migrate from ingress-nginx to gateway-api

apps/kustomize/web/base/gateway/backendtlspolicy.yaml

@@ -0,0 +1,14 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: BackendTLSPolicy
+metadata:
+  name: web-gw
+spec:
+  targetRefs:
+    - kind: Service
+      name: web
+      group: ""
+  validation:
+    caCertificateRefs:
+      - kind: ConfigMap
+        name: brds-bundle
+        group: ""

apps/kustomize/web/base/gateway/gateway.yaml

@@ -0,0 +1,8 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  annotations:
+    cert-manager.io/issuer: web-gw-issuer
+  name: web-gw
+spec:
+  gatewayClassName: cilium

apps/kustomize/web/base/gateway/issuer.yaml

@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: web-gw-issuer
+spec:
+  acme:
+    email: drew@brds.ca
+    privateKeySecretRef:
+      name: web-gw-issuer
+    solvers:
+      - http01:
+          gatewayHTTPRoute:
+            parentRefs:
+              - name: web-gw
+                kind: Gateway

apps/kustomize/web/base/gateway/referencegrant.yaml

@@ -0,0 +1,12 @@
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: ReferenceGrant
+metadata:
+  name: web-gw
+spec:
+  from:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      namespace: gateway-prod
+  to:
+    - group: ""
+      kind: Secret

apps/kustomize/web/base/gateway/routes/http-v4.yaml

@@ -0,0 +1,15 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: web-http-v4
+spec:
+  rules:
+    - filters:
+        - requestRedirect:
+            scheme: https
+            statusCode: 301
+          type: RequestRedirect
+      matches:
+        - path:
+            type: PathPrefix
+            value: /

apps/kustomize/web/base/gateway/routes/http.yaml

@@ -0,0 +1,20 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: web-http
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: web-gw
+      sectionName: http
+  rules:
+    - filters:
+        - requestRedirect:
+            scheme: https
+            statusCode: 301
+          type: RequestRedirect
+      matches:
+        - path:
+            type: PathPrefix
+            value: /

apps/kustomize/web/base/gateway/routes/https-v4.yaml

@@ -0,0 +1,15 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: web-https-v4
+spec:
+  rules:
+    - backendRefs:
+        - group: ""
+          kind: Service
+          name: web
+          port: 443
+      matches:
+        - path:
+            type: PathPrefix
+            value: /

apps/kustomize/web/base/gateway/routes/https.yaml

@@ -0,0 +1,20 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: web-https
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: web-gw
+      sectionName: https
+  rules:
+    - backendRefs:
+        - group: ""
+          kind: Service
+          name: web
+          port: 443
+      matches:
+        - path:
+            type: PathPrefix
+            value: /

apps/kustomize/web/base/kustomization.yaml

@@ -2,7 +2,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
+  - gateway/routes/http.yaml
+  - gateway/routes/http-v4.yaml
+  - gateway/routes/https.yaml
+  - gateway/routes/https-v4.yaml
+  - gateway/backendtlspolicy.yaml
+  - gateway/gateway.yaml
+  - gateway/issuer.yaml
+  - gateway/referencegrant.yaml
   - web/deployment.yaml
-  - web/ingress.yaml
   - web/service.yaml
   - web/web-backend-tls.yaml

apps/kustomize/web/base/web/ingress.yaml

@@ -1,11 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    acme.cert-manager.io/http01-ingress-class: nginx
-    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
-  name: web
-  labels:
-    app: web
-spec:
-  ingressClassName: nginx