feat(puppet): migrate puppetdb Ingress to Gateway API
ci/woodpecker/pr/kubeconform Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful

Replace nginx Ingress with Gateway + HTTPRoute using the traefik-internal
GatewayClass. TLS is terminated at the Gateway listener via cert-manager.
This commit is contained in:
2026-05-22 00:10:25 +10:00
parent f53a2dc4f8
commit 0f5c2fc24d
3 changed files with 45 additions and 21 deletions
@@ -1,14 +1,13 @@
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: gateway.networking.k8s.io/v1
kind: Ingress kind: Gateway
metadata: metadata:
annotations: annotations:
kubernetes.io/ingress.class: nginx
external-dns.alpha.kubernetes.io/hostname: puppetdb.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.0
cert-manager.io/cluster-issuer: vault-issuer cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: puppetdb.k8s.syd1.au.unkin.net cert-manager.io/common-name: puppetdb.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096" cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: puppetdb.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.0
labels: labels:
app.kubernetes.io/component: puppetdb app.kubernetes.io/component: puppetdb
app.kubernetes.io/instance: puppetserver app.kubernetes.io/instance: puppetserver
@@ -17,18 +16,17 @@ metadata:
name: puppetdb name: puppetdb
namespace: puppet namespace: puppet
spec: spec:
rules: gatewayClassName: traefik-internal
- host: puppetdb.k8s.syd1.au.unkin.net listeners:
http: - allowedRoutes:
paths: namespaces:
- backend: from: Same
service: hostname: puppetdb.k8s.syd1.au.unkin.net
name: puppetdb name: https
port: port: 443
number: 8080 protocol: HTTPS
path: / tls:
pathType: Prefix certificateRefs:
tls: - kind: Secret
- hosts: name: puppetdb-tls
- puppetdb.k8s.syd1.au.unkin.net mode: Terminate
secretName: puppetdb-tls
+25
View File
@@ -0,0 +1,25 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
labels:
app.kubernetes.io/component: puppetdb
app.kubernetes.io/instance: puppetserver
app.kubernetes.io/name: puppetserver
app.kubernetes.io/version: 8.8.0
name: puppetdb
namespace: puppet
spec:
hostnames:
- puppetdb.k8s.syd1.au.unkin.net
parentRefs:
- name: puppetdb
sectionName: https
rules:
- backendRefs:
- name: puppetdb
port: 8080
matches:
- path:
type: PathPrefix
value: /
+2 -1
View File
@@ -26,7 +26,8 @@ resources:
- horizontalpodautoscaler_puppetserver-puppetboard-autoscaler.yaml - horizontalpodautoscaler_puppetserver-puppetboard-autoscaler.yaml
- horizontalpodautoscaler_puppetserver-puppetdb-autoscaler.yaml - horizontalpodautoscaler_puppetserver-puppetdb-autoscaler.yaml
- ingress_puppetboard.yaml - ingress_puppetboard.yaml
- ingress_puppetdb.yaml - gateway_puppetdb.yaml
- httproute_puppetdb.yaml
- service_puppetserver-agents-to-puppet.yaml - service_puppetserver-agents-to-puppet.yaml
- service_puppet-headless.yaml - service_puppet-headless.yaml
- service_puppet.yaml - service_puppet.yaml