Matthias Hinrichs
40 lines
992 B
YAML
40 lines
992 B
YAML
---
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: Gateway
|
|
metadata:
|
|
name: shared-gateway
|
|
namespace: default
|
|
labels:
|
|
bgp.cilium.io/ip-pool: default # Damit bekommt das Gateway eine IP aus deinem Pool
|
|
annotations:
|
|
# Damit external-dns diesen Gateway findet und einen DNS-Eintrag erstellt
|
|
# (falls external-dns Gateway API unterstützt, was es tut)
|
|
cert-manager.io/cluster-issuer: cloudflare-cluster-issuer
|
|
spec:
|
|
gatewayClassName: envoy-gateway-class
|
|
listeners:
|
|
- name: https
|
|
hostname: "*.k8s.hnrx.net"
|
|
protocol: HTTPS
|
|
port: 443
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
tls:
|
|
mode: Terminate
|
|
certificateRefs:
|
|
- name: shared-gateway-tls
|
|
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: shared-gateway-tls
|
|
namespace: default
|
|
spec:
|
|
secretName: shared-gateway-tls
|
|
dnsNames:
|
|
- '*.k8s.hnrx.net'
|
|
issuerRef:
|
|
name: cloudflare-cluster-issuer
|
|
kind: ClusterIssuer |