wip(netbird): fix config

Signed-off-by: Vegard Hagen <[email protected]>

Author: vehagn

k8s/apps/dev/whoami/http-route.yaml

@@ -0,0 +1,14 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: whoami
+  namespace: whoami
+spec:
+  parentRefs:
+    - { name: external, namespace: gateway }
+    - { name: internal, namespace: gateway }
+  hostnames: [ "whoami.stonegarden.dev" ]
+  rules:
+    - backendRefs: [ { name: whoami, port: 80 } ]
+      matches:
+        - path: { type: PathPrefix, value: / }

k8s/apps/dev/whoami/kustomization.yaml

@@ -4,4 +4,5 @@ kind: Kustomization
 resources:
   - ns.yaml
   - svc.yaml
+  - http-route.yaml
   - deployment.yaml

k8s/infra/network/cilium/values.yaml

@@ -78,7 +78,7 @@ loadBalancer:
 gatewayAPI:
   enabled: true
   enableAlpn: true
-  # enableAppProtocol: true
+  enableAppProtocol: true
 
 envoy:
   prometheus:

k8s/infra/vpn/netbird/agent/daemon-set.yaml

@@ -12,6 +12,11 @@ spec:
       labels:
         app: agent
     spec:
+      dnsConfig:
+        nameservers:
+          - 10.96.0.12 # AdGuard Home
+          - 10.96.0.11 # Unbound
+      dnsPolicy: None
       securityContext:
         seccompProfile:
           type: RuntimeDefault

k8s/infra/vpn/netbird/grpc-route.yaml

@@ -13,7 +13,7 @@ spec:
       matches:
         - headers: [ { name: Content-Type, value: application/grpc } ]
         - method: { service: management.ManagementService }
-    - backendRefs: [ { name: signal, port: 80 } ]
+    - backendRefs: [ { name: signal, port: 10000 } ]
       matches:
         - headers: [ { name: Content-Type, value: application/grpc } ]
         - method: { service: signalexchange.SignalExchange }

k8s/infra/vpn/netbird/kustomization.yaml

@@ -13,3 +13,12 @@ resources:
   - management
   - relay
   - signal
+
+#helmCharts:
+#  - name: netbird
+#    repo: https://netbirdio.github.io/helms
+#    version: 1.9.0 # renovate: github-releases=netbirdio/helms
+#    releaseName: netbird
+#    includeCRDs: true
+#    namespace: netbird
+#    valuesFile: values.yaml

k8s/infra/vpn/netbird/management/deployment.yaml

@@ -20,7 +20,6 @@ spec:
         topology.kubernetes.io/zone: abel
       dnsConfig:
         nameservers:
-          - 172.20.10.153 # AdGuard Home
           - 10.96.0.12 # AdGuard Home
           - 10.96.0.11 # Unbound
       dnsPolicy: None

k8s/infra/vpn/netbird/management/svc.yaml

@@ -10,5 +10,5 @@ spec:
   ports:
     - name: http
       port: 80
-      appProtocol: kubernetes.io/h2c
       targetPort: http
+      appProtocol: kubernetes.io/h2c

k8s/infra/vpn/netbird/relay/svc.yaml

@@ -3,8 +3,6 @@ kind: Service
 metadata:
   name: relay
   namespace: netbird
-  labels:
-    app.kubernetes.io/name: relay
 spec:
   type: ClusterIP
   selector:

k8s/infra/vpn/netbird/signal/deployment.yaml

@@ -39,6 +39,8 @@ spec:
           ports:
             - name: http
               containerPort: 80
+            - name: legacy-grpc
+              containerPort: 10000
           livenessProbe:
             tcpSocket:
               port: http