shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: archive envoy-gateway

Browse Source
This commit is contained in:
auricom
2025-08-18 21:49:51 +02:00
parent 5876dc61cd
commit e04439b50e
13 changed files with 0 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
kubernetes/apps/network/envoy-gateway/crds/helmrelease.yaml
View File

@@ -1,36 +0,0 @@
---
# yaml-language-server: $schema=https://schemas.budimanjojo.com/source.toolkit.fluxcd.io/ocirepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: OCIRepository
metadata:
name: envoy-gateway-crds
spec:
interval: 30m
timeout: 60s
url: oci://docker.io/envoyproxy/gateway-helm
ref:
tag: 1.4.2
layerSelector:
mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
operation: copy
---
# yaml-language-server: $schema=https://schemas.budimanjojo.com/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: envoy-gateway-crds
spec:
interval: 1h
timeout: 5m
chartRef:
kind: OCIRepository
name: envoy-gateway-crds
install:
crds: CreateReplace
remediation:
retries: -1
upgrade:
cleanupOnFail: true
crds: CreateReplace
remediation:
retries: 5

6
kubernetes/apps/network/envoy-gateway/crds/kustomization.yaml
View File

@@ -1,6 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml

35
kubernetes/apps/network/envoy-gateway/external/gateway.yaml vendored
View File

@@ -1,35 +0,0 @@
---
# yaml-language-server: $schema=https://schemas.budimanjojo.com/gateway.networking.k8s.io/gateway_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: external
# annotations:
# external-dns.alpha.kubernetes.io/target: external.${SECRET_EXTERNAL_DOMAIN}
spec:
gatewayClassName: envoy-gateway
addresses:
- type: IPAddress
value: 192.168.169.122
# infrastructure:
# annotations:
# external-dns.alpha.kubernetes.io/hostname: external.${SECRET_EXTERNAL_DOMAIN}
listeners:
- name: http
protocol: HTTP
port: 80
hostname: "*.${SECRET_EXTERNAL_DOMAIN}"
allowedRoutes:
namespaces:
from: Same
- name: https
protocol: HTTPS
port: 443
hostname: "*.${SECRET_EXTERNAL_DOMAIN}"
allowedRoutes:
namespaces:
from: All
tls:
certificateRefs:
- kind: Secret
name: ${SECRET_EXTERNAL_DOMAIN//./-}-tls

7
kubernetes/apps/network/envoy-gateway/external/kustomization.yaml vendored
View File

@@ -1,7 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./gateway.yaml
- ./redirect.yaml

18
kubernetes/apps/network/envoy-gateway/external/redirect.yaml vendored
View File

@@ -1,18 +0,0 @@
---
# yaml-language-server: $schema=https://schemas.budimanjojo.com/gateway.networking.k8s.io/httproute_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: https-redirect-external
annotations:
external-dns.alpha.kubernetes.io/controller: none
spec:
parentRefs:
- name: external
port: 80
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301

35
kubernetes/apps/network/envoy-gateway/internal/gateway.yaml
View File

@@ -1,35 +0,0 @@
---
# yaml-language-server: $schema=https://schemas.budimanjojo.com/gateway.networking.k8s.io/gateway_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: internal
# annotations:
# external-dns.alpha.kubernetes.io/target: internal.${SECRET_EXTERNAL_DOMAIN}
spec:
gatewayClassName: envoy-gateway
addresses:
- type: IPAddress
value: 192.168.169.121
# infrastructure:
# annotations:
# external-dns.alpha.kubernetes.io/hostname: internal.${SECRET_EXTERNAL_DOMAIN}
listeners:
- name: http
protocol: HTTP
port: 80
hostname: "*.${SECRET_EXTERNAL_DOMAIN}"
allowedRoutes:
namespaces:
from: Same
- name: https
protocol: HTTPS
port: 443
hostname: "*.${SECRET_EXTERNAL_DOMAIN}"
allowedRoutes:
namespaces:
from: All
tls:
certificateRefs:
- kind: Secret
name: ${SECRET_EXTERNAL_DOMAIN//./-}-tls

8
kubernetes/apps/network/envoy-gateway/internal/kustomization.yaml
View File

@@ -1,8 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./gateway.yaml
- ./redirect.yaml
- ./securitypolicy.yaml

17
kubernetes/apps/network/envoy-gateway/internal/redirect.yaml
View File

@@ -1,17 +0,0 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: https-redirect-internal
annotations:
external-dns.alpha.kubernetes.io/controller: none
spec:
parentRefs:
- name: internal
port: 80
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301

26
kubernetes/apps/network/envoy-gateway/internal/securitypolicy.yaml
View File

@@ -1,26 +0,0 @@
---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: SecurityPolicy
metadata:
name: internal-secure
spec:
extAuth:
failOpen: false
headersToExtAuth:
- X-Forwarded-Proto
- authorization
- proxy-authorization
- accept
- cookie
http:
backendRefs:
- group: ""
kind: Service
name: authelia
namespace: default
port: 80
path: /api/authz/ext-authz/
targetRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: internal

111
kubernetes/apps/network/envoy-gateway/ks.yaml
View File

@@ -1,111 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app envoy-gateway-crds
namespace: &namespace network
spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
interval: 1h
path: ./kubernetes/apps/network/envoy-gateway/crds
prune: true
retryInterval: 2m
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system
targetNamespace: *namespace
timeout: 5m
wait: false
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app envoy-gateway-operator
namespace: &namespace network
spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
interval: 1h
path: ./kubernetes/apps/network/envoy-gateway/operator
dependsOn:
- name: envoy-gateway-crds
namespace: *namespace
# healthChecks:
# - apiVersion: helm.toolkit.fluxcd.io/v2
# kind: HelmRelease
# name: *app
# namespace: *namespace
# - apiVersion: gateway.networking.k8s.io/v1
# kind: GatewayClass
# name: envoy-gateway
# healthCheckExprs:
# - apiVersion: gateway.networking.k8s.io/v1
# kind: GatewayClass
# failed: status.conditions.filter(e, e.type == 'Accepted').all(e, e.status == 'False')
# inProgress: status.conditions.filter(e, e.type == 'Accepted').all(e, e.status == 'Unknown')
# current: status.conditions.filter(e, e.type == 'Accepted').all(e, e.status == 'True')
prune: true
retryInterval: 2m
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system
targetNamespace: *namespace
timeout: 5m
wait: false
---
# yaml-language-server: $schema=https://schemas.budimanjojo.com/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app envoy-gateway-internal
namespace: &namespace network
spec:
interval: 1h
retryInterval: 2m
timeout: 5m
prune: true
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/network/envoy-gateway/internal
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system
targetNamespace: *namespace
wait: false
dependsOn:
- name: envoy-gateway-operator
namespace: *namespace
---
# yaml-language-server: $schema=https://schemas.budimanjojo.com/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app envoy-gateway-external
namespace: &namespace network
spec:
interval: 1h
retryInterval: 2m
timeout: 5m
prune: true
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/network/envoy-gateway/external
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system
targetNamespace: *namespace
wait: false
dependsOn:
- name: envoy-gateway-operator
namespace: *namespace

23
kubernetes/apps/network/envoy-gateway/operator/gatewayclass.yaml
View File

@@ -1,23 +0,0 @@
---
# yaml-language-server: $schema=https://schemas.budimanjojo.com/gateway.networking.k8s.io/gatewayclass_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: envoy-gateway
spec:
controllerName: gateway.envoyproxy.io/gatewayclass-controller
parametersRef:
group: gateway.envoyproxy.io
kind: EnvoyProxy
name: proxy-config
namespace: network
---
# yaml-language-server: $schema=https://schemas.budimanjojo.com/gateway.envoyproxy.io/envoyproxy_v1alpha1.json
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
metadata:
name: proxy-config
spec:
backendTLS:
minVersion: "1.3"
maxVersion: "1.3"

6
kubernetes/apps/network/envoy-gateway/operator/kustomization.yaml
View File

@@ -1,6 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./gatewayclass.yaml

1
kubernetes/apps/network/kustomization.yaml
View File

@@ -7,7 +7,6 @@ components:
- ../../components/common
resources:
- ./cloudflared/ks.yaml
- ./envoy-gateway/ks.yaml
- ./external-dns/ks.yaml
- ./nginx/ks.yaml
- ./k8s-gateway/ks.yaml