diff --git a/kubernetes/apps/networking/echo-server/app/helmrelease.yaml b/kubernetes/apps/networking/echo-server/app/helmrelease.yaml index c93bc6abaa..5c74b1b75b 100644 --- a/kubernetes/apps/networking/echo-server/app/helmrelease.yaml +++ b/kubernetes/apps/networking/echo-server/app/helmrelease.yaml @@ -77,6 +77,19 @@ spec: service: identifier: app port: http + route: + envoy: + enabled: true + parentRefs: + - name: envoy-external + namespace: networking + sectionName: https + hostnames: + - "echo-envoy.ktwo.io" + rules: + - backendRefs: + - port: *port + name: *app service: app: controller: *app diff --git a/kubernetes/apps/networking/envoy/app/helmrelease.yaml b/kubernetes/apps/networking/envoy/app/helmrelease.yaml new file mode 100644 index 0000000000..38ab351082 --- /dev/null +++ b/kubernetes/apps/networking/envoy/app/helmrelease.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: envoy +spec: + interval: 30m + chart: + spec: + chart: gateway-helm + version: v0.0.0-latest + sourceRef: + kind: HelmRepository + name: envoy-proxy + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + deployment: + envoyGateway: + image: + repository: docker.io/envoyproxy/gateway + tag: v1.2.4 + rbac: + cluster: true diff --git a/kubernetes/apps/networking/envoy/app/kustomization.yaml b/kubernetes/apps/networking/envoy/app/kustomization.yaml new file mode 100644 index 0000000000..90ae7fbcb0 --- /dev/null +++ b/kubernetes/apps/networking/envoy/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + # renovate: depName=envoyproxy/gateway datasource=github-releases + - https://github.com/envoyproxy/gateway/releases/download/v1.1.4/install.yaml + - ./helmrelease.yaml diff --git a/kubernetes/apps/networking/envoy/external/gateway.yaml b/kubernetes/apps/networking/envoy/external/gateway.yaml new file mode 100644 index 0000000000..4c2b3f4011 --- /dev/null +++ b/kubernetes/apps/networking/envoy/external/gateway.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: envoy-external +spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: config + namespace: networking +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: envoy-external + annotations: + external-dns.alpha.kubernetes.io/hostname: external-envoy.ktwo.io +spec: + gatewayClassName: envoy + infrastructure: + annotations: + # when using gateway-apis in cilium it also creates a service + # with a different name and tries to take this IP. + # the problem is the service created by cilium is not the one used by envoy. + # therefore, the service is disabled + lbipam.cilium.io/ips: 192.168.20.90 + listeners: + - name: http + protocol: HTTP + port: 80 + hostname: "*.ktwo.io" + allowedRoutes: + namespaces: + from: All + - name: https + protocol: HTTPS + port: 443 + hostname: "*.ktwo.io" + allowedRoutes: + namespaces: + from: All + tls: + certificateRefs: + - kind: Secret + name: wildcard-tls diff --git a/kubernetes/apps/networking/envoy/external/kustomization.yaml b/kubernetes/apps/networking/envoy/external/kustomization.yaml new file mode 100644 index 0000000000..b8a76b8b37 --- /dev/null +++ b/kubernetes/apps/networking/envoy/external/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./gateway.yaml diff --git a/kubernetes/apps/networking/envoy/internal/kustomization.yaml b/kubernetes/apps/networking/envoy/internal/kustomization.yaml new file mode 100644 index 0000000000..fe0f332a96 --- /dev/null +++ b/kubernetes/apps/networking/envoy/internal/kustomization.yaml @@ -0,0 +1,4 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: [] diff --git a/kubernetes/apps/networking/envoy/ks.yaml b/kubernetes/apps/networking/envoy/ks.yaml new file mode 100644 index 0000000000..cad7af980c --- /dev/null +++ b/kubernetes/apps/networking/envoy/ks.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app envoy + namespace: flux-system +spec: + targetNamespace: networking + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: cert-manager-issuers + path: ./kubernetes/apps/networking/envoy/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app envoy-external + namespace: flux-system +spec: + targetNamespace: networking + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: envoy + path: ./kubernetes/apps/networking/envoy/external + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: true + interval: 30m + retryInterval: 1m + timeout: 15m +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app envoy-internal + namespace: flux-system +spec: + targetNamespace: networking + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: envoy + path: ./kubernetes/apps/networking/envoy/internal + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: true + interval: 30m + retryInterval: 1m + timeout: 15m \ No newline at end of file diff --git a/kubernetes/apps/networking/kustomization.yaml b/kubernetes/apps/networking/kustomization.yaml index 304ee244e5..93cec96f30 100644 --- a/kubernetes/apps/networking/kustomization.yaml +++ b/kubernetes/apps/networking/kustomization.yaml @@ -5,6 +5,7 @@ resources: - ./namespace.yaml - ./cloudflared/ks.yaml - ./echo-server/ks.yaml + - ./envoy/ks.yaml - ./external-dns/ks.yaml - ./multus/ks.yaml - ./nginx/ks.yaml diff --git a/kubernetes/flux/repositories/helm/deliveryhero.yaml b/kubernetes/flux/repositories/helm/deliveryhero.yaml deleted file mode 100644 index 93a4ccc1b1..0000000000 --- a/kubernetes/flux/repositories/helm/deliveryhero.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: deliveryhero - namespace: flux-system -spec: - interval: 2h - url: https://charts.deliveryhero.io/ diff --git a/kubernetes/flux/repositories/helm/stevehipwell.yaml b/kubernetes/flux/repositories/helm/envoy-proxy.yaml similarity index 66% rename from kubernetes/flux/repositories/helm/stevehipwell.yaml rename to kubernetes/flux/repositories/helm/envoy-proxy.yaml index d703073692..c43c743f53 100644 --- a/kubernetes/flux/repositories/helm/stevehipwell.yaml +++ b/kubernetes/flux/repositories/helm/envoy-proxy.yaml @@ -2,9 +2,9 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: - name: stevehipwell + name: envoy-proxy namespace: flux-system spec: type: oci interval: 5m - url: oci://ghcr.io/stevehipwell/helm-charts + url: oci://docker.io/envoyproxy diff --git a/kubernetes/flux/repositories/helm/fairwinds.yaml b/kubernetes/flux/repositories/helm/fairwinds.yaml deleted file mode 100644 index eb9e6329f6..0000000000 --- a/kubernetes/flux/repositories/helm/fairwinds.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: fairwinds - namespace: flux-system -spec: - interval: 2h - url: https://charts.fairwinds.com/stable diff --git a/kubernetes/flux/repositories/helm/kustomization.yaml b/kubernetes/flux/repositories/helm/kustomization.yaml index e1c3456660..64f7cdc3a0 100644 --- a/kubernetes/flux/repositories/helm/kustomization.yaml +++ b/kubernetes/flux/repositories/helm/kustomization.yaml @@ -8,11 +8,10 @@ resources: - ./cilium.yaml - ./cloudnative-pg.yaml - ./coredns.yaml - - ./deliveryhero.yaml - ./emqx.yaml + - ./envoy-proxy.yaml - ./external-dns.yaml - ./external-secrets.yaml - - ./fairwinds.yaml - ./grafana.yaml - ./ingress-nginx.yaml - ./intel.yaml @@ -28,4 +27,3 @@ resources: - ./rook-ceph.yaml - ./spegel.yaml - ./stakater.yaml - - ./stevehipwell.yaml