diff --git a/kubernetes/system/cilium/base/gateways/gateways.yaml b/kubernetes/system/cilium/base/gateways/gateways.yaml index 2daac5c..e8046f6 100644 --- a/kubernetes/system/cilium/base/gateways/gateways.yaml +++ b/kubernetes/system/cilium/base/gateways/gateways.yaml @@ -1,47 +1,47 @@ ---- -# To test this gateway modify the /etc/hosts and set the *.ninebasetwo.net to the LB IP of the external-gateway -apiVersion: gateway.networking.k8s.io/v1 -kind: Gateway -metadata: - name: external-gateway - namespace: kube-system - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - external-dns.alpha.kubernetes.io/target: ninebasetwo.net -spec: - gatewayClassName: cilium - listeners: - - name: external-gateway-https - port: 443 - protocol: HTTPS - hostname: "*.ninebasetwo.net" - allowedRoutes: - namespaces: - from: All - tls: - mode: Terminate - certificateRefs: - - name: gateway-tls - - name: external-gateway-http - port: 80 - protocol: HTTP - hostname: "*.ninebasetwo.net" - allowedRoutes: - namespaces: - from: All ---- +# --- +# # To test this gateway modify the /etc/hosts and set the *.ninebasetwo.net to the LB IP of the external-gateway # apiVersion: gateway.networking.k8s.io/v1 # kind: Gateway # metadata: - # name: internal-gateway - # namespace: kube-system +# name: external-gateway +# namespace: kube-system +# annotations: +# cert-manager.io/cluster-issuer: letsencrypt-prod +# external-dns.alpha.kubernetes.io/target: ninebasetwo.net # spec: - # gatewayClassName: cilium - # listeners: - # - name: internal-gateway-http - # port: 80 - # protocol: HTTP - # allowedRoutes: - # namespaces: - # from: All +# gatewayClassName: cilium +# listeners: +# - name: external-gateway-https +# port: 443 +# protocol: HTTPS +# hostname: "*.ninebasetwo.net" +# allowedRoutes: +# namespaces: +# from: All +# tls: +# mode: Terminate +# certificateRefs: +# - name: gateway-tls +# - name: external-gateway-http +# port: 80 +# protocol: HTTP +# hostname: "*.ninebasetwo.net" +# allowedRoutes: +# namespaces: +# from: All +# --- +# apiVersion: gateway.networking.k8s.io/v1 +# kind: Gateway +# metadata: +# name: internal-gateway +# namespace: kube-system +# spec: +# gatewayClassName: cilium +# listeners: +# - name: internal-gateway-http +# port: 80 +# protocol: HTTP +# allowedRoutes: +# namespaces: +# from: All diff --git a/kubernetes/system/cilium/helm/values.yaml b/kubernetes/system/cilium/helm/values.yaml index c35729b..8fa5f1b 100644 --- a/kubernetes/system/cilium/helm/values.yaml +++ b/kubernetes/system/cilium/helm/values.yaml @@ -716,7 +716,7 @@ ingressController: enabled: true # -- Set cilium ingress controller to be the default ingress controller # This will let cilium ingress controller route entries without ingress class set - default: false + default: true # -- Default ingress load balancer mode # Supported values: shared, dedicated # For granular control, use the following annotations on the ingress resource: @@ -806,7 +806,7 @@ ingressController: gatewayAPI: # -- Enable support for Gateway API in cilium # This will automatically set enable-envoy-config as well. - enabled: true + enabled: false # -- Enable proxy protocol for all GatewayAPI listeners. Note that _only_ Proxy protocol traffic will be accepted once this is enabled. enableProxyProtocol: false # -- The number of additional GatewayAPI proxy hops from the right side of the HTTP header to trust when determining the origin client's IP address.