Add envoy deployment and initial API HTTPRoute example

Author: jb3

kubernetes/namespaces/apis/quackstack/httproute.yaml

@@ -0,0 +1,16 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: quackstack
+  namespace: apis
+spec:
+  parentRefs:
+    - name: envoy-gateway
+      namespace: envoy-gateway
+  hostnames:
+    - quackstack.pythondiscord.com
+  rules:
+      - backendRefs:
+        - name: quackstack
+          weight: 1
+          port: 80

kubernetes/namespaces/envoy-gateway/README.md

@@ -0,0 +1,27 @@
+# Gateway
+
+We use Envoy Gateway as our Kubernetes Gateway API implementation (the successor to the deprecated Kubernetes Ingress API).
+
+## Installation
+
+Taken from https://gateway.envoyproxy.io/docs/tasks/quickstart/
+
+```bash
+$ helm install envoy-gateway oci://docker.io/envoyproxy/gateway-helm --version v1.7.1 -n envoy-gateway --create-namespace -f values.yaml
+```
+
+Wait for the `envoy-gateway` deployment to be ready:
+
+```bash
+$ kubectl wait --timeout=5m -n envoy-gateway deployment/envoy-gateway --for=condition=Available
+```
+
+Find the external IP address of the Envoy Gateway:
+
+```bash
+$ export GATEWAY_HOST=$(kubectl get gateway/envoy-gateway -o jsonpath='{.status.addresses[0].value}')
+```
+
+## Maintenance
+
+You can install the `egctl` tool following instructions [here](https://gateway.envoyproxy.io/docs/install/install-egctl/) to manage the Envoy Gateway deployment.

kubernetes/namespaces/envoy-gateway/gateway.yaml

@@ -0,0 +1,74 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: GatewayClass
+metadata:
+  name: envoy-gateway
+  namespace: envoy-gateway
+spec:
+  controllerName: gateway.envoyproxy.io/gatewayclass-controller
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: envoy-gateway
+  namespace: envoy-gateway
+spec:
+  gatewayClassName: envoy-gateway
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      allowedRoutes:
+        namespaces:
+          from: All
+
+    - name: https-pythondiscord-root
+      protocol: HTTPS
+      port: 443
+      hostname: "pythondiscord.com"
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - name: pythondiscord.com-tls
+            kind: Secret
+      allowedRoutes:
+        namespaces:
+          from: All
+
+    - name: https-pythondiscord-wildcard
+      protocol: HTTPS
+      port: 443
+      hostname: "*.pythondiscord.com"
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - name: pythondiscord.com-tls
+            kind: Secret
+      allowedRoutes:
+        namespaces:
+          from: All
+
+    - name: https-pydis-wtf-root
+      protocol: HTTPS
+      port: 443
+      hostname: "pydis.wtf"
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - name: pydis.wtf-tls
+            kind: Secret
+      allowedRoutes:
+        namespaces:
+          from: All
+
+    - name: https-pydis-wtf-wildcard
+      protocol: HTTPS
+      port: 443
+      hostname: "*.pydis.wtf"
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - name: pydis.wtf-tls
+            kind: Secret
+      allowedRoutes:
+        namespaces:
+          from: All

kubernetes/namespaces/envoy-gateway/values.yaml

@@ -0,0 +1,2 @@
+deployment:
+  replicas: 2