Compare commits
7 Commits
fc7f977ab5
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
59bda86be9
|
|||
| 84c8a8b6b6 | |||
|
d31a196d87
|
|||
| b8d41e95e4 | |||
|
d716c4bb6d
|
|||
|
c214ae7de8
|
|||
|
af15c9715b
|
8
apps/kustomize/web/base/gateway/gateway.yaml
Normal file
8
apps/kustomize/web/base/gateway/gateway.yaml
Normal file
@@ -0,0 +1,8 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/issuer: web-gw-issuer
|
||||
name: web-gw
|
||||
spec:
|
||||
gatewayClassName: cilium
|
||||
15
apps/kustomize/web/base/gateway/issuer.yaml
Normal file
15
apps/kustomize/web/base/gateway/issuer.yaml
Normal file
@@ -0,0 +1,15 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: web-gw-issuer
|
||||
spec:
|
||||
acme:
|
||||
email: drew@brds.ca
|
||||
privateKeySecretRef:
|
||||
name: web-gw-issuer
|
||||
solvers:
|
||||
- http01:
|
||||
gatewayHTTPRoute:
|
||||
parentRefs:
|
||||
- name: web-gw
|
||||
kind: Gateway
|
||||
12
apps/kustomize/web/base/gateway/referencegrant.yaml
Normal file
12
apps/kustomize/web/base/gateway/referencegrant.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: ReferenceGrant
|
||||
metadata:
|
||||
name: web-gw
|
||||
spec:
|
||||
from:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
namespace: gateway-prod
|
||||
to:
|
||||
- group: ""
|
||||
kind: Secret
|
||||
15
apps/kustomize/web/base/gateway/routes/http-v4.yaml
Normal file
15
apps/kustomize/web/base/gateway/routes/http-v4.yaml
Normal file
@@ -0,0 +1,15 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: web-http-v4
|
||||
spec:
|
||||
rules:
|
||||
- filters:
|
||||
- requestRedirect:
|
||||
scheme: https
|
||||
statusCode: 301
|
||||
type: RequestRedirect
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
20
apps/kustomize/web/base/gateway/routes/http.yaml
Normal file
20
apps/kustomize/web/base/gateway/routes/http.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: web-http
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: web-gw
|
||||
sectionName: http
|
||||
rules:
|
||||
- filters:
|
||||
- requestRedirect:
|
||||
scheme: https
|
||||
statusCode: 301
|
||||
type: RequestRedirect
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
@@ -2,7 +2,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- gateway/routes/http.yaml
|
||||
- gateway/routes/http-v4.yaml
|
||||
- gateway/gateway.yaml
|
||||
- gateway/issuer.yaml
|
||||
- gateway/referencegrant.yaml
|
||||
- web/deployment.yaml
|
||||
- web/ingress.yaml
|
||||
- web/service.yaml
|
||||
- web/web-backend-tls.yaml
|
||||
|
||||
@@ -23,6 +23,9 @@ spec:
|
||||
limits:
|
||||
memory: 512Mi
|
||||
ports:
|
||||
- containerPort: 80
|
||||
protocol: TCP
|
||||
name: http
|
||||
- containerPort: 443
|
||||
protocol: TCP
|
||||
name: https
|
||||
|
||||
@@ -1,11 +0,0 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
annotations:
|
||||
acme.cert-manager.io/http01-ingress-class: nginx
|
||||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
||||
name: web
|
||||
labels:
|
||||
app: web
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
@@ -4,6 +4,10 @@ metadata:
|
||||
name: web
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 80
|
||||
- name: https
|
||||
port: 443
|
||||
protocol: TCP
|
||||
|
||||
29
apps/kustomize/web/envs/stage/gateway/gateway.yaml
Normal file
29
apps/kustomize/web/envs/stage/gateway/gateway.yaml
Normal file
@@ -0,0 +1,29 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: web-gw
|
||||
spec:
|
||||
addresses:
|
||||
- value: 2600:70ff:b815:802:88eb:2ce8:86c9:564c
|
||||
listeners:
|
||||
- name: http
|
||||
hostname: stage.d-b.ca
|
||||
port: 80
|
||||
protocol: HTTP
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
- name: https
|
||||
hostname: stage.d-b.ca
|
||||
port: 443
|
||||
protocol: HTTPS
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Selector
|
||||
selector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: authentik-private-prod
|
||||
tls:
|
||||
mode: Terminate
|
||||
certificateRefs:
|
||||
- name: web-tls
|
||||
7
apps/kustomize/web/envs/stage/gateway/issuer.yaml
Normal file
7
apps/kustomize/web/envs/stage/gateway/issuer.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: web-gw-issuer
|
||||
spec:
|
||||
acme:
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
13
apps/kustomize/web/envs/stage/gateway/routes/http-v4.yaml
Normal file
13
apps/kustomize/web/envs/stage/gateway/routes/http-v4.yaml
Normal file
@@ -0,0 +1,13 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: web-http-v4
|
||||
spec:
|
||||
hostnames:
|
||||
- stage.d-b.ca
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: v4-gw
|
||||
namespace: gateway-prod
|
||||
sectionName: dbca-web-stage-http
|
||||
7
apps/kustomize/web/envs/stage/gateway/routes/http.yaml
Normal file
7
apps/kustomize/web/envs/stage/gateway/routes/http.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: web-http
|
||||
spec:
|
||||
hostnames:
|
||||
- stage.d-b.ca
|
||||
@@ -4,7 +4,10 @@ kind: Kustomization
|
||||
resources:
|
||||
- ../../base
|
||||
|
||||
patchesStrategicMerge:
|
||||
- web/ingress.yaml
|
||||
- web/web-backend-tls.yaml
|
||||
- web/web-image.yaml
|
||||
patches:
|
||||
- path: gateway/routes/http.yaml
|
||||
- path: gateway/routes/http-v4.yaml
|
||||
- path: gateway/gateway.yaml
|
||||
- path: gateway/issuer.yaml
|
||||
- path: web/web-backend-tls.yaml
|
||||
- path: web/web-image.yaml
|
||||
|
||||
@@ -1,30 +0,0 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
nginx.ingress.kubernetes.io/auth-url: |-
|
||||
http://ak-outpost-forward-auth-proxy-default.iam.svc.k8s.ho.brds.ca:9000/outpost.goauthentik.io/auth/nginx
|
||||
nginx.ingress.kubernetes.io/auth-signin: |-
|
||||
https://stage.d-b.ca/outpost.goauthentik.io/start?rd=$scheme://$http_host$escaped_request_uri
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: |-
|
||||
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-entitlements,X-authentik-email,X-authentik-name,X-authentik-uid
|
||||
nginx.ingress.kubernetes.io/auth-snippet: |
|
||||
proxy_set_header X-Forwarded-Host $http_host;
|
||||
name: web
|
||||
spec:
|
||||
rules:
|
||||
- host: stage.d-b.ca
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
service:
|
||||
name: web
|
||||
port:
|
||||
name: https
|
||||
path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- stage.d-b.ca
|
||||
secretName: web-tls
|
||||
@@ -7,4 +7,4 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: web
|
||||
image: core.harbor.brds.ca/d-b.ca/web:aaf6031c58a8f07df0d98877ae71ffbbbb0ee350
|
||||
image: core.harbor.brds.ca/d-b.ca/web:3e53b359389830203b11a3cc9d2f7e63083246f4
|
||||
|
||||
Reference in New Issue
Block a user