From 86af4d2db4ce558e7cec713a1e7131ee0cb7956e Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sun, 8 Dec 2024 17:27:59 +0100 Subject: [PATCH] Start moving all ingresses out of the apps to a central place --- template/stacks/core/ingress-apps.yaml | 22 ++ .../stacks/core/ingress-apps/manifests.yaml | 219 ++++++++++++++++++ .../monitoring/kube-prometheus/values.yaml | 7 - .../fibonacci-app/ingress.yaml | 18 -- .../keycloak/manifests/ingress.yaml | 30 --- .../ref-implementation/openbao/values.yaml | 6 - 6 files changed, 241 insertions(+), 61 deletions(-) create mode 100644 template/stacks/core/ingress-apps.yaml create mode 100644 template/stacks/core/ingress-apps/manifests.yaml delete mode 100644 template/stacks/ref-implementation/fibonacci-app/ingress.yaml delete mode 100644 template/stacks/ref-implementation/keycloak/manifests/ingress.yaml diff --git a/template/stacks/core/ingress-apps.yaml b/template/stacks/core/ingress-apps.yaml new file mode 100644 index 0000000..7b6b125 --- /dev/null +++ b/template/stacks/core/ingress-apps.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ingress-apps + namespace: argocd + labels: + example: ref-implementation + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + server: "https://kubernetes.default.svc" + source: + repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder + targetRevision: HEAD + path: "stacks/core/ingress-apps" + project: default + syncPolicy: + automated: + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/template/stacks/core/ingress-apps/manifests.yaml b/template/stacks/core/ingress-apps/manifests.yaml new file mode 100644 index 0000000..67a18b3 --- /dev/null +++ b/template/stacks/core/ingress-apps/manifests.yaml @@ -0,0 +1,219 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" + name: argo-workflows-ingress + namespace: argo +spec: + ingressClassName: nginx + rules: + - host: localhost + http: + paths: + - backend: + service: + name: argo-server + port: + name: web + path: /argo-workflows(/|$)(.*) + pathType: ImplementationSpecific + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: argo-server + port: + name: web + path: /argo-workflows(/|$)(.*) + pathType: ImplementationSpecific +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" + name: argocd-server + namespace: argocd +spec: + ingressClassName: nginx + rules: + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: argocd-server + port: + number: 80 + path: /argocd(/|$)(.*) + pathType: ImplementationSpecific + tls: + - hosts: + - cnoe.localtest.me + secretName: argocd-net-tls +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: backstage + namespace: backstage +spec: + ingressClassName: nginx + rules: + - host: localhost + http: + paths: + - backend: + service: + name: backstage + port: + name: http + path: / + pathType: Prefix + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: backstage + port: + name: http + path: / + pathType: Prefix +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: fibonacci-service + namespace: fibonacci-app +spec: + ingressClassName: nginx + rules: + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: fibonacci-service + port: + number: 9090 + path: /fibonacci + pathType: Prefix +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: 512m + name: forgejo + namespace: gitea +spec: + ingressClassName: nginx + rules: + - host: gitea.cnoe.localtest.me + http: + paths: + - backend: + service: + name: forgejo-http + port: + number: 3000 + path: / + pathType: Prefix + tls: + - hosts: + - gitea.cnoe.localtest.me + secretName: forgejo-net-tls +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak-ingress-localhost + namespace: keycloak +spec: + ingressClassName: nginx + rules: + - host: localhost + http: + paths: + - backend: + service: + name: keycloak + port: + name: http + path: /keycloak + pathType: ImplementationSpecific + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: keycloak + port: + name: http + path: /keycloak + pathType: ImplementationSpecific +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: minio-console + namespace: minio-backup +spec: + ingressClassName: nginx + rules: + - host: minio-backup.cnoe.localtest.me + http: + paths: + - backend: + service: + name: minio-console + port: + number: 9001 + path: / + pathType: Prefix +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kube-prometheus-stack-grafana + namespace: monitoring +spec: + ingressClassName: nginx + rules: + - host: cnoe.localtest.me + http: + paths: + - backend: + service: + name: kube-prometheus-stack-grafana + port: + number: 80 + path: /grafana + pathType: Prefix +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: openbao + namespace: openbao +spec: + ingressClassName: nginx + rules: + - host: openbao.cnoe.localtest.me + http: + paths: + - backend: + service: + name: openbao + port: + number: 8200 + path: / + pathType: Prefix diff --git a/template/stacks/monitoring/kube-prometheus/values.yaml b/template/stacks/monitoring/kube-prometheus/values.yaml index 7b80872..bd4be29 100644 --- a/template/stacks/monitoring/kube-prometheus/values.yaml +++ b/template/stacks/monitoring/kube-prometheus/values.yaml @@ -17,13 +17,6 @@ grafana: syncOptions: - ServerSideApply=true - ingress: - enabled: true - ingressClassName: nginx - hosts: - - {{ .Values.edfbuilderTargetDomain }} - path: /grafana - sidecar: dashboards: enabled: true diff --git a/template/stacks/ref-implementation/fibonacci-app/ingress.yaml b/template/stacks/ref-implementation/fibonacci-app/ingress.yaml deleted file mode 100644 index c5d189b..0000000 --- a/template/stacks/ref-implementation/fibonacci-app/ingress.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: fibonacci-service - namespace: fibonacci-app -spec: - ingressClassName: nginx - rules: - - host: {{ .Values.edfbuilderTargetDomain }} - http: - paths: - - backend: - service: - name: fibonacci-service - port: - number: 9090 - path: /fibonacci - pathType: Prefix \ No newline at end of file diff --git a/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml b/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml deleted file mode 100644 index 6fea2c7..0000000 --- a/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: keycloak-ingress-localhost - namespace: keycloak - annotations: - argocd.argoproj.io/sync-wave: "100" -spec: - ingressClassName: "nginx" - rules: - - host: localhost - http: - paths: - - path: /keycloak - pathType: ImplementationSpecific - backend: - service: - name: keycloak - port: - name: http - - host: {{ .Values.edfbuilderTargetDomain }} - http: - paths: - - path: /keycloak - pathType: ImplementationSpecific - backend: - service: - name: keycloak - port: - name: http diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index d929572..7fecb1d 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -1,10 +1,4 @@ server: - ingress: - enabled: true - ingressClassName: nginx - hosts: - - host: openbao.{{ .Values.edfbuilderTargetDomain }} - paths: [] dev: enabled: true