feat(litellm): migrate Ingress to Gateway API (#134)
## Summary - Replace `Ingress` (nginx) with `Gateway` + `HTTPRoute` using `traefik-internal` GatewayClass - TLS terminated at the Gateway listener; cert-manager provisions the certificate via `vault-issuer` - external-dns annotations moved to the Gateway ## Test plan - [ ] ArgoCD syncs the litellm app cleanly - [ ] cert-manager issues the `litellm-tls` certificate - [ ] external-dns creates the DNS record - [ ] `https://litellm.k8s.syd1.au.unkin.net` is reachable Reviewed-on: #134
This commit was merged in pull request #134.
This commit is contained in:
@@ -0,0 +1,29 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
labels:
|
||||
traefik.io/instance: internal
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: vault-issuer
|
||||
cert-manager.io/common-name: litellm.k8s.syd1.au.unkin.net
|
||||
cert-manager.io/private-key-size: "4096"
|
||||
external-dns.alpha.kubernetes.io/hostname: litellm.k8s.syd1.au.unkin.net
|
||||
external-dns.alpha.kubernetes.io/target: 198.18.200.4
|
||||
name: litellm
|
||||
namespace: litellm
|
||||
spec:
|
||||
gatewayClassName: traefik-internal
|
||||
listeners:
|
||||
- allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
hostname: litellm.k8s.syd1.au.unkin.net
|
||||
name: https
|
||||
port: 443
|
||||
protocol: HTTPS
|
||||
tls:
|
||||
certificateRefs:
|
||||
- kind: Secret
|
||||
name: litellm-tls
|
||||
mode: Terminate
|
||||
@@ -0,0 +1,20 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: litellm
|
||||
namespace: litellm
|
||||
spec:
|
||||
hostnames:
|
||||
- litellm.k8s.syd1.au.unkin.net
|
||||
parentRefs:
|
||||
- name: litellm
|
||||
sectionName: https
|
||||
rules:
|
||||
- backendRefs:
|
||||
- name: litellm
|
||||
port: 4000
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
@@ -1,29 +0,0 @@
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: nginx
|
||||
external-dns.alpha.kubernetes.io/hostname: litellm.k8s.syd1.au.unkin.net
|
||||
external-dns.alpha.kubernetes.io/target: 198.18.200.0
|
||||
cert-manager.io/cluster-issuer: vault-issuer
|
||||
cert-manager.io/common-name: litellm.k8s.syd1.au.unkin.net
|
||||
cert-manager.io/private-key-size: "4096"
|
||||
name: litellm
|
||||
namespace: litellm
|
||||
spec:
|
||||
rules:
|
||||
- host: litellm.k8s.syd1.au.unkin.net
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
service:
|
||||
name: litellm
|
||||
port:
|
||||
number: 4000
|
||||
path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- litellm.k8s.syd1.au.unkin.net
|
||||
secretName: litellm-tls
|
||||
@@ -7,7 +7,8 @@ resources:
|
||||
- cnpg_pooler.yaml
|
||||
- deployment.yaml
|
||||
- hpa.yaml
|
||||
- ingress.yaml
|
||||
- gateway.yaml
|
||||
- httproute.yaml
|
||||
- namespace.yaml
|
||||
- redis-deployment.yaml
|
||||
- redis-pvc.yaml
|
||||
|
||||
Reference in New Issue
Block a user