feat: add infra deployment for k8s dev env with kgateway

shaneutt · shaneutt · commit 5e758de612aa · 2025-04-23T20:24:42.000-04:00
Signed-off-by: Shane Utt &lt;shaneutt@linux.com&gt;
diff --git a/deploy/environments/dev/kubernetes-kgateway-infra/kustomization.yaml b/deploy/environments/dev/kubernetes-kgateway-infra/kustomization.yaml
@@ -0,0 +1,20 @@
+# ------------------------------------------------------------------------------
+# OpenShift Environment - Infrastructure
+#
+# This provides the infrastructure-level requirements that individual
+# development environments (see `deploy/environments/dev/kubernetes`) will need
+# (e.g. CRDs, Operators, RBAC, etc). It utilizes KGateway as the control-plane
+# for Gateways.
+#
+# **WARNING**: CRD deployments need to be run first.
+#
+# **WARNING**: Needs to be run once, and regularly updated on an OpenShift
+# cluster by an administrator prior to deploying individual environments on
+# that cluster with `deploy/environments/dev/kubernetes`.
+# ------------------------------------------------------------------------------
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ../../../components/kgateway-control-plane/
+- rbac.yaml
diff --git a/deploy/environments/dev/kubernetes-kgateway-infra/rbac.yaml b/deploy/environments/dev/kubernetes-kgateway-infra/rbac.yaml
@@ -0,0 +1,55 @@
+# -----------------------------------------------------------------------------
+# This provides access to authenticated users to create and manage Gateways
+# and attach GIE to them on development clusters.
+# -----------------------------------------------------------------------------
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gateway-management
+rules:
+  # ---------------------------------------------------------------------------
+  # Gateway API
+  # ---------------------------------------------------------------------------
+  - apiGroups:
+    - gateway.networking.k8s.io
+    resources:
+    - gateways
+    - httproutes
+    - grpcroutes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - patch
+    - delete
+  # ---------------------------------------------------------------------------
+  # Gateway API Inference Extension (GIE)
+  # ---------------------------------------------------------------------------
+  - apiGroups:
+    - inference.networking.x-k8s.io
+    resources:
+    - inferencepools
+    - inferencemodels
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - patch
+    - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: authenticated-gateway-management
+subjects:
+  - kind: Group
+    name: system:authenticated
+    apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: gateway-management
+  apiGroup: rbac.authorization.k8s.io
