⚡️ migrate k8s-gateway to app-template

kubernetes/base/repositories/helm/k8s-gateway.yaml

@@ -1,10 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
-  name: k8s-gateway
-  namespace: flux-system
-spec:
-  interval: 1h
-  url: https://ori-edge.github.io/k8s_gateway/
-  timeout: 3m

kubernetes/base/repositories/helm/kustomization.yaml

@@ -16,7 +16,6 @@ resources:
   - grafana.yaml
   - ingress-nginx.yaml
   - jetstack.yaml
-  - k8s-gateway.yaml
   - kyverno.yaml
   - metrics-server.yaml
   - node-feature-discovery.yaml

kubernetes/cluster-0/apps/networking/k8s-gateway/Corefile

@@ -0,0 +1,17 @@
+.:1053 {
+  errors
+  log
+  health {
+    lameduck 5s
+  }
+  ready
+  k8s_gateway ${SECRET_CLUSTER_DOMAIN} {
+    apex  k8s-gateway.network
+    resources Ingress Service
+    ttl 300
+  }
+  prometheus 0.0.0.0:9153
+  loop
+  reload
+  loadbalance
+}

kubernetes/cluster-0/apps/networking/k8s-gateway/helm-release.yaml

@@ -2,31 +2,90 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
-  name: k8s-gateway
+  name: &app k8s-gateway
   namespace: default
 spec:
   interval: 15m
   chart:
     spec:
-      # renovate: registryUrl=https://ori-edge.github.io/k8s_gateway/
+      chart: app-template
-      chart: k8s-gateway
+      version: 1.1.3
-      version: 2.0.0
       sourceRef:
         kind: HelmRepository
-        name: k8s-gateway
+        name: bjw-s
         namespace: flux-system
   install:
     createNamespace: true
-    crds: CreateReplace
     remediation:
       retries: 5
   upgrade:
-    crds: CreateReplace
     remediation:
       retries: 5
   values:
-    domain: "${SECRET_CLUSTER_DOMAIN}"
+    controller:
+      replicas: 2
+      strategy: RollingUpdate
+      annotations:
+        reloader.stakater.com/auto: "true"
+    image:
+      repository: quay.io/oriedge/k8s_gateway
+      tag: v0.3.2
+    args: ["-conf", "/etc/coredns/Corefile"]
     service:
-      type: LoadBalancer
+      main:
-      externalTrafficPolicy: Local
+        type: LoadBalancer
-      loadBalancerIP: ${CLUSTER_LB_K8SGATEWAY}
+        loadBalancerIP: "${CLUSTER_LB_K8SGATEWAY}"
+        externalTrafficPolicy: Local
+        ports:
+          http:
+            enabled: false
+          metrics:
+            enabled: true
+            port: 9153
+          dns:
+            enabled: true
+            port: 53
+            targetPort: 1053
+            protocol: UDP
+    serviceMonitor:
+      main:
+        enabled: true
+        endpoints:
+          - port: metrics
+            scheme: http
+            path: /metrics
+            interval: 1m
+            scrapeTimeout: 10s
+    probes:
+      readiness:
+        custom: true
+        spec:
+          httpGet:
+            path: /ready
+            port: 8181
+      liveness:
+        custom: true
+        spec:
+          httpGet:
+            path: /health
+            port: 8080
+      startup:
+        enabled: false
+    serviceAccount:
+      create: true
+      name: *app
+    persistence:
+      config-file:
+        enabled: true
+        type: configMap
+        name: k8s-gateway-configmap
+        subPath: Corefile
+        mountPath: /etc/coredns/Corefile
+        readOnly: true
+    topologySpreadConstraints:
+      - maxSkew: 1
+        topologyKey: kubernetes.io/hostname
+        whenUnsatisfiable: DoNotSchedule
+        labelSelector:
+          matchLabels:
+            app.kubernetes.io/name: *app

kubernetes/cluster-0/apps/networking/k8s-gateway/kustomization.yaml

@@ -1,4 +1,12 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - rbac.yaml
   - helm-release.yaml
+configMapGenerator:
+  - name: k8s-gateway-configmap
+    files:
+      - Corefile
+    namespace: default
+generatorOptions:
+  disableNameSuffixHash: true

kubernetes/cluster-0/apps/networking/k8s-gateway/rbac.yaml

@@ -0,0 +1,48 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: k8s-gateway
+  namespace: default
+  labels:
+    app.kubernetes.io/instance: k8s-gateway
+    app.kubernetes.io/name: k8s-gateway
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - namespaces
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - list
+      - watch
+  - apiGroups: ["gateway.networking.k8s.io"]
+    resources: ["*"]
+    verbs: ["watch", "list"]
+  - apiGroups: ["k8s.nginx.org"]
+    resources: ["*"]
+    verbs: ["watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: k8s-gateway
+  labels:
+    app.kubernetes.io/instance: k8s-gateway
+    app.kubernetes.io/name: k8s-gateway
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: k8s-gateway
+subjects:
+  - kind: ServiceAccount
+    name: k8s-gateway
+    namespace: default