feat: envoy-gateway

2025-09-17 18:24:14 +02:00 · 2025-06-20 00:43:57 +02:00
parent d48c329b18
commit 18c74b7072
13 changed files with 307 additions and 0 deletions
--- a/kubernetes/apps/network/envoy-gateway/external/gateway.yaml
+++ b/kubernetes/apps/network/envoy-gateway/external/gateway.yaml
@@ -0,0 +1,35 @@
+---
+# yaml-language-server: $schema=https://schemas.budimanjojo.com/gateway.networking.k8s.io/gateway_v1.json
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: external
+  # annotations:
+  #   external-dns.alpha.kubernetes.io/target: external.${SECRET_CLUSTER_DOMAIN}
+spec:
+  gatewayClassName: envoy-gateway
+  addresses:
+    - type: IPAddress
+      value: "${CLUSTER_LB_ENVOY_EXTERNAL}"
+  # infrastructure:
+  #   annotations:
+  #     external-dns.alpha.kubernetes.io/hostname: external.${SECRET_CLUSTER_DOMAIN}
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      hostname: "*.${SECRET_CLUSTER_DOMAIN}"
+      allowedRoutes:
+        namespaces:
+          from: Same
+    - name: https
+      protocol: HTTPS
+      port: 443
+      hostname: "*.${SECRET_CLUSTER_DOMAIN}"
+      allowedRoutes:
+        namespaces:
+          from: All
+      tls:
+        certificateRefs:
+          - kind: Secret
+            name: ${SECRET_EXTERNAL_DOMAIN//./-}-tls
--- a/kubernetes/apps/network/envoy-gateway/external/kustomization.yaml
+++ b/kubernetes/apps/network/envoy-gateway/external/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: networking-system
+resources:
+  - ./gateway.yaml
+  - ./redirect.yaml
--- a/kubernetes/apps/network/envoy-gateway/external/redirect.yaml
+++ b/kubernetes/apps/network/envoy-gateway/external/redirect.yaml
@@ -0,0 +1,18 @@
+---
+# yaml-language-server: $schema=https://schemas.budimanjojo.com/gateway.networking.k8s.io/httproute_v1.json
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: https-redirect-external
+  annotations:
+    external-dns.alpha.kubernetes.io/controller: none
+spec:
+  parentRefs:
+    - name: external
+      port: 80
+  rules:
+    - filters:
+        - type: RequestRedirect
+          requestRedirect:
+            scheme: https
+            statusCode: 301