diff --git a/argo/ingress.yaml b/argo/ingress.yaml index 688776e..906bb78 100644 --- a/argo/ingress.yaml +++ b/argo/ingress.yaml @@ -2,6 +2,8 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + kubernetes.io/tls-acme: "true" name: argocd-ingress namespace: argocd spec: @@ -15,4 +17,8 @@ spec: service: name: argocd-server port: - number: 80 \ No newline at end of file + number: 80 + tls: + - hosts: + - argo.services.yolokube.de + secretName: argocd-tls-key diff --git a/dashboard/base/dashboard.yaml b/dashboard/base/dashboard.yaml index 6076d3f..2656ea2 100644 --- a/dashboard/base/dashboard.yaml +++ b/dashboard/base/dashboard.yaml @@ -49,6 +49,8 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + kubernetes.io/tls-acme: "true" name: dashboard-ingress namespace: dashboard spec: @@ -63,3 +65,7 @@ spec: name: dashboard-service port: number: 80 + tls: + - hosts: + - dashboard.services.yolokube.de + secretName: dashboard-tls-key diff --git a/dashboard/overlays/prod/kustomization.yaml b/dashboard/overlays/prod/kustomization.yaml index e11653b..0f374cb 100644 --- a/dashboard/overlays/prod/kustomization.yaml +++ b/dashboard/overlays/prod/kustomization.yaml @@ -5,5 +5,5 @@ kind: Kustomization images: - name: git.ar21.de/yolokube/dashboard newName: git.ar21.de/yolokube/dashboard - newTag: "1110" + newTag: "1113" namespace: dashboard diff --git a/dashboard/overlays/staging/kustomization.yaml b/dashboard/overlays/staging/kustomization.yaml index 5eb96e4..78cf4cb 100644 --- a/dashboard/overlays/staging/kustomization.yaml +++ b/dashboard/overlays/staging/kustomization.yaml @@ -5,7 +5,7 @@ kind: Kustomization images: - name: git.ar21.de/yolokube/dashboard newName: git.ar21.de/yolokube/dashboard - newTag: staging-1107 + newTag: staging-1111 namespace: dashboard-staging patches: - patch: |- @@ -15,6 +15,13 @@ patches: target: kind: Ingress name: dashboard-ingress +- patch: |- + - op: replace + path: /spec/tls/0/hosts/0 + value: "dashboard-staging.services.yolokube.de" + target: + kind: Ingress + name: dashboard-ingress - patch: |- - op: replace path: /spec/replicas diff --git a/dashboard/prod/dashboard.yaml b/dashboard/prod/dashboard.yaml index 06e5f17..7eb7ace 100644 --- a/dashboard/prod/dashboard.yaml +++ b/dashboard/prod/dashboard.yaml @@ -34,7 +34,7 @@ spec: app: dashboard spec: containers: - - image: git.ar21.de/yolokube/dashboard:1110 + - image: git.ar21.de/yolokube/dashboard:1113 imagePullPolicy: Always livenessProbe: httpGet: @@ -49,6 +49,8 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + kubernetes.io/tls-acme: "true" name: dashboard-ingress namespace: dashboard spec: @@ -63,3 +65,7 @@ spec: number: 80 path: / pathType: Prefix + tls: + - hosts: + - dashboard.services.yolokube.de + secretName: dashboard-tls-key diff --git a/dashboard/staging/dashboard.yaml b/dashboard/staging/dashboard.yaml index c011df9..7f44146 100644 --- a/dashboard/staging/dashboard.yaml +++ b/dashboard/staging/dashboard.yaml @@ -34,7 +34,7 @@ spec: app: dashboard spec: containers: - - image: git.ar21.de/yolokube/dashboard:staging-1107 + - image: git.ar21.de/yolokube/dashboard:staging-1111 imagePullPolicy: Always livenessProbe: httpGet: @@ -49,6 +49,8 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + kubernetes.io/tls-acme: "true" name: dashboard-ingress namespace: dashboard-staging spec: @@ -63,3 +65,7 @@ spec: number: 80 path: / pathType: Prefix + tls: + - hosts: + - dashboard-staging.services.yolokube.de + secretName: dashboard-tls-key diff --git a/examples/example-deployment.yaml b/examples/example-deployment.yaml index df94a40..6af57ee 100644 --- a/examples/example-deployment.yaml +++ b/examples/example-deployment.yaml @@ -65,11 +65,12 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + kubernetes.io/tls-acme: "true" + # Use for Basic auth: + # traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd name: example-ingress namespace: example - #annotations: - # Use for Basic auth: - # traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd spec: rules: - host: "example.apps.yolokube.de" @@ -82,3 +83,7 @@ spec: name: example-service port: number: 80 + tls: + - hosts: + - example.apps.yolokube.de + secretName: example-tls-key diff --git a/longhorn/values.yaml b/longhorn/values.yaml index 8a0f056..3024b2a 100644 --- a/longhorn/values.yaml +++ b/longhorn/values.yaml @@ -24,7 +24,10 @@ ingress: enabled: true host: longhorn.services.yolokube.de annotations: + kubernetes.io/tls-acme: "true" traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + tls: true + tlsSecret: longhorn-tls-key metrics: serviceMonitor: enabled: true diff --git a/prometheus/values.yaml b/prometheus/values.yaml index 1443cac..355a363 100644 --- a/prometheus/values.yaml +++ b/prometheus/values.yaml @@ -60,6 +60,11 @@ alertmanager: - alertmanager.services.yolokube.de annotations: traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + kubernetes.io/tls-acme: "true" + tls: + - secretName: alertmanager-tls-key + hosts: + - alertmanager.services.yolokube.de ingressPerReplica: pathType: ImplementationSpecific paths: @@ -69,15 +74,25 @@ alertmanager: hostDomain: services.yolokube.de annotations: traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + kubernetes.io/tls-acme: "true" + tlsSecretPerReplica: + enabled: true + prefix: alertmanager servicePerReplica: enabled: true podAntiAffinity: "hard" grafana: defaultDashboardsTimezone: Europe/Berlin ingress: + annotations: + kubernetes.io/tls-acme: "true" enabled: true hosts: - grafana.services.yolokube.de + tls: + - secretName: grafana-tls-key + hosts: + - grafana.services.yolokube.de persistence: enabled: true accessModes: @@ -106,6 +121,11 @@ prometheus: - prometheus.services.yolokube.de annotations: traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + kubernetes.io/tls-acme: "true" + tls: + - secretName: prometheus-tls-key + hosts: + - prometheus.services.yolokube.de ingressPerReplica: pathType: ImplementationSpecific paths: @@ -115,6 +135,10 @@ prometheus: hostDomain: services.yolokube.de annotations: traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + kubernetes.io/tls-acme: "true" + tlsSecretPerReplica: + enabled: true + prefix: prometheus prometheusSpec: retentionSize: "45GB" replicas: 2 @@ -142,4 +166,4 @@ defaultRules: customRules: KubeNodeUnreachable: for: 0m - severity: "critical" \ No newline at end of file + severity: "critical" diff --git a/tests/test-ingress.yaml b/tests/test-ingress.yaml index 0a3e556..2e0f08e 100644 --- a/tests/test-ingress.yaml +++ b/tests/test-ingress.yaml @@ -44,6 +44,8 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + kubernetes.io/tls-acme: "true" name: test1-ingress namespace: aaron-test spec: @@ -58,3 +60,7 @@ spec: name: test1-service port: number: 80 + tls: + - hosts: + - test.apps.yolokube.de + secretName: test1-tls-key diff --git a/tests/test-storage.yaml b/tests/test-storage.yaml index 2916d9c..e2ccafc 100644 --- a/tests/test-storage.yaml +++ b/tests/test-storage.yaml @@ -66,6 +66,8 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + kubernetes.io/tls-acme: "true" name: paste-ingress namespace: paste spec: @@ -79,4 +81,8 @@ spec: service: name: paste-service port: - number: 80 \ No newline at end of file + number: 80 + tls: + - hosts: + - paste.apps.yolokube.de + secretName: paste-tls-key diff --git a/traefik/dashboard-cert.yaml b/traefik/dashboard-cert.yaml new file mode 100644 index 0000000..b567b03 --- /dev/null +++ b/traefik/dashboard-cert.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: traefik-cert + namespace: traefik +spec: + secretName: traefik-tls-key + issuerRef: + name: letsencrypt-prod + kind: ClusterIssuer + dnsNames: + - traefik.services.yolokube.de