Merge pull request #2088 from eseiker/traefik-gateway-per-planet

use namespaced traefik gateway each per planet
planetarium · Oct 16, 2024 · 0f70804 · 0f70804
2 parents 6f0ea43 + 9707fc2
commit 0f70804
Show file tree

Hide file tree

Showing 11 changed files with 69 additions and 198 deletions.
diff --git a/9c-dev/argocd/bootstrap.yaml b/9c-dev/argocd/bootstrap.yaml
@@ -91,9 +91,6 @@ spec:
           nodeGroup: general-r7g_xl_2c
         pyroscope:
           enabled: true
-        gatewayApi:
-          enabled: true
-          roleArn: "arn:aws:iam::319679068466:role/eks-9c-dev-v2-gateway-api-controller"
 
   destination:
     server: https://kubernetes.default.svc

diff --git a/9c-internal/argocd/bootstrap.yaml b/9c-internal/argocd/bootstrap.yaml
@@ -114,22 +114,6 @@ spec:
         pyroscope:
           enabled: true
           nodeGroup: 9c-internal-spot_2c
-        traefik:
-          enabled: true
-          awsLoadBalancerSubnets: public-us-east-2c-9c-internal
-          awsLoadBalancerSslCert: >-
-            arn:aws:acm:us-east-2:319679068466:certificate/e19257bd-f1fb-41a6-ae84-bbdf6b98a62f
-          planets:
-            - odin
-            - heimdall
-          ports:
-            grpc: 31238
-            netmq:
-              protocol: TCP
-              external: 31234
-              internal:
-                odin: 31234
-                heimdall: 31235
 
   destination:
     server: https://kubernetes.default.svc

diff --git a/9c-internal/multiplanetary/network/9c-network.yaml b/9c-internal/multiplanetary/network/9c-network.yaml
@@ -30,6 +30,7 @@ ingress:
 
 gateway:
   enabled: true
+  hostname: gateway-internal-odin.planetarium.network
   services:
     - hostname: 9c-internal-rpc.nine-chronicles.com
       backendRefs:

diff --git a/9c-internal/multiplanetary/network/heimdall.yaml b/9c-internal/multiplanetary/network/heimdall.yaml
@@ -32,10 +32,12 @@ ingress:
 
 gateway:
   enabled: true
+  hostname: gateway-internal-heimdall.planetarium.network
   services:
     - hostname: heimdall-internal-rpc.nine-chronicles.com
       backendRefs:
         - name: remote-headless-1
+        - name: validator-5
       routes:
         - name: remote-headless-graphql
         - name: remote-headless-grpc

diff --git a/9c-main/argocd/bootstrap.yaml b/9c-main/argocd/bootstrap.yaml
@@ -164,12 +164,6 @@ spec:
           enabled: true
           replicaCount: 2
           nodeGroup: 9c-main-spot_2c
-        traefik:
-          enabled: true
-          awsLoadBalancerSubnets: public-us-east-2c-9c-main
-          awsLoadBalancerSslCert: >-
-            arn:aws:acm:us-east-2:319679068466:certificate/e19257bd-f1fb-41a6-ae84-bbdf6b98a62f
-
         datadog:
           enabled: true
           tolerations:

diff --git a/charts/all-in-one/templates/gateway-route.yaml b/charts/all-in-one/templates/gateway-route.yaml
@@ -1,4 +1,61 @@
 {{- if $.Values.gateway.enabled }}
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: traefik-{{ $.Release.Name }}
+  namespace: argocd
+spec:
+  project: default
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: {{ $.Release.Name }}
+  source:
+    repoURL: https://github.com/traefik/traefik-helm-chart/
+    path: traefik
+    targetRevision: b8725498c2445da8ecc06f156ca69ddc1a56cce4
+    helm:
+      values: |
+        image:
+          tag: v3.2.0-rc2
+        globalArguments: []
+        rbac:
+          namespaced: true
+        providers:
+          kubernetesGateway:
+            enabled: true
+            experimentalChannel: true
+          kubernetesCRD:
+            enabled: false
+          kubernetesIngress:
+            enabled: false
+        ingressClass:
+          enabled: false
+        service:
+          annotations:
+            {{- toYaml $.Values.global.service.annotations | nindent 4 }}
+            {{- with $.Values.gateway.hostname }}
+            external-dns.alpha.kubernetes.io/hostname: {{ . }}
+            external-dns.alpha.kubernetes.io/ttl: '60'
+            {{- end }}
+        ports:
+          websecure:
+            targetPort: web
+          {{- range $name, $config := $.Values.gateway.ports }}
+          {{ $name }}:
+            port: {{ $config.port | quote }}
+            protocol: {{ $config.portProtocol | default TCP }}
+          {{- end }}
+        gateway:
+          listeners:
+            web:
+              port: 8000
+              protocol: HTTP
+            {{- range $name, $config := $.Values.gateway.ports }}
+            {{ $name }}:
+              port: {{ $config.port | quote }}
+              protocol: {{ $config.gatewayProtocol | default HTTP }}
+---
 {{- range $service := $.Values.gateway.services }}
 {{- range $route := $service.routes | default (list dict) }}
 {{- $obj := merge $route $service }}
@@ -10,8 +67,8 @@ metadata:
   namespace: {{ $.Release.Name }}
 spec:
   parentRefs:
-  - name: traefik-gateway
-    namespace: traefik
+  - name: traefik
+    namespace: {{ $.Release.Name }}
     sectionName: {{ $obj.sectionName | default "web" }}
   {{- if not (eq $obj.kind "TCPRoute") }}
   hostnames:
@@ -28,4 +85,5 @@ spec:
 ---
 {{- end }}
 {{- end }}
+---
 {{- end }}
diff --git a/charts/all-in-one/values.yaml b/charts/all-in-one/values.yaml
@@ -73,7 +73,12 @@ ingress:
 
 gateway:
   enabled: false
-  gatewayClassName: traefik
+  ports:
+    netmq:
+      port: 31234
+      gatewayProtocol: TCP
+    grpc:
+      port: 31238
 
 seed:
   count: 1

diff --git a/common/bootstrap/templates/aws-gateway-api-controller.yaml b/common/bootstrap/templates/aws-gateway-api-controller.yaml
diff --git a/common/bootstrap/templates/traefik-gateway.yaml b/common/bootstrap/templates/traefik-gateway.yaml
diff --git a/common/bootstrap/values.yaml b/common/bootstrap/values.yaml
@@ -56,17 +56,6 @@ pyroscope:
   replicaCount: 2
   nodeGroup: ""
 
-gatewayApi:
-  enabled: false
-  roleArn: ""
-
-traefik:
-  enabled: false
-  ports:
-    web:
-      external: 80
-      internal: 8000
-
 datadog:
   enabled: false
   nodeGroup: ""

diff --git a/common/tools/gateway-api-controller/kustomization.yaml b/common/tools/gateway-api-controller/kustomization.yaml