diff --git a/gitops/components/envoy-gateway/create-gateway/Chart.yaml b/gitops/components/envoy-gateway/create-gateway/Chart.yaml new file mode 100644 index 0000000..6380c79 --- /dev/null +++ b/gitops/components/envoy-gateway/create-gateway/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: create-gateway +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 diff --git a/gitops/components/envoy-gateway/create-gateway/template/envoy-proxy.yaml b/gitops/components/envoy-gateway/create-gateway/template/envoy-proxy.yaml new file mode 100644 index 0000000..8ee09c2 --- /dev/null +++ b/gitops/components/envoy-gateway/create-gateway/template/envoy-proxy.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: EnvoyProxy +metadata: + name: eg-proxy + namespace: envoy-gateway-system + # annotations: + # argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +spec: + provider: + type: Kubernetes + kubernetes: + envoyService: + annotations: + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + # TODO: once nginx ingress migration is complete, EG_NLB_NAME can be replaced with CLUSTER_NAME + service.beta.kubernetes.io/aws-load-balancer-name: "{{ .Values.nlbName }}" + service.beta.kubernetes.io/aws-load-balancer-attributes: load_balancing.cross_zone.enabled=true + # nlb-target-type: ip requires pod IPs to be registered as EC2 ENIs, which depends + # on the CNI and IPAM configuration. Instance mode targets nodes via NodePort instead. + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "instance" + service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" diff --git a/gitops/components/envoy-gateway/create-gateway/template/gateway-class.yaml b/gitops/components/envoy-gateway/create-gateway/template/gateway-class.yaml new file mode 100644 index 0000000..92f7621 --- /dev/null +++ b/gitops/components/envoy-gateway/create-gateway/template/gateway-class.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: eg + # annotations: + # argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: eg-proxy + namespace: envoy-gateway-system diff --git a/gitops/components/envoy-gateway/create-gateway/values.yaml b/gitops/components/envoy-gateway/create-gateway/values.yaml new file mode 100644 index 0000000..64fb7d0 --- /dev/null +++ b/gitops/components/envoy-gateway/create-gateway/values.yaml @@ -0,0 +1 @@ +nlbName: "" diff --git a/gitops/components/envoy-gateway/kustomization.yaml b/gitops/components/envoy-gateway/kustomization.yaml index f70c7e4..77f6458 100644 --- a/gitops/components/envoy-gateway/kustomization.yaml +++ b/gitops/components/envoy-gateway/kustomization.yaml @@ -13,9 +13,9 @@ replacements: fieldPath: data.EG_NLB_NAME targets: - select: - group: gateway.envoyproxy.io + group: argoproj.io version: v1alpha1 - kind: EnvoyProxy - name: eg-proxy + kind: Application + name: create-gateway fieldPaths: - - spec.provider.kubernetes.envoyService.annotations.[service.beta.kubernetes.io/aws-load-balancer-name] + - spec.source.helm.valuesObject.nlbName diff --git a/gitops/components/envoy-gateway/resources.yaml b/gitops/components/envoy-gateway/resources.yaml index 5b52dc6..f412690 100644 --- a/gitops/components/envoy-gateway/resources.yaml +++ b/gitops/components/envoy-gateway/resources.yaml @@ -25,38 +25,27 @@ spec: - ServerSideApply=true automated: {} --- -apiVersion: gateway.networking.k8s.io/v1 -kind: GatewayClass -metadata: - name: eg - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true -spec: - controllerName: gateway.envoyproxy.io/gatewayclass-controller - parametersRef: - group: gateway.envoyproxy.io - kind: EnvoyProxy - name: eg-proxy - namespace: envoy-gateway-system ---- -apiVersion: gateway.envoyproxy.io/v1alpha1 -kind: EnvoyProxy +apiVersion: argoproj.io/v1alpha1 +kind: Application metadata: - name: eg-proxy - namespace: envoy-gateway-system - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + name: create-gateway + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io spec: - provider: - type: Kubernetes - kubernetes: - envoyService: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # TODO: once nginx ingress migration is complete, EG_NLB_NAME can be replaced with CLUSTER_NAME - service.beta.kubernetes.io/aws-load-balancer-name: EG_NLB_NAME - service.beta.kubernetes.io/aws-load-balancer-attributes: load_balancing.cross_zone.enabled=true - # nlb-target-type: ip requires pod IPs to be registered as EC2 ENIs, which depends - # on the CNI and IPAM configuration. Instance mode targets nodes via NodePort instead. - service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "instance" - service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" + project: networking + source: + repoURL: "https://github.com/pelotech/foundation" + path: gitops/components/envoy-gateway/create-gateway + helm: + releaseName: create-gateway + valuesObject: + nlbName: EG_NLB_NAME + targetRevision: v4.5.3 # x-release-please-version + destination: + namespace: cert-manager + name: in-cluster + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: {}