From 9eeae42921536d7e95dd58e01d61be6f1dcb2d75 Mon Sep 17 00:00:00 2001 From: Vegard Hagen Date: Sat, 2 Mar 2024 12:14:30 +0100 Subject: [PATCH] feat(proxmox): Proxy Euclid Proxmox through Gateway --- apps/utility/haos/http-route.yaml | 2 +- apps/utility/project.yaml | 2 ++ apps/utility/proxmox/endpoint-slice.yaml | 18 ++++++++++++++++++ apps/utility/proxmox/kustomization.yaml | 8 ++++++++ apps/utility/proxmox/ns.yaml | 4 ++++ apps/utility/proxmox/svc.yaml | 11 +++++++++++ apps/utility/proxmox/tls-route.yaml | 15 +++++++++++++++ infra/cilium/values.yaml | 2 +- infra/gateway/gateway.yaml | 11 +++++++++++ infra/net-aux/config/cloudflared/config.yaml | 10 +++++++--- 10 files changed, 78 insertions(+), 5 deletions(-) create mode 100644 apps/utility/proxmox/endpoint-slice.yaml create mode 100644 apps/utility/proxmox/kustomization.yaml create mode 100644 apps/utility/proxmox/ns.yaml create mode 100644 apps/utility/proxmox/svc.yaml create mode 100644 apps/utility/proxmox/tls-route.yaml diff --git a/apps/utility/haos/http-route.yaml b/apps/utility/haos/http-route.yaml index 8465594..0333dd7 100644 --- a/apps/utility/haos/http-route.yaml +++ b/apps/utility/haos/http-route.yaml @@ -8,7 +8,7 @@ spec: - name: cilium-gateway namespace: gateway hostnames: - - "haos.stonegarden.dev" + - "haos.euclid.stonegarden.dev" rules: - matches: - path: diff --git a/apps/utility/project.yaml b/apps/utility/project.yaml index db900f4..31dfaa2 100644 --- a/apps/utility/project.yaml +++ b/apps/utility/project.yaml @@ -13,6 +13,8 @@ spec: server: '*' - namespace: 'haos' server: '*' + - namespace: 'proxmox' + server: '*' clusterResourceWhitelist: - group: '*' kind: '*' \ No newline at end of file diff --git a/apps/utility/proxmox/endpoint-slice.yaml b/apps/utility/proxmox/endpoint-slice.yaml new file mode 100644 index 0000000..386c0fa --- /dev/null +++ b/apps/utility/proxmox/endpoint-slice.yaml @@ -0,0 +1,18 @@ +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + name: proxmox-euclid-1 + namespace: proxmox + labels: + kubernetes.io/service-name: proxmox-euclid + endpointslice.kubernetes.io/managed-by: cluster-admins +addressType: IPv4 +ports: + - name: https + protocol: TCP + port: 8006 +endpoints: + - addresses: + - 192.168.1.42 + conditions: # https://github.com/argoproj/argo-cd/issues/15554 + ready: true \ No newline at end of file diff --git a/apps/utility/proxmox/kustomization.yaml b/apps/utility/proxmox/kustomization.yaml new file mode 100644 index 0000000..a1e4326 --- /dev/null +++ b/apps/utility/proxmox/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ns.yaml + - svc.yaml + - endpoint-slice.yaml + - tls-route.yaml \ No newline at end of file diff --git a/apps/utility/proxmox/ns.yaml b/apps/utility/proxmox/ns.yaml new file mode 100644 index 0000000..b087c9a --- /dev/null +++ b/apps/utility/proxmox/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: proxmox \ No newline at end of file diff --git a/apps/utility/proxmox/svc.yaml b/apps/utility/proxmox/svc.yaml new file mode 100644 index 0000000..9a09555 --- /dev/null +++ b/apps/utility/proxmox/svc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: proxmox-euclid + namespace: proxmox +spec: + ports: + - name: https + protocol: TCP + port: 443 + targetPort: 8006 \ No newline at end of file diff --git a/apps/utility/proxmox/tls-route.yaml b/apps/utility/proxmox/tls-route.yaml new file mode 100644 index 0000000..4411520 --- /dev/null +++ b/apps/utility/proxmox/tls-route.yaml @@ -0,0 +1,15 @@ +apiVersion: gateway.networking.k8s.io/v1alpha2 +kind: TLSRoute +metadata: + name: proxmox-euclid + namespace: proxmox +spec: + parentRefs: + - name: cilium-gateway + namespace: gateway + hostnames: + - "proxmox.euclid.stonegarden.dev" + rules: + - backendRefs: + - name: proxmox-euclid + port: 443 \ No newline at end of file diff --git a/infra/cilium/values.yaml b/infra/cilium/values.yaml index 8339856..30e51cc 100644 --- a/infra/cilium/values.yaml +++ b/infra/cilium/values.yaml @@ -16,7 +16,7 @@ operator: rollOutCiliumPods: true debug: - enabled: true + enabled: false # Increase rate limit when doing L2 announcements k8sClientRateLimit: diff --git a/infra/gateway/gateway.yaml b/infra/gateway/gateway.yaml index 5c91ab0..50eaa86 100644 --- a/infra/gateway/gateway.yaml +++ b/infra/gateway/gateway.yaml @@ -22,6 +22,17 @@ spec: allowedRoutes: namespaces: from: All + - protocol: HTTPS + port: 443 + name: https-gateway-euclid + hostname: "*.euclid.stonegarden.dev" + tls: + certificateRefs: + - kind: Secret + name: cloudflare-cert + allowedRoutes: + namespaces: + from: All - protocol: HTTPS port: 443 name: https-domain-gateway diff --git a/infra/net-aux/config/cloudflared/config.yaml b/infra/net-aux/config/cloudflared/config.yaml index 13f7f56..592e883 100644 --- a/infra/net-aux/config/cloudflared/config.yaml +++ b/infra/net-aux/config/cloudflared/config.yaml @@ -10,11 +10,15 @@ ingress: - hostname: hello.stonegarden.dev service: hello_world - hostname: ssh.stonegarden.dev - service: ssh://192.168.1.12:22 - - hostname: haos.stonegarden.dev + service: ssh://192.168.1.50:22 + - hostname: proxmox.euclid.stonegarden.dev service: https://cilium-gateway-cilium-gateway.gateway.svc.cluster.local:443 originRequest: - originServerName: "*.stonegarden.dev" + originServerName: proxmox.euclid.stonegarden.dev + - hostname: haos.euclid.stonegarden.dev + service: https://cilium-gateway-cilium-gateway.gateway.svc.cluster.local:443 + originRequest: + originServerName: haos.euclid.stonegarden.dev - hostname: blog.stonegarden.dev service: https://cilium-gateway-cilium-gateway.gateway.svc.cluster.local:443 originRequest: