From b99b5096e59a2c9aa15fca9ccec4fb54ea04993f Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Fri, 22 May 2026 00:06:00 +1000 Subject: [PATCH] feat(artifactapi): migrate Ingress to Gateway API Replace nginx Ingress with Gateway + HTTPRoute using the traefik-internal GatewayClass. TLS is terminated at the Gateway listener via cert-manager. --- apps/base/artifactapi/gateway.yaml | 27 ++++++++++++++++++++ apps/base/artifactapi/httproute.yaml | 20 +++++++++++++++ apps/base/artifactapi/ingress.yaml | 32 ------------------------ apps/base/artifactapi/kustomization.yaml | 3 ++- 4 files changed, 49 insertions(+), 33 deletions(-) create mode 100644 apps/base/artifactapi/gateway.yaml create mode 100644 apps/base/artifactapi/httproute.yaml delete mode 100644 apps/base/artifactapi/ingress.yaml diff --git a/apps/base/artifactapi/gateway.yaml b/apps/base/artifactapi/gateway.yaml new file mode 100644 index 0000000..c41ab3c --- /dev/null +++ b/apps/base/artifactapi/gateway.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + annotations: + cert-manager.io/cluster-issuer: vault-issuer + cert-manager.io/common-name: artifactapi.k8s.syd1.au.unkin.net + cert-manager.io/private-key-size: "4096" + external-dns.alpha.kubernetes.io/hostname: artifactapi.k8s.syd1.au.unkin.net + external-dns.alpha.kubernetes.io/target: 198.18.200.0 + name: artifactapi + namespace: artifactapi +spec: + gatewayClassName: traefik-internal + listeners: + - allowedRoutes: + namespaces: + from: Same + hostname: artifactapi.k8s.syd1.au.unkin.net + name: https + port: 443 + protocol: HTTPS + tls: + certificateRefs: + - kind: Secret + name: artifactapi-tls + mode: Terminate diff --git a/apps/base/artifactapi/httproute.yaml b/apps/base/artifactapi/httproute.yaml new file mode 100644 index 0000000..e106492 --- /dev/null +++ b/apps/base/artifactapi/httproute.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: artifactapi + namespace: artifactapi +spec: + hostnames: + - artifactapi.k8s.syd1.au.unkin.net + parentRefs: + - name: artifactapi + sectionName: https + rules: + - backendRefs: + - name: artifactapi-api + port: 80 + matches: + - path: + type: PathPrefix + value: / diff --git a/apps/base/artifactapi/ingress.yaml b/apps/base/artifactapi/ingress.yaml deleted file mode 100644 index 0f1bff9..0000000 --- a/apps/base/artifactapi/ingress.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - cert-manager.io/cluster-issuer: vault-issuer - cert-manager.io/common-name: artifactapi.k8s.syd1.au.unkin.net - cert-manager.io/private-key-size: "4096" - external-dns.alpha.kubernetes.io/hostname: artifactapi.k8s.syd1.au.unkin.net - external-dns.alpha.kubernetes.io/target: 198.18.200.0 - nginx.ingress.kubernetes.io/proxy-body-size: 10g - nginx.ingress.kubernetes.io/proxy-read-timeout: "600" - nginx.ingress.kubernetes.io/ssl-redirect: "false" - name: artifactapi-ingress - namespace: artifactapi -spec: - ingressClassName: nginx - rules: - - host: artifactapi.k8s.syd1.au.unkin.net - http: - paths: - - backend: - service: - name: artifactapi-api - port: - number: 80 - path: / - pathType: Prefix - tls: - - hosts: - - artifactapi.k8s.syd1.au.unkin.net - secretName: artifactapi-tls diff --git a/apps/base/artifactapi/kustomization.yaml b/apps/base/artifactapi/kustomization.yaml index 3b70681..015e9e6 100644 --- a/apps/base/artifactapi/kustomization.yaml +++ b/apps/base/artifactapi/kustomization.yaml @@ -6,7 +6,8 @@ resources: - artifactapi-deployment.yaml - artifactapi-hpa.yaml - configmap.yaml - - ingress.yaml + - gateway.yaml + - httproute.yaml - namespace.yaml - postgres-deployment.yaml - pvc.yaml