marco/veda
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Add gateway-api application and update Traefik configuration; disable old ingress

Browse Source
This commit is contained in:
Marco van Zijl 2025-11-08 14:51:38 +01:00
parent 88ac421c19
commit 8c8a56b9f6
8 changed files with 91 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
apps/gateway-api/application.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: gateway-api
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "0"
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://github.com/kubernetes-sigs/gateway-api
targetRevision: v1.4.0
path: config/crd/standard
destination:
server: https://kubernetes.default.svc
syncPolicy:
automated:
prune: false
selfHeal: false
syncOptions:
- CreateNamespace=true
- Replace=true
- ServerSideApply=true

3
apps/traefik/application.yaml
View File

@ -27,4 +27,5 @@ spec:
syncOptions:
- CreateNamespace=true
- PruneLast=true
- PrunePropagationPolicy=foreground
- PrunePropagationPolicy=foreground
- Replace=true

0
apps/traefik/templates/dashboard-httproute.yaml Normal file
View File

0
apps/traefik/templates/gateway.yaml Normal file
View File

0
apps/traefik/templates/reference-grant.yaml Normal file
View File

107
apps/traefik/values.yaml
View File

@ -1,60 +1,30 @@
traefik:
# Service configuration
global:
checkNewVersion: false
installCRDs: true
service:
type: LoadBalancer
annotations:
io.cilium/lb-ipam-ips: "192.168.0.2"
# Ports configuration
ports:
web:
port: 80
exposedPort: 80
protocol: TCP
websecure:
port: 443
exposedPort: 443
protocol: TCP
tls:
enabled: true
metrics:
port: 9100
expose:
default: false
protocol: TCP
# Enable dashboard
ingressRoute:
dashboard:
enabled: true
matchRule: Host(`traefik.noxxos.nl`)
entryPoints:
- websecure
# Global arguments
globalArguments:
- "--global.checknewversion=false"
- "--global.sendanonymoususage=false"
# Additional arguments
additionalArguments:
- "--api.dashboard=true"
- "--log.level=INFO"
- "--accesslog=true"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
# Providers
ports:
websecure:
asDefault: true
providers:
kubernetesCRD:
enabled: true
allowCrossNamespace: true
kubernetesIngress:
enabled: false
kubernetesGateway:
enabled: true
publishedService:
enabled: true
# Resource limits
resources:
requests:
cpu: "100m"
@ -62,27 +32,36 @@ traefik:
limits:
cpu: "500m"
memory: "512Mi"
# Replicas
deployment:
replicas: 2
# Metrics (Prometheus)
metrics:
prometheus:
enabled: true
addEntryPointsLabels: true
addServicesLabels: true
# Security
securityContext:
capabilities:
drop: [ALL]
add: [NET_BIND_SERVICE]
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
podSecurityContext:
fsGroup: 65532
gateway:
listeners:
web:
namespacePolicy:
from: All
extraObjects:
- apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: traefik-dashboard
namespace: traefik
spec:
parentRefs:
- name: traefik-gateway
hostnames:
- "traefik.noxxos.nl"
rules:
- matches:
- path: { type: PathPrefix, value: /dashboard }
- path: { type: PathPrefix, value: /api }
backendRefs:
- group: traefik.io
kind: TraefikService
name: api@internal

20
platform/components/02-argocd/post-install/httproute.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: argocd-server
namespace: argocd
spec:
parentRefs:
- name: traefik-gateway
namespace: traefik
sectionName: websecure
hostnames:
- "argocd.noxxos.nl"
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: argocd-server
port: 80

5
platform/components/02-argocd/values.yaml
View File

@ -3,7 +3,4 @@ global:
server:
ingress:
enabled: true
ingressClassName: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
enabled: false