feat: Added lldap

feat: Added default gateway
feat: Move certificates to default namespace
2025-12-17 03:44:58 +01:00 · 2025-12-17 03:44:42 +01:00 · 2025-12-17 03:36:56 +01:00 · 2025-12-17 03:36:55 +01:00
19 changed files with 129 additions and 7 deletions
--- a/apps/lldap/base/http-route.yaml
+++ b/apps/lldap/base/http-route.yaml
@@ -0,0 +1,11 @@
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:
  name: lldap
  namespace: lldap
 spec:
  useDefaultGateways: All
  rules:
    - backendRefs:
        - name: lldap
          port: 17170
--- a/apps/lldap/base/kustomization.yaml
+++ b/apps/lldap/base/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - namespace.yaml
  - cluster.yaml
  - deployment.yaml
  - service.yaml
-  - cluster.yaml
+  - http-route.yaml
--- a/apps/lldap/production/cluster.yaml
+++ b/apps/lldap/production/cluster.yaml
@@ -0,0 +1,6 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: postgres
 spec:
  instances: 2
--- a/apps/lldap/production/deployment.yaml
+++ b/apps/lldap/production/deployment.yaml
@@ -4,4 +4,4 @@ metadata:
  name: lldap
  namespace: lldap
 spec:
-  replicas: 1
+  replicas: 2
--- a/apps/lldap/production/http-route.yaml
+++ b/apps/lldap/production/http-route.yaml
@@ -0,0 +1,8 @@
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:
  name: lldap
  namespace: lldap
 spec:
  hostnames:
    - "users.huizinga.dev"
--- a/apps/lldap/production/kustomization.yaml
+++ b/apps/lldap/production/kustomization.yaml
@@ -2,7 +2,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ../base
  - secret-credentials.enc.yaml
 patches:
  - path: deployment.yaml
    target:
      kind: Deployment
  - path: cluster.yaml
    target:
      kind: Cluster
  - path: http-route.yaml
    target:
      kind: HTTPRoute
--- a/apps/lldap/production/secret-credentials.enc.yaml
+++ b/apps/lldap/production/secret-credentials.enc.yaml
@@ -0,0 +1,58 @@
 apiVersion: v1
 kind: Secret
 metadata:
    name: credentials
    namespace: lldap
    labels:
        app.kubernetes.io/name: lldap
        app.kubernetes.io/instance: lldap
 type: Opaque
 data:
    jwt-secret: ENC[AES256_GCM,data:cwKfSMzPPECNAba++x5ampK0pgCvOKRIEdPfLH5deDpnEASSlBjQZVo238YepBIAYu7Y0HCXCPppOtpX8zymD7Jxu1f5TrJoOJMwAlHYWT+IeBRVtpzgYA==,iv:bkNDqEriEnuSzvXxXAypGfwynPjYCVwN0NoAmcDftUc=,tag:DFkoIf92W8Ed60+azsfU+A==,type:str]
    key-seed: ENC[AES256_GCM,data:bLpK9Tk5Eh2WBI5x94MssCyYEsMUMTJJymbdwsVeA6K/qBCxkPGkXf+kZZoaXkyLqW2lrPa8jIGv3LV6C4PqVJ+UOlgnvagQnCGnLylqX+3wkVhKLP5uYg==,iv:1RPLzof2Fwqm08Tfq7HR2esvPvkfBg0Uc+aM2SzpHhE=,tag:IsgLxUQriU9JUX2gEe/j8A==,type:str]
    admin-pass: ENC[AES256_GCM,data:yWzQTjN8kuGroShan7NxAw==,iv:IHw237PAqNNZ7KXIy2D8XMCLWSi3kJpLEnILhGm/Xl4=,tag:N79GjKNZNh9qJO+dpa0InQ==,type:str]
 sops:
    age:
        - recipient: age1860txadrlqrjwnqh0g466re2nt8jk7xhj640pq9gpsddpg23uynqsp2hul
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCdVFuM2xvazBXY3kwTXVD
            ZXdOS0pJLzVTVGJBb3RqYlhUN2IvNDNRSzNzCm8zcmlIU2h3RityUWFkZXU1R2xp
            VUlobGZuOG1wbGxIMXVVekRaYTNGQUkKLS0tIHlMWkI0Qk9nUys1Sm4yNnVsakho
            ZXl2RDhNNFZORW5lOGphSVY5WVJycWMKvnGem7wolSKMa8lshD90bMohdLMgYiTq
            gHRN22irgd4pA2CpTcY47T2zhtVHU36PCXn+QFN936uF0vLf8Srwow==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1hktythzvsnth6u5en2lvag0tftnj9r03w7rpnzfgzgf5w95qxycq2azufj
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkRHNUOXZFUGxEY0RRSGtz
            OElnckFUVG1WOXhvZHhzczUxU3lZZlE5emo4Ck5qRnF6M1NCeGdkUVNuR0xzMWxs
            SEdVL0lwOXJmWVdEZ0t3V2Jscy9lZG8KLS0tIGM0WC8vbEdHQ2puRVZIK3lXeUJJ
            OVNqZnhRUEN5dTBBVXVlSDlidEU4K3cKhv2jSc+lJu+s3hbH6j1xrkaQSzds82rk
            dlaisVQxQmxjKcyPHqudJZS6Qfq3kEn9cZOP4G8NYAh0zhzGvCKeqA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-12-17T00:53:29Z"
    mac: ENC[AES256_GCM,data:6/I2J7u9fGUdz2SbAF7dL2j5XQMICx+AgEaUQ3HUN/RvlhMzn9J3EdcLFQ+d9YwbSpCzuGTQBfqsky2oaD6fQWWefCOXAVdElCp2rxHAGK9u2pqhPbgcvbHKAWfvK2kml8qhjjam346xpj2yeP8UdWq6+KZq8B5OBsKYtx4KuKM=,iv:EeLpcggrglMvpUdjvH6rOyNRj2EkuToIwc+uEPUnlvI=,tag:juTwo5RbhGnddB3MF3WirQ==,type:str]
    pgp:
        - created_at: "2025-12-17T00:53:29Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hQIMA51kG++kLewoAQ/7BepX/31nKyUHnKC/7VnqTJk0x/gLmhko1/NukkApraXe
            ctmZVk4TlG9N+DqEPHUYeMt7pu/1rvnWckh/OR2JU7AK8E33tnWITvr4AzQjk0zH
            /V8n36ZA5/8Ppt9LJJSMVLaFEFjqiFy39Ggt6bx0SUX/CczTGkUYp+aJQfmDn+uR
            GcJk9wR9/bu7+iOq8kuOA+renxGmdIcfMd6GKiHYScgv5tDN7pg7upXh1NPrVB8u
            3GTor40B1Ncjqv3L1Zbw1AZYdsmFRkSx1N2JJkxPZYbvI6cwuFMcFkXuX6JfuL8T
            pW5ddsK/DF0qXAXSc378juOh/tRdktFz2QPv9X5CJnQUk0c19Beqb4tG4cVR9sF3
            SXTpaNmR4GG3ilY3ispzso7CQe+7RvLWGgsZAgPD1uC9SJGOBfvReJvQZUXyxUGo
            /riTbUgFaBHmY6XWGy7Ecni333GtfGeN8qSIgPRhHg5f/BJX9Rp5ZG373S7iLuI4
            GpM12knQCjxfsMXjMs6/TtAwYhnIFG3WcCzJFzn+pqBiW7XJvegJPQAID5LDo4GG
            EzCZylto1WCgRhdq+CNuybQTsj4TbvxzfPYf+gCURbisH8A3TTWp4eyyXHg5KS4z
            0TECkXpUXR/sD71HuBjxz1jfZiXFruDBldZDzZ2tZDdqQxAtk/DJGXcLmWF+HMbS
            XgEvCI5gci7pYlsi60yitBcTPV2eEBh4zbRV53e12RGuhPwkxenX+6YRSCi0liOk
            5BizeCkfSRCLQHG1okeb1RIdnSoyOJ+KlrR4Y+1xeZp9ruWn/tPN7L3jCx8SX+Y=
            =j+fd
            -----END PGP MESSAGE-----
          fp: CD17A34CBFB21DE9A73D47EB76BDEC4E165D8AD9
    encrypted_regex: ^(data|stringData)$
    version: 3.11.0
--- a/apps/lldap/staging/http-route.yaml
+++ b/apps/lldap/staging/http-route.yaml
@@ -0,0 +1,8 @@
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:
  name: lldap
  namespace: lldap
 spec:
  hostnames:
    - "users.staging.huizinga.dev"
--- a/apps/lldap/staging/kustomization.yaml
+++ b/apps/lldap/staging/kustomization.yaml
@@ -10,3 +10,6 @@ patches:
  - path: cluster.yaml
    target:
      kind: Cluster
  - path: http-route.yaml
    target:
      kind: HTTPRoute
--- a/clusters/testing/kustomization.yaml
+++ b/clusters/testing/kustomization.yaml
@@ -11,7 +11,7 @@ resources:
  - ../../controllers/cnpg/cnpg.yaml
  - ../../configs/artifacts.yaml
-  - ../../configs/load-balancer/load-balancer.yaml
+  - ../../configs/cilium-config/cilium-config.yaml
  - ../../configs/certificates/certificates.yaml
  - ../../configs/alerts/alerts.yaml
  - ../../configs/longhorn-jobs/longhorn-jobs.yaml
--- a/configs/artifacts.yaml
+++ b/configs/artifacts.yaml
@@ -9,10 +9,10 @@ spec:
      kind: GitRepository
      name: flux-system
  artifacts:
-    - name: load-balancer
+    - name: cilium-config
      originRevision: "@foundation"
      copy:
-        - from: "@foundation/configs/load-balancer/**"
+        - from: "@foundation/configs/cilium-config/**"
          to: "@artifact/"
    - name: certificates
      originRevision: "@foundation"
--- a/configs/cilium-config/base/cilium-l2-announcement-policy.yaml
+++ b/configs/cilium-config/base/cilium-l2-announcement-policy.yaml
--- a/configs/cilium-config/base/gateway.yaml
+++ b/configs/cilium-config/base/gateway.yaml
@@ -0,0 +1,19 @@
 apiVersion: gateway.networking.k8s.io/v1
 kind: Gateway
 metadata:
  name: gateway
  namespace: default
 spec:
  gatewayClassName: cilium
  defaultScope: All
  listeners:
    - name: https
      protocol: HTTPS
      port: 443
      tls:
        certificateRefs:
          - kind: Secret
            name: huizinga-dev-tls
      allowedRoutes:
        namespaces:
          from: All
--- a/configs/cilium-config/base/kustomization.yaml
+++ b/configs/cilium-config/base/kustomization.yaml
@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - cilium-l2-announcement-policy.yaml
  - gateway.yaml
--- a/configs/cilium-config/cilium-config.yaml
+++ b/configs/cilium-config/cilium-config.yaml
@@ -1,7 +1,7 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
-  name: load-balancer
+  name: cilium-config
  namespace: flux-system
 spec:
  interval: 1h
@@ -11,7 +11,7 @@ spec:
    - name: cilium
  sourceRef:
    kind: ExternalArtifact
-    name: load-balancer
+    name: cilium-config
  path: ./${cluster_env}
  prune: true
  wait: true
--- a/configs/cilium-config/production/cilium-load-balancer-ip-pool.yaml
+++ b/configs/cilium-config/production/cilium-load-balancer-ip-pool.yaml
--- a/configs/cilium-config/production/kustomization.yaml
+++ b/configs/cilium-config/production/kustomization.yaml
--- a/configs/cilium-config/staging/cilium-load-balancer-ip-pool.yaml
+++ b/configs/cilium-config/staging/cilium-load-balancer-ip-pool.yaml
--- a/configs/cilium-config/staging/kustomization.yaml
+++ b/configs/cilium-config/staging/kustomization.yaml
Author	SHA1	Message	Date
Dreaded_X	e304243dec	feat: Added lldap Some checks failed kustomization/lldap/09e7e40f reconciliation failed kustomization/cilium-config/09e7e40f reconciliation failed kustomization/cilium/09e7e40f reconciliation succeeded kustomization/flux-system/09e7e40f reconciliation succeeded kustomization/cnpg/09e7e40f reconciliation succeeded	2025-12-17 03:44:58 +01:00
Dreaded_X	9351fb745b	feat: Added default gateway	2025-12-17 03:44:42 +01:00
Dreaded_X	3f56000b40	feat: Move certificates to default namespace	2025-12-17 03:36:56 +01:00
Dreaded_X	0913887ecc	feat: Setup cilium L2 announcments and IP pool	2025-12-17 03:36:55 +01:00