Matthias Hinrichs
55 lines
1.3 KiB
YAML
55 lines
1.3 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: argocd
|
|
---
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: Gateway
|
|
metadata:
|
|
name: argocd-gateway
|
|
namespace: argocd
|
|
labels:
|
|
bgp.cilium.io/ip-pool: default # Damit bekommt das Gateway eine IP aus deinem Pool
|
|
annotations:
|
|
# Damit external-dns diesen Gateway findet und einen DNS-Eintrag erstellt
|
|
# (falls external-dns Gateway API unterstützt, was es tut)
|
|
cert-manager.io/cluster-issuer: cloudflare-cluster-issuer
|
|
spec:
|
|
gatewayClassName: envoy-gateway-class
|
|
listeners:
|
|
- name: https
|
|
hostname: "argocd.k8s.hnrx.net"
|
|
protocol: HTTPS
|
|
port: 443
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
tls:
|
|
mode: Terminate
|
|
certificateRefs:
|
|
- name: argocd-gateway-tls
|
|
- name: http
|
|
hostname: "argocd.k8s.hnrx.net"
|
|
protocol: HTTP
|
|
port: 80
|
|
allowedRoutes:
|
|
kinds:
|
|
- kind: HTTPRoute
|
|
- kind: GRPCRoute
|
|
namespaces:
|
|
from: All
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: argocd-gateway-tls
|
|
namespace: argocd
|
|
spec:
|
|
secretName: argocd-gateway-tls
|
|
dnsNames:
|
|
- argocd.k8s.hnrx.net
|
|
issuerRef:
|
|
name: cloudflare-cluster-issuer
|
|
kind: ClusterIssuer
|