feat: Setup ArgoCD on k8s-peterg

k8s-peterg/argocd/httproute.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: argocd-route
+  namespace: argocd
+spec:
+  parentRefs:
+    - name: internal
+      namespace: kube-system
+      sectionName: http
+  hostnames:
+    - "argocd.k8s.peterg.nl"
+  rules:
+    - backendRefs:
+        - name: argocd-server
+          port: 80

k8s-peterg/argocd/kustomization.yaml

@@ -0,0 +1,21 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - httproute.yaml
+  - install.yaml
+  - repository.yaml
+  - namespace.yaml
+
+namespace: argocd
+
+configMapGenerator:
+- name: argocd-cmd-params-cm
+  behavior: replace
+  literals:
+  - server.insecure=true
+  - reposerver.enable.git.submodule=false
+- name: argocd-cm
+  behavior: merge
+  literals:
+  - kustomize.buildOptions=--enable-helm

k8s-peterg/argocd/namespace.yaml

@@ -0,0 +1,6 @@
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: argocd

k8s-peterg/argocd/repository.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: argocd-private-repo
+  namespace: argocd
+  annotations:
+    managed-by: argocd.argoproj.io
+  labels:
+    argocd.argoproj.io/secret-type: repository
+stringData:
+  type: git
+  url: https://code.peterg.nl/wheatley/kubernetes.git

k8s-peterg/cilium-gatewayapi/gateways.yaml

@@ -0,0 +1,55 @@
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: public
+spec:
+  gatewayClassName: cilium
+  infrastructure:
+  addresses:
+    - type: IPAddress
+      value: 10.7.65.250
+  listeners:
+    - allowedRoutes:
+        namespaces:
+          from: All
+      name: http
+      port: 80
+      protocol: HTTP
+    - allowedRoutes:
+        namespaces:
+          from: All
+      name: https
+      port: 443
+      protocol: HTTPS
+      tls:
+        certificateRefs:
+          - kind: Secret
+            name: selfsigned-cert-tls
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: internal
+spec:
+  gatewayClassName: cilium
+  addresses:
+    - type: IPAddress
+      value: 10.167.84.11
+  listeners:
+    - allowedRoutes:
+        namespaces:
+          from: All
+      name: http
+      port: 80
+      protocol: HTTP
+    - allowedRoutes:
+        namespaces:
+          from: All
+      name: https
+      port: 443
+      protocol: HTTPS
+      tls:
+        certificateRefs:
+          - kind: Secret
+            name: selfsigned-cert-tls

k8s-peterg/cilium-gatewayapi/httproute.yaml

@@ -0,0 +1,33 @@
+# ---
+# apiVersion: gateway.networking.k8s.io/v1
+# kind: HTTPRoute
+# metadata:
+#   name: http-filter-redirect
+# spec:
+#   parentRefs:
+#   - name: shared
+#     sectionName: http
+#   - name: internal
+#     sectionName: http
+#   rules:
+#   - filters:
+#     - type: RequestRedirect
+#       requestRedirect:
+#         scheme: https
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: hubble-route
+  namespace: kube-system
+spec:
+  parentRefs:
+    - name: internal
+      namespace: kube-system
+      sectionName: https
+  hostnames:
+    - "hubble.k8s.peterg.nl"
+  rules:
+    - backendRefs:
+        - name: hubble-ui
+          port: 80

k8s-peterg/cilium-gatewayapi/ip-pool.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: internal-pool
+spec:
+  blocks:
+  - cidr: "10.167.84.11/32"
+---
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: public-pool
+spec:
+  blocks:
+  - cidr: "10.7.65.250/32"
+---
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: l2adv
+spec:
+  loadBalancerIPs: true

k8s-peterg/cilium-gatewayapi/kustomization.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+
+resources:
+  - ip-pool.yaml
+  - gateways.yaml
+  - httproute.yaml
+  - tls.yaml

k8s-peterg/cilium-gatewayapi/tls.yaml

@@ -0,0 +1,25 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager-test
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: test-selfsigned
+  namespace: cert-manager-test
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: selfsigned-cert
+  namespace: cert-manager-test
+spec:
+  dnsNames:
+    - "*.k8s.peterg.nl"
+  secretName: selfsigned-cert-tls
+  issuerRef:
+    name: test-selfsigned

k8s-peterg/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cilium-gatewayapi
+  - argocd