chore: Refactor Cilium

k8s-peterg/cilium/gateways.yaml

@@ -0,0 +1,55 @@
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: public
+spec:
+  gatewayClassName: cilium
+  infrastructure:
+  addresses:
+    - type: IPAddress
+      value: 10.7.65.250
+  listeners:
+    - allowedRoutes:
+        namespaces:
+          from: All
+      name: http
+      port: 80
+      protocol: HTTP
+    - allowedRoutes:
+        namespaces:
+          from: All
+      name: https
+      port: 443
+      protocol: HTTPS
+      tls:
+        certificateRefs:
+          - kind: Secret
+            name: selfsigned-cert-tls
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: internal
+spec:
+  gatewayClassName: cilium
+  addresses:
+    - type: IPAddress
+      value: 10.167.84.11
+  listeners:
+    - allowedRoutes:
+        namespaces:
+          from: All
+      name: http
+      port: 80
+      protocol: HTTP
+    - allowedRoutes:
+        namespaces:
+          from: All
+      name: https
+      port: 443
+      protocol: HTTPS
+      tls:
+        certificateRefs:
+          - kind: Secret
+            name: selfsigned-cert-tls

k8s-peterg/cilium/httproute.yaml

@@ -0,0 +1,33 @@
+# ---
+# apiVersion: gateway.networking.k8s.io/v1
+# kind: HTTPRoute
+# metadata:
+#   name: http-filter-redirect
+# spec:
+#   parentRefs:
+#   - name: shared
+#     sectionName: http
+#   - name: internal
+#     sectionName: http
+#   rules:
+#   - filters:
+#     - type: RequestRedirect
+#       requestRedirect:
+#         scheme: https
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: hubble-route
+  namespace: kube-system
+spec:
+  parentRefs:
+    - name: internal
+      namespace: kube-system
+      sectionName: http
+  hostnames:
+    - "hubble.k8s.peterg.nl"
+  rules:
+    - backendRefs:
+        - name: hubble-ui
+          port: 80

k8s-peterg/cilium/ip-pool.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: internal-pool
+spec:
+  blocks:
+    - cidr: "10.167.84.11/32"
+---
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: public-pool
+spec:
+  blocks:
+    - cidr: "10.7.65.250/32"
+---
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: l2adv
+spec:
+  loadBalancerIPs: true

k8s-peterg/cilium/kustomization.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+
+resources:
+  - namespace.yaml
+  - ip-pool.yaml
+  - gateways.yaml
+  - httproute.yaml

k8s-peterg/cilium/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kube-system