feat(puppet): migrate puppetboard Ingress to Gateway API
Replace nginx Ingress with Gateway + HTTPRoute using the traefik-internal GatewayClass. TLS is terminated at the Gateway listener via cert-manager.
This commit is contained in:
@@ -0,0 +1,32 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: vault-issuer
|
||||
cert-manager.io/common-name: puppetboard.k8s.syd1.au.unkin.net
|
||||
cert-manager.io/private-key-size: "4096"
|
||||
external-dns.alpha.kubernetes.io/hostname: puppetboard.k8s.syd1.au.unkin.net
|
||||
external-dns.alpha.kubernetes.io/target: 198.18.200.0
|
||||
labels:
|
||||
app.kubernetes.io/component: puppetboard
|
||||
app.kubernetes.io/instance: puppetserver
|
||||
app.kubernetes.io/name: puppetserver
|
||||
app.kubernetes.io/version: 8.8.0
|
||||
name: puppetboard
|
||||
namespace: puppet
|
||||
spec:
|
||||
gatewayClassName: traefik-internal
|
||||
listeners:
|
||||
- allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
hostname: puppetboard.k8s.syd1.au.unkin.net
|
||||
name: https
|
||||
port: 443
|
||||
protocol: HTTPS
|
||||
tls:
|
||||
certificateRefs:
|
||||
- kind: Secret
|
||||
name: puppetboard-tls
|
||||
mode: Terminate
|
||||
Reference in New Issue
Block a user