feat(puppet): migrate puppetdb Ingress to Gateway API

Replace nginx Ingress with Gateway + HTTPRoute using the traefik-internal
GatewayClass. TLS is terminated at the Gateway listener via cert-manager.
This commit is contained in:
2026-05-22 00:10:25 +10:00
parent 2c6d88aa6b
commit be7a195d3e
3 changed files with 45 additions and 21 deletions
+32
View File
@@ -0,0 +1,32 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: puppetdb.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: puppetdb.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.0
labels:
app.kubernetes.io/component: puppetdb
app.kubernetes.io/instance: puppetserver
app.kubernetes.io/name: puppetserver
app.kubernetes.io/version: 8.8.0
name: puppetdb
namespace: puppet
spec:
gatewayClassName: traefik-internal
listeners:
- allowedRoutes:
namespaces:
from: Same
hostname: puppetdb.k8s.syd1.au.unkin.net
name: https
port: 443
protocol: HTTPS
tls:
certificateRefs:
- kind: Secret
name: puppetdb-tls
mode: Terminate