shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixup! feat: envoy-gateway

Browse Source
This commit is contained in:
auricom
2025-06-20 01:29:25 +02:00
parent 96bbc04020
commit 57a7f62cc1
11 changed files with 68 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
kubernetes/apps/kube-system/cilium/app/helm/values.yaml
View File

@@ -19,6 +19,10 @@ endpointRoutes:
enabled: true enabled: true
envoy: envoy:
enabled: false enabled: false
gatewayAPI:
enabled: true
enableAlpn: true
xffNumTrustedHops: 1
hubble: hubble:
enabled: false enabled: false
ipam: ipam:

2
kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml
View File

@@ -33,4 +33,4 @@ spec:
retries: 3 retries: 3
valuesFrom: valuesFrom:
- kind: ConfigMap - kind: ConfigMap
name: kubelet-csr-approver-helm-values name: kubelet-csr-approver-values

13
kubernetes/apps/network/envoy-gateway/operator/helmrelease.yaml → kubernetes/apps/network/envoy-gateway/crds/helmrelease.yaml
View File

@@ -3,13 +3,13 @@
apiVersion: source.toolkit.fluxcd.io/v1 apiVersion: source.toolkit.fluxcd.io/v1
kind: OCIRepository kind: OCIRepository
metadata: metadata:
name: envoy-gateway-operator name: envoy-gateway-crds
spec: spec:
interval: 30m interval: 30m
timeout: 60s timeout: 60s
url: oci://docker.io/envoyproxy/gateway-helm url: oci://docker.io/envoyproxy/gateway-helm
ref: ref:
tag: 1.4.0 tag: v1.4.1
layerSelector: layerSelector:
mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
operation: copy operation: copy
@@ -18,13 +18,13 @@ spec:
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:
name: envoy-gateway-operator name: envoy-gateway-crds
spec: spec:
interval: 1h interval: 1h
timeout: 5m timeout: 5m
chartRef: chartRef:
kind: OCIRepository kind: OCIRepository
name: envoy-gateway-operator name: envoy-gateway-crds
install: install:
crds: CreateReplace crds: CreateReplace
remediation: remediation:
@@ -34,8 +34,3 @@ spec:
crds: CreateReplace crds: CreateReplace
remediation: remediation:
retries: 5 retries: 5
values:
config:
envoyGateway:
gateway:
controllerName: gateway.envoyproxy.io/gatewayclass-controller

6
kubernetes/apps/network/envoy-gateway/crds/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml

8
kubernetes/apps/network/envoy-gateway/external/gateway.yaml vendored
View File

@@ -5,7 +5,7 @@ kind: Gateway
metadata: metadata:
name: external name: external
# annotations: # annotations:
# external-dns.alpha.kubernetes.io/target: external.${SECRET_CLUSTER_DOMAIN} # external-dns.alpha.kubernetes.io/target: external.${SECRET_EXTERNAL_DOMAIN}
spec: spec:
gatewayClassName: envoy-gateway gatewayClassName: envoy-gateway
addresses: addresses:
@@ -13,19 +13,19 @@ spec:
value: "${CLUSTER_LB_ENVOY_EXTERNAL}" value: "${CLUSTER_LB_ENVOY_EXTERNAL}"
# infrastructure: # infrastructure:
# annotations: # annotations:
# external-dns.alpha.kubernetes.io/hostname: external.${SECRET_CLUSTER_DOMAIN} # external-dns.alpha.kubernetes.io/hostname: external.${SECRET_EXTERNAL_DOMAIN}
listeners: listeners:
- name: http - name: http
protocol: HTTP protocol: HTTP
port: 80 port: 80
hostname: "*.${SECRET_CLUSTER_DOMAIN}" hostname: "*.${SECRET_EXTERNAL_DOMAIN}"
allowedRoutes: allowedRoutes:
namespaces: namespaces:
from: Same from: Same
- name: https - name: https
protocol: HTTPS protocol: HTTPS
port: 443 port: 443
hostname: "*.${SECRET_CLUSTER_DOMAIN}" hostname: "*.${SECRET_EXTERNAL_DOMAIN}"
allowedRoutes: allowedRoutes:
namespaces: namespaces:
from: All from: All

1
kubernetes/apps/network/envoy-gateway/external/kustomization.yaml vendored
View File

@@ -2,7 +2,6 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: networking-system
resources: resources:
- ./gateway.yaml - ./gateway.yaml
- ./redirect.yaml - ./redirect.yaml

8
kubernetes/apps/network/envoy-gateway/internal/gateway.yaml
View File

@@ -5,7 +5,7 @@ kind: Gateway
metadata: metadata:
name: internal name: internal
# annotations: # annotations:
# external-dns.alpha.kubernetes.io/target: internal.${SECRET_CLUSTER_DOMAIN} # external-dns.alpha.kubernetes.io/target: internal.${SECRET_EXTERNAL_DOMAIN}
spec: spec:
gatewayClassName: envoy-gateway gatewayClassName: envoy-gateway
addresses: addresses:
@@ -13,19 +13,19 @@ spec:
value: "${CLUSTER_LB_ENVOY_INTERNAL}" value: "${CLUSTER_LB_ENVOY_INTERNAL}"
# infrastructure: # infrastructure:
# annotations: # annotations:
# external-dns.alpha.kubernetes.io/hostname: internal.${SECRET_CLUSTER_DOMAIN} # external-dns.alpha.kubernetes.io/hostname: internal.${SECRET_EXTERNAL_DOMAIN}
listeners: listeners:
- name: http - name: http
protocol: HTTP protocol: HTTP
port: 80 port: 80
hostname: "*.${SECRET_CLUSTER_DOMAIN}" hostname: "*.${SECRET_EXTERNAL_DOMAIN}"
allowedRoutes: allowedRoutes:
namespaces: namespaces:
from: Same from: Same
- name: https - name: https
protocol: HTTPS protocol: HTTPS
port: 443 port: 443
hostname: "*.${SECRET_CLUSTER_DOMAIN}" hostname: "*.${SECRET_EXTERNAL_DOMAIN}"
allowedRoutes: allowedRoutes:
namespaces: namespaces:
from: All from: All

1
kubernetes/apps/network/envoy-gateway/internal/kustomization.yaml
View File

@@ -2,7 +2,6 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: networking-system
resources: resources:
- ./gateway.yaml - ./gateway.yaml
- ./redirect.yaml - ./redirect.yaml

61
kubernetes/apps/network/envoy-gateway/ks.yaml
View File

@@ -3,7 +3,29 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:
name: &app envoy-gateway name: &app envoy-gateway-crds
namespace: &namespace network
spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
interval: 1h
path: ./kubernetes/apps/network/envoy-gateway/crds
prune: true
retryInterval: 2m
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
namespace: flux-system
targetNamespace: *namespace
timeout: 5m
wait: false
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app envoy-gateway-operator
namespace: &namespace network namespace: &namespace network
spec: spec:
commonMetadata: commonMetadata:
@@ -11,21 +33,24 @@ spec:
app.kubernetes.io/name: *app app.kubernetes.io/name: *app
interval: 1h interval: 1h
path: ./kubernetes/apps/network/envoy-gateway/operator path: ./kubernetes/apps/network/envoy-gateway/operator
healthChecks: dependsOn:
- apiVersion: helm.toolkit.fluxcd.io/v2 - name: envoy-gateway-crds
kind: HelmRelease
name: *app
namespace: *namespace namespace: *namespace
- apiVersion: gateway.networking.k8s.io/v1 # healthChecks:
kind: GatewayClass # - apiVersion: helm.toolkit.fluxcd.io/v2
name: envoy-gateway # kind: HelmRelease
healthCheckExprs: # name: *app
- apiVersion: gateway.networking.k8s.io/v1 # namespace: *namespace
kind: GatewayClass # - apiVersion: gateway.networking.k8s.io/v1
failed: status.conditions.filter(e, e.type == 'Accepted').all(e, e.status == 'False') # kind: GatewayClass
inProgress: status.conditions.filter(e, e.type == 'Accepted').all(e, e.status == 'Unknown') # name: envoy-gateway
current: status.conditions.filter(e, e.type == 'Accepted').all(e, e.status == 'True') # healthCheckExprs:
prune: false # - apiVersion: gateway.networking.k8s.io/v1
# kind: GatewayClass
# failed: status.conditions.filter(e, e.type == 'Accepted').all(e, e.status == 'False')
# inProgress: status.conditions.filter(e, e.type == 'Accepted').all(e, e.status == 'Unknown')
# current: status.conditions.filter(e, e.type == 'Accepted').all(e, e.status == 'True')
prune: true
retryInterval: 2m retryInterval: 2m
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository
@@ -45,7 +70,7 @@ spec:
interval: 1h interval: 1h
retryInterval: 2m retryInterval: 2m
timeout: 5m timeout: 5m
prune: false prune: true
commonMetadata: commonMetadata:
labels: labels:
app.kubernetes.io/name: *app app.kubernetes.io/name: *app
@@ -54,6 +79,7 @@ spec:
kind: GitRepository kind: GitRepository
name: home-ops-kubernetes name: home-ops-kubernetes
namespace: flux-system namespace: flux-system
targetNamespace: *namespace
wait: false wait: false
dependsOn: dependsOn:
- name: envoy-gateway-operator - name: envoy-gateway-operator
@@ -69,7 +95,7 @@ spec:
interval: 1h interval: 1h
retryInterval: 2m retryInterval: 2m
timeout: 5m timeout: 5m
prune: false prune: true
commonMetadata: commonMetadata:
labels: labels:
app.kubernetes.io/name: *app app.kubernetes.io/name: *app
@@ -78,6 +104,7 @@ spec:
kind: GitRepository kind: GitRepository
name: home-ops-kubernetes name: home-ops-kubernetes
namespace: flux-system namespace: flux-system
targetNamespace: *namespace
wait: false wait: false
dependsOn: dependsOn:
- name: envoy-gateway-operator - name: envoy-gateway-operator

2
kubernetes/apps/network/envoy-gateway/operator/gatewayclass.yaml
View File

@@ -10,7 +10,7 @@ spec:
group: gateway.envoyproxy.io group: gateway.envoyproxy.io
kind: EnvoyProxy kind: EnvoyProxy
name: proxy-config name: proxy-config
namespace: networking-system namespace: network
--- ---
# yaml-language-server: $schema=https://schemas.budimanjojo.com/gateway.envoyproxy.io/envoyproxy_v1alpha1.json # yaml-language-server: $schema=https://schemas.budimanjojo.com/gateway.envoyproxy.io/envoyproxy_v1alpha1.json
apiVersion: gateway.envoyproxy.io/v1alpha1 apiVersion: gateway.envoyproxy.io/v1alpha1

2
kubernetes/apps/network/envoy-gateway/operator/kustomization.yaml
View File

@@ -2,7 +2,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: networking-system
resources: resources:
- ./gatewayclass.yaml - ./gatewayclass.yaml
- ./helmrelease.yaml