Start moving all ingresses out of the apps to a central place

template/stacks/core/ingress-apps.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ingress-apps
+  namespace: argocd
+  labels:
+    example: ref-implementation
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    server: "https://kubernetes.default.svc"
+  source:
+    repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+    targetRevision: HEAD
+    path: "stacks/core/ingress-apps"
+  project: default
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

template/stacks/core/ingress-apps/manifests.yaml

@@ -0,0 +1,219 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+    nginx.ingress.kubernetes.io/use-regex: "true"
+  name: argo-workflows-ingress
+  namespace: argo
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: localhost
+    http:
+      paths:
+      - backend:
+          service:
+            name: argo-server
+            port:
+              name: web
+        path: /argo-workflows(/|$)(.*)
+        pathType: ImplementationSpecific
+  - host: cnoe.localtest.me
+    http:
+      paths:
+      - backend:
+          service:
+            name: argo-server
+            port:
+              name: web
+        path: /argo-workflows(/|$)(.*)
+        pathType: ImplementationSpecific
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: HTTP
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+    nginx.ingress.kubernetes.io/use-regex: "true"
+  name: argocd-server
+  namespace: argocd
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: cnoe.localtest.me
+    http:
+      paths:
+      - backend:
+          service:
+            name: argocd-server
+            port:
+              number: 80
+        path: /argocd(/|$)(.*)
+        pathType: ImplementationSpecific
+  tls:
+  - hosts:
+    - cnoe.localtest.me
+    secretName: argocd-net-tls
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: backstage
+  namespace: backstage
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: localhost
+    http:
+      paths:
+      - backend:
+          service:
+            name: backstage
+            port:
+              name: http
+        path: /
+        pathType: Prefix
+  - host: cnoe.localtest.me
+    http:
+      paths:
+      - backend:
+          service:
+            name: backstage
+            port:
+              name: http
+        path: /
+        pathType: Prefix
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: fibonacci-service
+  namespace: fibonacci-app
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: cnoe.localtest.me
+    http:
+      paths:
+      - backend:
+          service:
+            name: fibonacci-service
+            port:
+              number: 9090
+        path: /fibonacci
+        pathType: Prefix
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: 512m
+  name: forgejo
+  namespace: gitea
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: gitea.cnoe.localtest.me
+    http:
+      paths:
+      - backend:
+          service:
+            name: forgejo-http
+            port:
+              number: 3000
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - gitea.cnoe.localtest.me
+    secretName: forgejo-net-tls
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: keycloak-ingress-localhost
+  namespace: keycloak
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: localhost
+    http:
+      paths:
+      - backend:
+          service:
+            name: keycloak
+            port:
+              name: http
+        path: /keycloak
+        pathType: ImplementationSpecific
+  - host: cnoe.localtest.me
+    http:
+      paths:
+      - backend:
+          service:
+            name: keycloak
+            port:
+              name: http
+        path: /keycloak
+        pathType: ImplementationSpecific
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: minio-console
+  namespace: minio-backup
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: minio-backup.cnoe.localtest.me
+    http:
+      paths:
+      - backend:
+          service:
+            name: minio-console
+            port:
+              number: 9001
+        path: /
+        pathType: Prefix
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kube-prometheus-stack-grafana
+  namespace: monitoring
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: cnoe.localtest.me
+    http:
+      paths:
+      - backend:
+          service:
+            name: kube-prometheus-stack-grafana
+            port:
+              number: 80
+        path: /grafana
+        pathType: Prefix
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: openbao
+  namespace: openbao
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: openbao.cnoe.localtest.me
+    http:
+      paths:
+      - backend:
+          service:
+            name: openbao
+            port:
+              number: 8200
+        path: /
+        pathType: Prefix

template/stacks/monitoring/kube-prometheus/values.yaml

@@ -17,13 +17,6 @@ grafana:
     syncOptions:
     - ServerSideApply=true      
 
-  ingress:
-    enabled: true
-    ingressClassName: nginx
-    hosts:
-      - {{ .Values.edfbuilderTargetDomain }}    
-    path: /grafana   
-
   sidecar:
     dashboards:
       enabled: true

template/stacks/ref-implementation/fibonacci-app/ingress.yaml

@@ -1,18 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: fibonacci-service
-  namespace: fibonacci-app
-spec:
-  ingressClassName: nginx
-  rules:
-  - host: {{ .Values.edfbuilderTargetDomain }}
-    http:
-      paths:
-      - backend:
-          service:
-            name: fibonacci-service
-            port:
-              number: 9090
-        path: /fibonacci
-        pathType: Prefix

template/stacks/ref-implementation/keycloak/manifests/ingress.yaml

@@ -1,30 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: keycloak-ingress-localhost
-  namespace: keycloak
-  annotations:
-    argocd.argoproj.io/sync-wave: "100"
-spec:
-  ingressClassName: "nginx"
-  rules:
-    - host: localhost
-      http:
-        paths:
-          - path: /keycloak
-            pathType: ImplementationSpecific
-            backend:
-              service:
-                name: keycloak
-                port:
-                  name: http
-    - host: {{ .Values.edfbuilderTargetDomain }}
-      http:
-        paths:
-          - path: /keycloak
-            pathType: ImplementationSpecific
-            backend:
-              service:
-                name: keycloak
-                port:
-                  name: http

template/stacks/ref-implementation/openbao/values.yaml

@@ -1,10 +1,4 @@
 server:
-  ingress:
-    enabled: true
-    ingressClassName: nginx
-    hosts:
-      - host: openbao.{{ .Values.edfbuilderTargetDomain }}
-        paths: []
   dev:
     enabled: true