chore(deployment): create issuers and use them to provision TLS certs for katbin service

Signed-off-by: SphericalKat <amolele@gmail.com>
2021-06-29 19:16:16 -07:00 · 2021-06-29 19:16:16 -07:00 · d180b8998d
commit d180b8998d
parent 796148a341
4 changed files with 76 additions and 0 deletions
--- a/deployment/ingress.yml
+++ b/deployment/ingress.yml
@ -2,7 +2,14 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: katbin-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+
 spec:
+  tls:
+    - hosts:
+      - testapi.katb.in
+      secretName: katbin-tls
  rules:
  - host: testapi.katb.in
    http:
--- a/deployment/ingress_nginx_svc.yml
+++ b/deployment/ingress_nginx_svc.yml
@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: 'true'
+    service.beta.kubernetes.io/do-loadbalancer-hostname: "workaround.katb.in"
+  labels:
+    helm.sh/chart: ingress-nginx-3.23.0
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 0.44.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: controller
+  name: ingress-nginx-controller
+  namespace: ingress-nginx
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: http
+    - name: https
+      port: 443
+      protocol: TCP
+      targetPort: https
+  selector:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/component: controller
--- a/deployment/prod_issuer.yml
+++ b/deployment/prod_issuer.yml
@ -0,0 +1,19 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    # You must replace this email address with your own.
+    # Let's Encrypt will use this to contact you about expiring
+    # certificates, and issues related to your account.
+    email: amolele@gmail.com
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource that will be used to store the account's private key.
+      name: letsencrypt-prod
+    # Add a single challenge solver, HTTP01 using nginx
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
--- a/deployment/staging_issuer.yml
+++ b/deployment/staging_issuer.yml
@ -0,0 +1,19 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # You must replace this email address with your own.
+    # Let's Encrypt will use this to contact you about expiring
+    # certificates, and issues related to your account.
+    email: amolele@gmail.com
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource that will be used to store the account's private key.
+      name: letsencrypt-staging
+    # Add a single challenge solver, HTTP01 using nginx
+    solvers:
+    - http01:
+        ingress:
+          class: nginx