feat: 🎸 initial commit

2026-01-16 16:31:15 +00:00
commit ca6e6b35d6
10 changed files with 407 additions and 0 deletions
--- a/roles/traefik_gateway/tasks/main.yml
+++ b/roles/traefik_gateway/tasks/main.yml
@@ -0,0 +1,101 @@
+---
+- name: Install Gateway API CRDs
+  shell: |
+    microk8s kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.1/experimental-install.yaml
+  register: install_crds
+  changed_when: "'configured' in install_crds.stdout or 'created' in install_crds.stdout"
+
+- name: Install Traefik CRDs
+  shell: |
+    microk8s kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.4/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+  register: install_traefik_crds
+  changed_when: "'configured' in install_traefik_crds.stdout or 'created' in install_traefik_crds.stdout"
+
+- name: Add Traefik Helm Repo
+  kubernetes.core.helm_repository:
+    name: traefik
+    repo_url: https://traefik.github.io/charts
+
+- name: Install Traefik with Gateway API support
+  kubernetes.core.helm:
+    name: traefik
+    chart_ref: traefik/traefik
+    release_namespace: traefik
+    create_namespace: true
+    values:
+      providers:
+        kubernetesGateway:
+          enabled: true
+      ports:
+        web:
+          port: 80
+        websecure:
+          port: 443
+        ssh:
+          port: 2222
+          expose:
+            default: true
+          exposedPort: 2222
+          protocol: TCP
+      service:
+        type: LoadBalancer
+      gateway:
+        enabled: false
+      gatewayClass:
+        enabled: false
+      securityContext:
+        capabilities:
+          drop: [ALL]
+          add: [NET_BIND_SERVICE]
+        runAsNonRoot: true
+        runAsUser: 65532
+        runAsGroup: 65532
+    skip_crds: true
+    wait: true
+
+- name: Create Gateway Class
+  kubernetes.core.k8s:
+    definition:
+      apiVersion: gateway.networking.k8s.io/v1
+      kind: GatewayClass
+      metadata:
+        name: traefik
+      spec:
+        controllerName: traefik.io/gateway-controller
+
+- name: Create Gateway
+  kubernetes.core.k8s:
+    definition:
+      apiVersion: gateway.networking.k8s.io/v1
+      kind: Gateway
+      metadata:
+        name: main-gateway
+        namespace: traefik
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-prod
+      spec:
+        gatewayClassName: traefik
+        listeners:
+        - name: web
+          port: 80
+          protocol: HTTP
+          allowedRoutes:
+            namespaces:
+              from: All
+        - name: websecure
+          port: 443
+          protocol: HTTPS
+          hostname: git.svc.pguia.com
+          tls:
+            mode: Terminate
+            certificateRefs:
+            - name: git-svc-pguia-com-tls
+          allowedRoutes:
+            namespaces:
+              from: All
+        - name: ssh
+          port: 2222
+          protocol: TCP
+          allowedRoutes:
+            namespaces:
+              from: All