feat: Setup ArgoCD on k8s-peterg

k8s-peterg/argocd/httproute.yaml

@@ -10,7 +10,7 @@ spec:
       namespace: kube-system
       sectionName: http
   hostnames:
-    - "argocd.k8s-test.wheatley.in"
+    - "argocd.k8s.peterg.nl"
   rules:
     - backendRefs:
         - name: argocd-server

k8s-peterg/cilium-gatewayapi/gateways.yaml

@@ -0,0 +1,55 @@
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: public
+spec:
+  gatewayClassName: cilium
+  infrastructure:
+  addresses:
+    - type: IPAddress
+      value: 10.7.65.250
+  listeners:
+    - allowedRoutes:
+        namespaces:
+          from: All
+      name: http
+      port: 80
+      protocol: HTTP
+    - allowedRoutes:
+        namespaces:
+          from: All
+      name: https
+      port: 443
+      protocol: HTTPS
+      tls:
+        certificateRefs:
+          - kind: Secret
+            name: selfsigned-cert-tls
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: internal
+spec:
+  gatewayClassName: cilium
+  addresses:
+    - type: IPAddress
+      value: 10.167.84.11
+  listeners:
+    - allowedRoutes:
+        namespaces:
+          from: All
+      name: http
+      port: 80
+      protocol: HTTP
+    - allowedRoutes:
+        namespaces:
+          from: All
+      name: https
+      port: 443
+      protocol: HTTPS
+      tls:
+        certificateRefs:
+          - kind: Secret
+            name: selfsigned-cert-tls

k8s-peterg/cilium-gatewayapi/httproute.yaml

@@ -0,0 +1,33 @@
+# ---
+# apiVersion: gateway.networking.k8s.io/v1
+# kind: HTTPRoute
+# metadata:
+#   name: http-filter-redirect
+# spec:
+#   parentRefs:
+#   - name: shared
+#     sectionName: http
+#   - name: internal
+#     sectionName: http
+#   rules:
+#   - filters:
+#     - type: RequestRedirect
+#       requestRedirect:
+#         scheme: https
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: hubble-route
+  namespace: kube-system
+spec:
+  parentRefs:
+    - name: internal
+      namespace: kube-system
+      sectionName: https
+  hostnames:
+    - "hubble.k8s.peterg.nl"
+  rules:
+    - backendRefs:
+        - name: hubble-ui
+          port: 80

k8s-peterg/cilium-gatewayapi/ip-pool.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: internal-pool
+spec:
+  blocks:
+  - cidr: "10.167.84.11/32"
+---
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: public-pool
+spec:
+  blocks:
+  - cidr: "10.7.65.250/32"
+---
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: l2adv
+spec:
+  loadBalancerIPs: true

k8s-peterg/cilium-gatewayapi/kustomization.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+
+resources:
+  - ip-pool.yaml
+  - gateways.yaml
+  - httproute.yaml
+  - tls.yaml

k8s-peterg/cilium-gatewayapi/tls.yaml

@@ -0,0 +1,25 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager-test
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: test-selfsigned
+  namespace: cert-manager-test
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: selfsigned-cert
+  namespace: cert-manager-test
+spec:
+  dnsNames:
+    - "*.k8s.peterg.nl"
+  secretName: selfsigned-cert-tls
+  issuerRef:
+    name: test-selfsigned

k8s-peterg/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cilium-gatewayapi
+  - argocd