223 - Expose metallb lb outside the network

kubernetes/networking/admin-gateway.yaml

@@ -0,0 +1,27 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: admin
+  namespace: istio-system
+spec:
+  selector:
+    app: admin-ingressgateway
+  servers:
+  - hosts:
+    - '*'
+    port:
+      name: http
+      number: 8080
+      protocol: HTTP
+    tls:
+      httpsRedirect: true
+  - hosts:
+    - '*'
+    port:
+      name: https
+      number: 8443
+      protocol: HTTPS
+    tls:
+      credentialName: admin-cert
+      minProtocolVersion: TLSV1_3
+      mode: SIMPLE

kubernetes/networking/admin-service.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: admin-ingressgateway
+  namespace: istio-system
+spec:
+  ports:
+  - name: status-port
+    nodePort: 30511
+    port: 15021
+    protocol: TCP
+    targetPort: 15021
+  - name: http2
+    nodePort: 32138
+    port: 80
+    protocol: TCP
+    targetPort: 8080
+  - name: https
+    nodePort: 30181
+    port: 443
+    protocol: TCP
+    targetPort: 8443
+  selector:
+    app: admin-ingressgateway
+    istio: ingressgateway
+  sessionAffinity: None
+  type: LoadBalancer

kubernetes/networking/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - admin-gateway.yaml
+  - admin-service.yaml
+  - tenant-gateway.yaml
+  - tenant-service.yaml

kubernetes/networking/tenant-gateway.yaml

@@ -0,0 +1,27 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: tenant
+  namespace: istio-system
+spec:
+  selector:
+    app: tenant-ingressgateway
+  servers:
+  - hosts:
+    - '*'
+    port:
+      name: http
+      number: 8080
+      protocol: HTTP
+    tls:
+      httpsRedirect: true
+  - hosts:
+    - '*'
+    port:
+      name: https
+      number: 8443
+      protocol: HTTPS
+    tls:
+      credentialName: tenant-cert
+      minProtocolVersion: TLSV1_3
+      mode: SIMPLE

kubernetes/networking/tenant-service.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: tenant-ingressgateway
+  namespace: istio-system
+spec:
+  ports:
+  - name: status-port
+    nodePort: 30248
+    port: 15021
+    protocol: TCP
+    targetPort: 15021
+  - name: http2
+    nodePort: 32386
+    port: 80
+    protocol: TCP
+    targetPort: 8080
+  - name: https
+    nodePort: 30535
+    port: 443
+    protocol: TCP
+    targetPort: 8443
+  selector:
+    app: tenant-ingressgateway
+    istio: ingressgateway
+  sessionAffinity: None
+  type: LoadBalancer

zarf.yaml

@@ -30,6 +30,15 @@ components:
     images:
       - "ghcr.io/defenseunicorns/leapfrogai/api:0.3.2"
       - "registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar:1.23.3"
+    files:
+      - source: kubernetes/networking/
+        target: networking/
+    actions:
+      onDeploy:
+        after:
+          - cmd: kubectl apply -k networking
+        onSuccess:
+          - cmd: rm -rf networking
   - name: dcgm-exporter
     charts:
       - name: dcgm-exporter