feat: routes to cluster external services

Routes to Home Assistant, Proxmox and TrueNAS

remodel/k8s/apps/external/application-set.yaml

@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: external
+  namespace: argocd
+  labels:
+    dev.stonegarden: external
+spec:
+  generators:
+    - git:
+        repoURL: https://github.com/vehagn/homelab
+        revision: remodel
+        directories:
+          - path: remodel/k8s/apps/external/*
+  template:
+    metadata:
+      name: '{{ path.basename }}'
+      labels:
+        dev.stonegarden: application
+      finalizers:
+        - resources-finalizer.argocd.argoproj.io
+    spec:
+      project: external
+      source:
+        repoURL: https://github.com/vehagn/homelab
+        targetRevision: remodel
+        path: '{{ path }}'
+      destination:
+        name: in-cluster
+        namespace: argocd
+      syncPolicy:
+        automated:
+          selfHeal: true
+          prune: true

remodel/k8s/apps/external/haos/endpoint-slice.yaml

@@ -0,0 +1,17 @@
+apiVersion: discovery.k8s.io/v1
+kind: EndpointSlice
+metadata:
+  name: home-assistant
+  namespace: haos
+  labels:
+    kubernetes.io/service-name: home-assistant
+    endpointslice.kubernetes.io/managed-by: cluster-admins
+addressType: IPv4
+ports:
+  - name: http
+    protocol: TCP
+    port: 8123
+endpoints:
+  - addresses:
+      - 192.168.1.27
+    conditions: { } # https://github.com/argoproj/argo-cd/issues/15554

remodel/k8s/apps/external/haos/http-route.yaml

@@ -0,0 +1,15 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: home-assistant
+  namespace: haos
+spec:
+  parentRefs:
+    - name: stonegarden
+      namespace: gateway
+  hostnames:
+    - "haos.stonegarden.dev"
+  rules:
+    - backendRefs:
+        - name: home-assistant
+          port: 8123

remodel/k8s/apps/external/haos/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ns.yaml
+  - svc.yaml
+  - endpoint-slice.yaml
+  - http-route.yaml

remodel/k8s/apps/external/haos/ns.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: haos

remodel/k8s/apps/external/haos/svc.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: home-assistant
+  namespace: haos
+spec:
+  ports:
+    - name: http 
+      protocol: TCP
+      port: 8123

remodel/k8s/apps/external/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: argocd
+commonLabels:
+  dev.stonegarden: app-management
+  app.kubernetes.io/managed-by: argocd
+
+resources:
+  - project.yaml
+  - application-set.yaml

remodel/k8s/apps/external/project.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: external
+  namespace: argocd
+spec:
+  sourceRepos:
+    - 'https://github.com/vehagn/homelab'
+  destinations:
+    - namespace: 'argocd'
+      server: '*'
+    - namespace: 'haos'
+      server: '*'
+    - namespace: 'proxmox'
+      server: '*'
+    - namespace: 'truenas'
+      server: '*'
+  clusterResourceWhitelist:
+    - group: '*'
+      kind: '*'

remodel/k8s/apps/external/proxmox/endpoint-slice.yaml

@@ -0,0 +1,19 @@
+apiVersion: discovery.k8s.io/v1
+kind: EndpointSlice
+metadata:
+  name: proxmox
+  namespace: proxmox
+  labels:
+    kubernetes.io/service-name: proxmox
+    endpointslice.kubernetes.io/managed-by: cluster-admins
+addressType: IPv4
+ports:
+  - name: https
+    protocol: TCP
+    port: 8006
+endpoints:
+  - addresses:
+      - 192.168.1.42
+      - 192.168.1.52
+      - 192.168.1.62
+    conditions: { } # https://github.com/argoproj/argo-cd/issues/15554

remodel/k8s/apps/external/proxmox/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ns.yaml
+  - svc.yaml
+  - endpoint-slice.yaml
+  - tls-route.yaml

remodel/k8s/apps/external/proxmox/ns.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: proxmox

remodel/k8s/apps/external/proxmox/svc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: proxmox
+  namespace: proxmox
+spec:
+  ports:
+    - name: https
+      protocol: TCP
+      port: 443
+      targetPort: 8006

remodel/k8s/apps/external/proxmox/tls-route.yaml

@@ -0,0 +1,15 @@
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: TLSRoute
+metadata:
+  name: proxmox-tls
+  namespace: proxmox
+spec:
+  parentRefs:
+    - name: tls-passthrough
+      namespace: gateway
+  hostnames:
+    - "proxmox.stonegarden.dev"
+  rules:
+    - backendRefs:
+        - name: proxmox
+          port: 443

remodel/k8s/apps/external/truenas/endpoint-slice.yaml

@@ -0,0 +1,17 @@
+apiVersion: discovery.k8s.io/v1
+kind: EndpointSlice
+metadata:
+  name: truenas
+  namespace: truenas
+  labels:
+    kubernetes.io/service-name: truenas
+    endpointslice.kubernetes.io/managed-by: cluster-admins
+addressType: IPv4
+ports:
+  - name: https
+    protocol: TCP
+    port: 443
+endpoints:
+  - addresses:
+      - 192.168.1.55
+    conditions: { } # https://github.com/argoproj/argo-cd/issues/15554

remodel/k8s/apps/external/truenas/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ns.yaml
+  - svc.yaml
+  - endpoint-slice.yaml
+  - tls-route.yaml

remodel/k8s/apps/external/truenas/ns.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: truenas

remodel/k8s/apps/external/truenas/svc.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: truenas
+  namespace: truenas
+spec:
+  ports:
+    - name: https
+      protocol: TCP
+      port: 443

remodel/k8s/apps/external/truenas/tls-route.yaml

@@ -0,0 +1,15 @@
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: TLSRoute
+metadata:
+  name: truenas
+  namespace: truenas
+spec:
+  parentRefs:
+    - name: tls-passthrough
+      namespace: gateway
+  hostnames:
+    - "truenas.stonegarden.dev"
+  rules:
+    - backendRefs:
+        - name: truenas
+          port: 443

remodel/k8s/infra/controllers/argocd/values.yaml

@@ -19,39 +19,39 @@ crds:
 
 controller:
   resources:
-    limits:
-      cpu: 1000m
-      memory: 2Gi
     requests:
       cpu: 100m
       memory: 700Mi
+    limits:
+      cpu: 4000m
+      memory: 2Gi
 
 dex:
   resources:
-    limits:
-      cpu: 50m
-      memory: 64Mi
     requests:
       cpu: 10m
       memory: 32Mi
+    limits:
+      cpu: 1000m
+      memory: 64Mi
 
 redis:
   resources:
-    limits:
-      cpu: 200m
-      memory: 128Mi
     requests:
       cpu: 100m
       memory: 64Mi
+    limits:
+      cpu: 2000m
+      memory: 128Mi
 
 server:
   resources:
-    limits:
-      cpu: 100m
-      memory: 128Mi
     requests:
       cpu: 50m
       memory: 64Mi
+    limits:
+      cpu: 4000m
+      memory: 128Mi
 
 repoServer:
   containerSecurityContext:
@@ -63,12 +63,12 @@ repoServer:
     - name: cmp-tmp
       emptyDir: { }
   resources:
-    limits:
-      cpu: 50m
-      memory: 512Mi
     requests:
-      cpu: 10m
+      cpu: 100m
       memory: 256Mi
+    limits:
+      cpu: 4000m
+      memory: 512Mi
   extraContainers:
     - name: kustomize-build-with-helm
       command:
@@ -94,19 +94,19 @@ repoServer:
 
 applicationSet:
   resources:
-     limits:
-       cpu: 50m
-       memory: 256Mi
-     requests:
-       cpu: 10m
-       memory: 64Mi
+    requests:
+      cpu: 50m
+      memory: 64Mi
+    limits:
+      cpu: 1000m
+      memory: 256Mi
 
 notifications:
   enabled: false
   resources:
-    limits:
-      cpu: 50m
-      memory: 128Mi
     requests:
-      cpu: 10m
+      cpu: 100m
       memory: 64Mi
+    limits:
+      cpu: 1000m
+      memory: 128Mi

remodel/k8s/infra/network/cloudflared/cloudflared-config.yaml

@@ -9,10 +9,17 @@ warp-routing:
 ingress:
   - hostname: hello.euclid.stonegarden.dev
     service: hello_world
-  - hostname: haos.stonegarden.dev
-    service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443
+  - hostname: proxmox.stonegarden.dev
+    service: https://proxmox.proxmox.svc.cluster.local:443
+    #service: https://cilium-gateway-tls-passthrough.gateway.svc.cluster.local:443
     originRequest:
-      originServerName: "*.stonegarden.dev"
+      originServerName: proxmox.stonegarden.dev
+  - hostname: truenas.stonegarden.dev
+    service: https://192.168.1.55:443
+    #service: https://truenas.truenas.svc.cluster.local:443
+    #service: https://cilium-gateway-tls-passthrough.gateway.svc.cluster.local:443
+    originRequest:
+      originServerName: truenas.stonegarden.dev
   - hostname: "*.euclid.stonegarden.dev"
     service: https://cilium-gateway-euclid.gateway.svc.cluster.local:443
     originRequest:

remodel/k8s/infra/network/gateway/gw-tls-passthrough.yaml

@@ -1,7 +1,7 @@
 apiVersion: gateway.networking.k8s.io/v1
 kind: Gateway
 metadata:
-  name: proxmox
+  name: tls-passthrough
   namespace: gateway
 spec:
   gatewayClassName: cilium
@@ -11,10 +11,19 @@ spec:
   listeners:
     - protocol: TLS
       port: 443
-      name: proxmox-tls-passthrough
-      hostname: "proxmox.euclid.stonegarden.dev"
+      name: proxmox
+      hostname: "proxmox.stonegarden.dev"
       tls:
         mode: Passthrough
       allowedRoutes:
         namespaces:
-          from: All
+          from: All
+    - protocol: TLS
+      port: 443
+      name: truenas
+      hostname: "truenas.stonegarden.dev"
+      tls:
+        mode: Passthrough
+      allowedRoutes:
+        namespaces:
+          from: All

remodel/k8s/infra/network/gateway/kustomization.yaml

@@ -7,5 +7,5 @@ resources:
   - cloudflare-api-token.yaml
   - cloudflare-issuer.yaml
   - gw-euclid.yaml
-#  - gw-proxmox.yaml
   - gw-stonegarden.yaml
+  - gw-tls-passthrough.yaml