feat(proxmox): Proxy Euclid Proxmox through Gateway

2025-10-29 17:12:34 +00:00 · 2024-03-02 12:14:30 +01:00
parent 3c33225e00
commit 9eeae42921
10 changed files with 78 additions and 5 deletions
--- a/apps/utility/haos/http-route.yaml
+++ b/apps/utility/haos/http-route.yaml
@@ -8,7 +8,7 @@ spec:
    - name: cilium-gateway
      namespace: gateway
  hostnames:
-    - "haos.stonegarden.dev"
+    - "haos.euclid.stonegarden.dev"
  rules:
    - matches:
        - path:
--- a/apps/utility/project.yaml
+++ b/apps/utility/project.yaml
@@ -13,6 +13,8 @@ spec:
      server: '*'
    - namespace: 'haos'
      server: '*'
+    - namespace: 'proxmox'
+      server: '*'
  clusterResourceWhitelist:
    - group: '*'
      kind: '*'
--- a/apps/utility/proxmox/endpoint-slice.yaml
+++ b/apps/utility/proxmox/endpoint-slice.yaml
@@ -0,0 +1,18 @@
+apiVersion: discovery.k8s.io/v1
+kind: EndpointSlice
+metadata:
+  name: proxmox-euclid-1
+  namespace: proxmox
+  labels:
+    kubernetes.io/service-name: proxmox-euclid
+    endpointslice.kubernetes.io/managed-by: cluster-admins
+addressType: IPv4
+ports:
+  - name: https
+    protocol: TCP
+    port: 8006
+endpoints:
+  - addresses:
+      - 192.168.1.42
+    conditions:  # https://github.com/argoproj/argo-cd/issues/15554
+      ready: true
--- a/apps/utility/proxmox/kustomization.yaml
+++ b/apps/utility/proxmox/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ns.yaml
+  - svc.yaml
+  - endpoint-slice.yaml
+  - tls-route.yaml
--- a/apps/utility/proxmox/ns.yaml
+++ b/apps/utility/proxmox/ns.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: proxmox
--- a/apps/utility/proxmox/svc.yaml
+++ b/apps/utility/proxmox/svc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: proxmox-euclid
+  namespace: proxmox
+spec:
+  ports:
+    - name: https
+      protocol: TCP
+      port: 443
+      targetPort: 8006
--- a/apps/utility/proxmox/tls-route.yaml
+++ b/apps/utility/proxmox/tls-route.yaml
@@ -0,0 +1,15 @@
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: TLSRoute
+metadata:
+  name: proxmox-euclid
+  namespace: proxmox
+spec:
+  parentRefs:
+    - name: cilium-gateway
+      namespace: gateway
+  hostnames:
+    - "proxmox.euclid.stonegarden.dev"
+  rules:
+    - backendRefs:
+        - name: proxmox-euclid
+          port: 443
--- a/infra/cilium/values.yaml
+++ b/infra/cilium/values.yaml
@@ -16,7 +16,7 @@ operator:
 rollOutCiliumPods: true

 debug:
-  enabled: true
+  enabled: false

 # Increase rate limit when doing L2 announcements
 k8sClientRateLimit:
--- a/infra/gateway/gateway.yaml
+++ b/infra/gateway/gateway.yaml
@@ -22,6 +22,17 @@ spec:
      allowedRoutes:
        namespaces:
          from: All
+    - protocol: HTTPS
+      port: 443
+      name: https-gateway-euclid
+      hostname: "*.euclid.stonegarden.dev"
+      tls:
+        certificateRefs:
+          - kind: Secret
+            name: cloudflare-cert
+      allowedRoutes:
+        namespaces:
+          from: All
    - protocol: HTTPS
      port: 443
      name: https-domain-gateway
--- a/infra/net-aux/config/cloudflared/config.yaml
+++ b/infra/net-aux/config/cloudflared/config.yaml
@@ -10,11 +10,15 @@ ingress:
  - hostname: hello.stonegarden.dev
    service: hello_world
  - hostname: ssh.stonegarden.dev
-    service: ssh://192.168.1.12:22
-  - hostname: haos.stonegarden.dev
+    service: ssh://192.168.1.50:22
+  - hostname: proxmox.euclid.stonegarden.dev
    service: https://cilium-gateway-cilium-gateway.gateway.svc.cluster.local:443
    originRequest:
-      originServerName: "*.stonegarden.dev"
+      originServerName: proxmox.euclid.stonegarden.dev
+  - hostname: haos.euclid.stonegarden.dev
+    service: https://cilium-gateway-cilium-gateway.gateway.svc.cluster.local:443
+    originRequest:
+      originServerName: haos.euclid.stonegarden.dev
  - hostname: blog.stonegarden.dev
    service: https://cilium-gateway-cilium-gateway.gateway.svc.cluster.local:443
    originRequest: