feat(puppet): migrate puppetboard Ingress to Gateway API
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful

Replace nginx Ingress with Gateway + HTTPRoute using the traefik-internal
GatewayClass. TLS is terminated at the Gateway listener via cert-manager.
This commit is contained in:
2026-05-22 00:09:35 +10:00
parent f53a2dc4f8
commit 1f4364b51a
3 changed files with 45 additions and 21 deletions
@@ -1,14 +1,13 @@
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: gateway.networking.k8s.io/v1
kind: Ingress kind: Gateway
metadata: metadata:
annotations: annotations:
kubernetes.io/ingress.class: nginx
external-dns.alpha.kubernetes.io/hostname: puppetboard.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.0
cert-manager.io/cluster-issuer: vault-issuer cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: puppetboard.k8s.syd1.au.unkin.net cert-manager.io/common-name: puppetboard.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096" cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: puppetboard.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.0
labels: labels:
app.kubernetes.io/component: puppetboard app.kubernetes.io/component: puppetboard
app.kubernetes.io/instance: puppetserver app.kubernetes.io/instance: puppetserver
@@ -17,18 +16,17 @@ metadata:
name: puppetboard name: puppetboard
namespace: puppet namespace: puppet
spec: spec:
rules: gatewayClassName: traefik-internal
- host: puppetboard.k8s.syd1.au.unkin.net listeners:
http: - allowedRoutes:
paths: namespaces:
- backend: from: Same
service: hostname: puppetboard.k8s.syd1.au.unkin.net
name: puppetboard name: https
port: port: 443
number: 80 protocol: HTTPS
path: / tls:
pathType: Prefix certificateRefs:
tls: - kind: Secret
- hosts: name: puppetboard-tls
- puppetboard.k8s.syd1.au.unkin.net mode: Terminate
secretName: puppetboard-tls
@@ -0,0 +1,25 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
labels:
app.kubernetes.io/component: puppetboard
app.kubernetes.io/instance: puppetserver
app.kubernetes.io/name: puppetserver
app.kubernetes.io/version: 8.8.0
name: puppetboard
namespace: puppet
spec:
hostnames:
- puppetboard.k8s.syd1.au.unkin.net
parentRefs:
- name: puppetboard
sectionName: https
rules:
- backendRefs:
- name: puppetboard
port: 80
matches:
- path:
type: PathPrefix
value: /
+2 -1
View File
@@ -25,7 +25,8 @@ resources:
- horizontalpodautoscaler_puppetserver-masters-autoscaler.yaml - horizontalpodautoscaler_puppetserver-masters-autoscaler.yaml
- horizontalpodautoscaler_puppetserver-puppetboard-autoscaler.yaml - horizontalpodautoscaler_puppetserver-puppetboard-autoscaler.yaml
- horizontalpodautoscaler_puppetserver-puppetdb-autoscaler.yaml - horizontalpodautoscaler_puppetserver-puppetdb-autoscaler.yaml
- ingress_puppetboard.yaml - gateway_puppetboard.yaml
- httproute_puppetboard.yaml
- ingress_puppetdb.yaml - ingress_puppetdb.yaml
- service_puppetserver-agents-to-puppet.yaml - service_puppetserver-agents-to-puppet.yaml
- service_puppet-headless.yaml - service_puppet-headless.yaml