chore(gateway): update to Gateway API 1.1.0

2025-11-02 10:57:53 +00:00 · 2024-08-10 19:42:09 +02:00
parent 42c7fe1e12
commit 8668f58a38
10 changed files with 56 additions and 36 deletions
--- a/k8s/apps/media/jellyfin/http-route.yaml
+++ b/k8s/apps/media/jellyfin/http-route.yaml
@@ -0,0 +1,19 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: jellyfin
+  namespace: jellyfin
+spec:
+  parentRefs:
+    - name: stonegarden
+      namespace: gateway
+  hostnames:
+    - "jellyfin.stonegarden.dev"
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: jellyfin
+          port: 8096
--- a/k8s/apps/media/jellyfin/kustomization.yaml
+++ b/k8s/apps/media/jellyfin/kustomization.yaml
@@ -14,4 +14,5 @@ resources:
  - svc.yaml
  - pvc.yaml
  - ingress.yaml
+  - http-route.yaml
  - deployment.yaml
--- a/k8s/apps/media/plex/http-route.yaml
+++ b/k8s/apps/media/plex/http-route.yaml
@@ -0,0 +1,19 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: plex
+  namespace: plex
+spec:
+  parentRefs:
+    - name: stonegarden
+      namespace: gateway
+  hostnames:
+    - "plex.stonegarden.dev"
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: plex
+          port: 32400
--- a/k8s/apps/media/plex/kustomization.yaml
+++ b/k8s/apps/media/plex/kustomization.yaml
@@ -15,4 +15,5 @@ resources:
  - svc.yaml
  - pvc.yaml
  - ingress.yaml
+  - http-route.yaml
  - deployment.yaml
--- a/k8s/infra/crds/kustomization.yaml
+++ b/k8s/infra/crds/kustomization.yaml
@@ -2,4 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

 resources:
-  - https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/experimental-install.yaml
+  - https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.1.0/config/crd/standard/gateway.networking.k8s.io_gatewayclasses.yaml
+  - https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.1.0/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml
+  - https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.1.0/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml
+  - https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.1.0/config/crd/standard/gateway.networking.k8s.io_referencegrants.yaml
+  - https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.1.0/config/crd/standard/gateway.networking.k8s.io_grpcroutes.yaml
+  - https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.1.0/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml
--- a/k8s/infra/network/cilium/values.yaml
+++ b/k8s/infra/network/cilium/values.yaml
@@ -59,6 +59,16 @@ enableCiliumEndpointSlice: true

 gatewayAPI:
  enabled: true
+envoy:
+  enabled: true
+  securityContext:
+    capabilities:
+      keepCapNetBindService: true
+      envoy:
+        - NET_BIND_SERVICE
+        - NET_ADMIN
+        - PERMON
+        - BPF

 hubble:
  enabled: true
--- a/k8s/infra/network/gateway/cloudflare-api-token.yaml
+++ b/k8s/infra/network/gateway/cloudflare-api-token.yaml
@@ -1,12 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  name: cloudflare-api-token
-  namespace: gateway
-spec:
-  encryptedData:
-    api-token: AgCmFZ1eCTYUq41kgZUVr0QjzppHOh/O9frkrupm6WT+QWIaMCK3qq0XmnHWox1K1SHhmix4I4TBzMuvKd8MR2SaI4lfdD4DrNoxpKOKyIKcWWiwz2Lw6CTqTr6Wa+7Iyh5qk2jna20pnGzhp4e0YMwBrVCcelpH/TiZtzXY3FrSnv2+YiPsOR+cohv1OV2E9hUbbHMJGwJQsjVGwTaw1gmEKJIVpMaR86coM7J+5NIoEuG1LeV4ZaqxDG2oQ21V2OBv8gFsO1IrlP17PTKX1Uzvw18Xcvt5ybWQIuXJM8A+0YxwEYUDYj7FyYeDIhKwo/IyUWQKMHu0MKkLMcJ7dHI7fNGH8olvR1ZcTNvtiswa7Fx3c8c70V9Ldw1B09tj+hVfv8hoW6B8uX9C8QDaGY5dlKZr0u2rswK5UVwrgnpdVZt2kWSypqG9JJ8IdcR6OSxfixJpyKryQoK26lFSXHHLrqAvbF2uIyRbYa5q6wz7zUcdAEIAJ2cDLmZ5IFYzzTiDvlDBOUddnhOy2n76pUXDxH/4yKIYFMOZB+SkCFTh54ddbEkyW4or8UK+jzzp2SzRaW0cKj5QUbqSDu+yLm6RmTqpNrmNTjMNtQVOfFXBGm6aGS9Y61kEjIvmgTsKpla9k85RVeRiVy/tsngghp3mfIXzQHZZ4IzTuTya0zb7sJzyrOwqfPgnGZyt5RQZtYl8rG/09MkJgm1iVHdWd2Fd38SdcALXEX4Qpaf8Yk0fb9B2LrHWvmAT
-  template:
-    metadata:
-      name: cloudflare-api-token
-      namespace: gateway
--- a/k8s/infra/network/gateway/cloudflare-issuer.yaml
+++ b/k8s/infra/network/gateway/cloudflare-issuer.yaml
@@ -1,18 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: cloudflare-issuer
-  namespace: gateway
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    #server: https://acme-staging-v02.api.letsencrypt.org/directory
-    email: veghag@gmail.com
-    privateKeySecretRef:
-      name: cloudflare-key
-    solvers:
-      - dns01:
-          cloudflare:
-            apiTokenSecretRef:
-              name: cloudflare-api-token
-              key: api-token
--- a/k8s/infra/network/gateway/gw-stonegarden.yaml
+++ b/k8s/infra/network/gateway/gw-stonegarden.yaml
@@ -3,8 +3,6 @@ kind: Gateway
 metadata:
  name: stonegarden
  namespace: gateway
-#  annotations:
-#    cert-manager.io/issuer: cloudflare-issuer
 spec:
  gatewayClassName: cilium
  infrastructure:
@@ -30,7 +28,6 @@ spec:
        certificateRefs:
          - kind: Secret
            name: cert-stonegarden
-            #name: cloudflare-cert
      allowedRoutes:
        namespaces:
          from: All
--- a/k8s/infra/network/gateway/kustomization.yaml
+++ b/k8s/infra/network/gateway/kustomization.yaml
@@ -5,7 +5,5 @@ resources:
  - cert-stonegarden.yaml
  - gateway-class.yaml
  - ns.yaml
-  - cloudflare-api-token.yaml
-  - cloudflare-issuer.yaml
  - gw-stonegarden.yaml
  - gw-tls-passthrough.yaml