6B8uX9C8QDaGY5dlKZr0u2rswK5UVwrgnpdVZt2kWSypqG9JJ8IdcR6OSxfixJpyKryQoK26lFSXHHLrqAvbF2uIyRbYa5q6wz7zUcdAEIAJ2cDLmZ5IFYzzTiDvlDBOUddnhOy2n76pUXDxH/4yKIYFMOZB+SkCFTh54ddbEkyW4or8UK+jzzp2SzRaW0cKj5QUbqSDu+yLm6RmTqpNrmNTjMNtQVOfFXBGm6aGS9Y61kEjIvmgTsKpla9k85RVeRiVy/tsngghp3mfIXzQHZZ4IzTuTya0zb7sJzyrOwqfPgnGZyt5RQZtYl8rG/09MkJgm1iVHdWd2Fd38SdcALXEX4Qpaf8Yk0fb9B2LrHWvmAT
template:
metadata:
name: cloudflare-api-token
namespace: gateway

18
remodel/k8s/infra/network/gateway/cloudflare-issuer.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: cloudflare-issuer
namespace: gateway
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
#server: https://acme-staging-v02.api.letsencrypt.org/directory
email: veghag@gmail.com
privateKeySecretRef:
name: cloudflare-key
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token
key: api-token

6
remodel/k8s/infra/network/gateway/gateway-class.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: cilium
spec:
controllerName: io.cilium/gateway-controller

24
remodel/k8s/infra/network/gateway/gw-euclid.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: euclid
namespace: gateway
annotations:
cert-manager.io/issuer: cloudflare-issuer
spec:
gatewayClassName: cilium
infrastructure:
annotations:
io.cilium/lb-ipam-ips: 192.168.1.220
listeners:
- protocol: HTTPS
port: 443
name: https-gateway
hostname: "*.euclid.stonegarden.dev"
tls:
certificateRefs:
- kind: Secret
name: cert-euclid
allowedRoutes:
namespaces:
from: All

20
remodel/k8s/infra/network/gateway/gw-proxmox.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: proxmox
namespace: gateway
spec:
gatewayClassName: cilium
infrastructure:
annotations:
io.cilium/lb-ipam-ips: 192.168.1.221
listeners:
- protocol: TLS
port: 443
name: proxmox-tls-passthrough
hostname: "proxmox.euclid.stonegarden.dev"
tls:
mode: Passthrough
allowedRoutes:
namespaces:
from: All

24
remodel/k8s/infra/network/gateway/gw-stonegarden.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: stonegarden
namespace: gateway
annotations:
cert-manager.io/issuer: cloudflare-issuer
spec:
gatewayClassName: cilium
infrastructure:
annotations:
io.cilium/lb-ipam-ips: 192.168.1.222
listeners:
- protocol: HTTPS
port: 443
name: https-gateway
hostname: "*.stonegarden.dev"
tls:
certificateRefs:
- kind: Secret
name: cert-stonegarden
allowedRoutes:
namespaces:
from: All

12
remodel/k8s/infra/network/gateway/kustomization.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/experimental-install.yaml
- gateway-class.yaml
- ns.yaml
- cloudflare-api-token.yaml
- cloudflare-issuer.yaml
- gw-euclid.yaml
# - gw-proxmox.yaml
- gw-stonegarden.yaml

4
remodel/k8s/infra/network/gateway/ns.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: gateway

4
remodel/k8s/infra/network/project.yaml
View File

@@ -5,7 +5,7 @@ metadata:
namespace: argocd namespace: argocd
spec: spec:
sourceRepos: sourceRepos:
- 'https://gitlab.com/vehagn/mini-homelab.git' - 'https://github.com/vehagn/homelab'
- 'https://prometheus-community.github.io/helm-charts' - 'https://prometheus-community.github.io/helm-charts'
- 'https://argoproj.github.io/argo-helm' - 'https://argoproj.github.io/argo-helm'
destinations: destinations:
@@ -13,6 +13,8 @@ spec:
server: '*' server: '*'
- namespace: 'argocd' - namespace: 'argocd'
server: '*' server: '*'
- namespace: 'cilium-secrets'
server: '*'
- namespace: 'cloudflared' - namespace: 'cloudflared'
server: '*' server: '*'
- namespace: 'gateway' - namespace: 'gateway'