From 8c8a56b9f6a0dff0a3d391c844a56ca86d9acc1c Mon Sep 17 00:00:00 2001 From: Marco van Zijl Date: Sat, 8 Nov 2025 14:51:38 +0100 Subject: [PATCH] Add gateway-api application and update Traefik configuration; disable old ingress --- apps/gateway-api/application.yaml | 25 ++++ apps/traefik/application.yaml | 3 +- .../templates/dashboard-httproute.yaml | 0 apps/traefik/templates/gateway.yaml | 0 apps/traefik/templates/reference-grant.yaml | 0 apps/traefik/values.yaml | 107 +++++++----------- .../02-argocd/post-install/httproute.yaml | 20 ++++ platform/components/02-argocd/values.yaml | 5 +- 8 files changed, 91 insertions(+), 69 deletions(-) create mode 100644 apps/gateway-api/application.yaml create mode 100644 apps/traefik/templates/dashboard-httproute.yaml create mode 100644 apps/traefik/templates/gateway.yaml create mode 100644 apps/traefik/templates/reference-grant.yaml create mode 100644 platform/components/02-argocd/post-install/httproute.yaml diff --git a/apps/gateway-api/application.yaml b/apps/gateway-api/application.yaml new file mode 100644 index 0000000..7c6bb9e --- /dev/null +++ b/apps/gateway-api/application.yaml @@ -0,0 +1,25 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: gateway-api + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "0" + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://github.com/kubernetes-sigs/gateway-api + targetRevision: v1.4.0 + path: config/crd/standard + destination: + server: https://kubernetes.default.svc + syncPolicy: + automated: + prune: false + selfHeal: false + syncOptions: + - CreateNamespace=true + - Replace=true + - ServerSideApply=true diff --git a/apps/traefik/application.yaml b/apps/traefik/application.yaml index 5cabd9d..bd9d14a 100644 --- a/apps/traefik/application.yaml +++ b/apps/traefik/application.yaml @@ -27,4 +27,5 @@ spec: syncOptions: - CreateNamespace=true - PruneLast=true - - PrunePropagationPolicy=foreground \ No newline at end of file + - PrunePropagationPolicy=foreground + - Replace=true \ No newline at end of file diff --git a/apps/traefik/templates/dashboard-httproute.yaml b/apps/traefik/templates/dashboard-httproute.yaml new file mode 100644 index 0000000..e69de29 diff --git a/apps/traefik/templates/gateway.yaml b/apps/traefik/templates/gateway.yaml new file mode 100644 index 0000000..e69de29 diff --git a/apps/traefik/templates/reference-grant.yaml b/apps/traefik/templates/reference-grant.yaml new file mode 100644 index 0000000..e69de29 diff --git a/apps/traefik/values.yaml b/apps/traefik/values.yaml index 81b10c8..99715ff 100644 --- a/apps/traefik/values.yaml +++ b/apps/traefik/values.yaml @@ -1,60 +1,30 @@ + + traefik: - # Service configuration + + global: + checkNewVersion: false + + installCRDs: true + service: type: LoadBalancer annotations: io.cilium/lb-ipam-ips: "192.168.0.2" - - # Ports configuration - ports: - web: - port: 80 - exposedPort: 80 - protocol: TCP - websecure: - port: 443 - exposedPort: 443 - protocol: TCP - tls: - enabled: true - metrics: - port: 9100 - expose: - default: false - protocol: TCP - # Enable dashboard - ingressRoute: - dashboard: - enabled: true - matchRule: Host(`traefik.noxxos.nl`) - entryPoints: - - websecure - - # Global arguments - globalArguments: - - "--global.checknewversion=false" - - "--global.sendanonymoususage=false" - - # Additional arguments - additionalArguments: - - "--api.dashboard=true" - - "--log.level=INFO" - - "--accesslog=true" - - "--entrypoints.web.http.redirections.entrypoint.to=websecure" - - "--entrypoints.web.http.redirections.entrypoint.scheme=https" - - # Providers + ports: + websecure: + asDefault: true + providers: kubernetesCRD: enabled: true allowCrossNamespace: true kubernetesIngress: + enabled: false + kubernetesGateway: enabled: true - publishedService: - enabled: true - - # Resource limits + resources: requests: cpu: "100m" @@ -62,27 +32,36 @@ traefik: limits: cpu: "500m" memory: "512Mi" - - # Replicas + deployment: replicas: 2 - - # Metrics (Prometheus) + metrics: prometheus: enabled: true - addEntryPointsLabels: true - addServicesLabels: true - - # Security - securityContext: - capabilities: - drop: [ALL] - add: [NET_BIND_SERVICE] - readOnlyRootFilesystem: true - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 - - podSecurityContext: - fsGroup: 65532 \ No newline at end of file + + gateway: + listeners: + web: + namespacePolicy: + from: All + + extraObjects: + - apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + name: traefik-dashboard + namespace: traefik + spec: + parentRefs: + - name: traefik-gateway + hostnames: + - "traefik.noxxos.nl" + rules: + - matches: + - path: { type: PathPrefix, value: /dashboard } + - path: { type: PathPrefix, value: /api } + backendRefs: + - group: traefik.io + kind: TraefikService + name: api@internal diff --git a/platform/components/02-argocd/post-install/httproute.yaml b/platform/components/02-argocd/post-install/httproute.yaml new file mode 100644 index 0000000..e07e809 --- /dev/null +++ b/platform/components/02-argocd/post-install/httproute.yaml @@ -0,0 +1,20 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: argocd-server + namespace: argocd +spec: + parentRefs: + - name: traefik-gateway + namespace: traefik + sectionName: websecure + hostnames: + - "argocd.noxxos.nl" + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: argocd-server + port: 80 diff --git a/platform/components/02-argocd/values.yaml b/platform/components/02-argocd/values.yaml index 0c95630..ff5b76d 100644 --- a/platform/components/02-argocd/values.yaml +++ b/platform/components/02-argocd/values.yaml @@ -3,7 +3,4 @@ global: server: ingress: - enabled: true - ingressClassName: traefik - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure \ No newline at end of file + enabled: false \ No newline at end of file