feat: add gateway and test configuration

kubernetes/jsdyb-k8s-001/apps/media/bazarr/app/helmrelease.yaml

@@ -96,25 +96,45 @@ spec:
           metrics:
             port: *metricsPort
 
-    ingress:
-      external:
-        className: nginx-internal
-        annotations:
-          cert-manager.io/cluster-issuer: letsencrypt-prod
-          theme.home.arpa/enabled: "true"
-          hajimari.io/enable: "true"
-          hajimari.io/icon: "solar:subtitles-outline"
-        hosts:
-          - host: &host bazarr.${EXTERNAL_DOMAIN}
-            paths:
-              - path: /
-                service:
-                  identifier: *app
-                  port: *port
-        tls:
-          - hosts:
-              - *host
-            secretName: bazarr-tls-external
+    # ingress:
+    #   external:
+    #     className: nginx-internal
+    #     annotations:
+    #       cert-manager.io/cluster-issuer: letsencrypt-prod
+    #       theme.home.arpa/enabled: "true"
+    #       hajimari.io/enable: "true"
+    #       hajimari.io/icon: "solar:subtitles-outline"
+    #     hosts:
+    #       - host: &host bazarr.${EXTERNAL_DOMAIN}
+    #         paths:
+    #           - path: /
+    #             service:
+    #               identifier: *app
+    #               port: *port
+    #     tls:
+    #       - hosts:
+    #           - *host
+    #         secretName: bazarr-tls-external
+    route:
+      *app :
+        enabled: true
+        kind: HTTPRoute
+        parentRefs:
+          - group: gateway.networking.k8s.io
+            kind: Gateway
+            name: cilium-gateway-internal
+            namespace: network
+        hostnames:
+          - &host bazarr.${EXTERNAL_DOMAIN}
+        rules:
+          - backendRefs:
+              - name: *app
+                kind: Service
+                port: *port
+            matches:
+              - path:
+                  type: PathPrefix
+                  value: /
 
     persistence:
       config:

kubernetes/jsdyb-k8s-001/apps/media/namespace.yaml

@@ -5,3 +5,4 @@ metadata:
   name: media
   labels:
     kustomize.toolkit.fluxcd.io/prune: disabled
+    gateway.networking.k8s.io/shared-gateway-access: "true"

kubernetes/jsdyb-k8s-001/apps/network/cilium/app/gateway.yaml

@@ -0,0 +1,38 @@
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: cilium-gateway-internal
+spec:
+  gatewayClassName: cilium
+  listeners:
+  - name: external-https
+    protocol: HTTPS
+    port: 443
+    hostname: "*.${EXTERNAL_DOMAIN}"
+    allowedRoutes:
+      namespaces:
+        from: Selector
+        selector:
+          matchLabels:
+            gateway.networking.k8s.io/shared-gateway-access: "true"
+    tls:
+      certificateRefs:
+      - kind: Secret
+        group: ""
+        name: "${SANITIZED_ORGANIZATION}-external"
+  - name: internal-https
+    protocol: HTTPS
+    port: 443
+    hostname: "*.${INTERNAL_DOMAIN}"
+    allowedRoutes:
+      namespaces:
+        from: Selector
+        selector:
+          matchLabels:
+            gateway.networking.k8s.io/shared-gateway-access: "true"
+    tls:
+      certificateRefs:
+      - kind: Secret
+        group: ""
+        name: "${SANITIZED_ORGANIZATION}-internal"

kubernetes/jsdyb-k8s-001/apps/network/cilium/app/kustomization.yaml

@@ -12,6 +12,7 @@ resources:
   - https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.1.0/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml
   - ./helmrelease.yaml
   - ./bgppeeringpolicy.yaml
+  - ./gateway.yaml
 configMapGenerator:
   - name: cilium-values
     files:

kubernetes/jsdyb-k8s-001/apps/network/namespace.yaml

@@ -5,4 +5,5 @@ metadata:
   name: network
   labels:
     kustomize.toolkit.fluxcd.io/prune: disabled
+    gateway.networking.k8s.io/shared-gateway-access: "true"