From fd137569225b23d7d6fe533611eccf433049003b Mon Sep 17 00:00:00 2001 From: renovate Date: Mon, 27 May 2024 21:12:51 +0000 Subject: [PATCH 1/7] DASHBOARD STAGING: update image tag to 1111 (done automagically via Drone pipeline) --- dashboard/overlays/staging/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard/overlays/staging/kustomization.yaml b/dashboard/overlays/staging/kustomization.yaml index 5eb96e4..f4c409a 100644 --- a/dashboard/overlays/staging/kustomization.yaml +++ b/dashboard/overlays/staging/kustomization.yaml @@ -5,7 +5,7 @@ kind: Kustomization images: - name: git.ar21.de/yolokube/dashboard newName: git.ar21.de/yolokube/dashboard - newTag: staging-1107 + newTag: staging-1111 namespace: dashboard-staging patches: - patch: |- From 77a730dc1013621bb53156a52eed84be00ec11ee Mon Sep 17 00:00:00 2001 From: renovate Date: Mon, 27 May 2024 21:12:59 +0000 Subject: [PATCH 2/7] KUSTOMIZE BUILD: rebuild dashboard deployment with kustomize 1001 (done automagically via Drone pipeline) [CI SKIP] --- dashboard/staging/dashboard.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard/staging/dashboard.yaml b/dashboard/staging/dashboard.yaml index c011df9..07738ad 100644 --- a/dashboard/staging/dashboard.yaml +++ b/dashboard/staging/dashboard.yaml @@ -34,7 +34,7 @@ spec: app: dashboard spec: containers: - - image: git.ar21.de/yolokube/dashboard:staging-1107 + - image: git.ar21.de/yolokube/dashboard:staging-1111 imagePullPolicy: Always livenessProbe: httpGet: From c210a80caba573fcb738bce2fe232e306e593c6b Mon Sep 17 00:00:00 2001 From: renovate Date: Mon, 27 May 2024 21:13:47 +0000 Subject: [PATCH 3/7] DASHBOARD: update image tag to 1113 (done automagically via Drone pipeline) --- dashboard/overlays/prod/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard/overlays/prod/kustomization.yaml b/dashboard/overlays/prod/kustomization.yaml index e11653b..0f374cb 100644 --- a/dashboard/overlays/prod/kustomization.yaml +++ b/dashboard/overlays/prod/kustomization.yaml @@ -5,5 +5,5 @@ kind: Kustomization images: - name: git.ar21.de/yolokube/dashboard newName: git.ar21.de/yolokube/dashboard - newTag: "1110" + newTag: "1113" namespace: dashboard From 90dcd9d15f286913f9f26dfd3ef880f3fa15ebeb Mon Sep 17 00:00:00 2001 From: renovate Date: Mon, 27 May 2024 21:13:53 +0000 Subject: [PATCH 4/7] KUSTOMIZE BUILD: rebuild dashboard deployment with kustomize 1002 (done automagically via Drone pipeline) [CI SKIP] --- dashboard/prod/dashboard.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard/prod/dashboard.yaml b/dashboard/prod/dashboard.yaml index 06e5f17..f734f75 100644 --- a/dashboard/prod/dashboard.yaml +++ b/dashboard/prod/dashboard.yaml @@ -34,7 +34,7 @@ spec: app: dashboard spec: containers: - - image: git.ar21.de/yolokube/dashboard:1110 + - image: git.ar21.de/yolokube/dashboard:1113 imagePullPolicy: Always livenessProbe: httpGet: From e1ed098915bde128e7c0ed9ebdbee513aa809624 Mon Sep 17 00:00:00 2001 From: Tom Neuber Date: Tue, 28 May 2024 17:42:47 +0200 Subject: [PATCH 5/7] Adjust ingress tls values for cert-manager --- argo/ingress.yaml | 8 +++++- dashboard/base/dashboard.yaml | 6 +++++ dashboard/overlays/staging/kustomization.yaml | 7 +++++ examples/example-deployment.yaml | 6 +++++ longhorn/values.yaml | 3 +++ prometheus/values.yaml | 26 ++++++++++++++++++- tests/test-ingress.yaml | 6 +++++ tests/test-storage.yaml | 8 +++++- traefik/dashboard-cert.yaml | 13 ++++++++++ 9 files changed, 80 insertions(+), 3 deletions(-) create mode 100644 traefik/dashboard-cert.yaml diff --git a/argo/ingress.yaml b/argo/ingress.yaml index 688776e..906bb78 100644 --- a/argo/ingress.yaml +++ b/argo/ingress.yaml @@ -2,6 +2,8 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + kubernetes.io/tls-acme: "true" name: argocd-ingress namespace: argocd spec: @@ -15,4 +17,8 @@ spec: service: name: argocd-server port: - number: 80 \ No newline at end of file + number: 80 + tls: + - hosts: + - argo.services.yolokube.de + secretName: argocd-tls-key diff --git a/dashboard/base/dashboard.yaml b/dashboard/base/dashboard.yaml index 6076d3f..2656ea2 100644 --- a/dashboard/base/dashboard.yaml +++ b/dashboard/base/dashboard.yaml @@ -49,6 +49,8 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + kubernetes.io/tls-acme: "true" name: dashboard-ingress namespace: dashboard spec: @@ -63,3 +65,7 @@ spec: name: dashboard-service port: number: 80 + tls: + - hosts: + - dashboard.services.yolokube.de + secretName: dashboard-tls-key diff --git a/dashboard/overlays/staging/kustomization.yaml b/dashboard/overlays/staging/kustomization.yaml index f4c409a..78cf4cb 100644 --- a/dashboard/overlays/staging/kustomization.yaml +++ b/dashboard/overlays/staging/kustomization.yaml @@ -15,6 +15,13 @@ patches: target: kind: Ingress name: dashboard-ingress +- patch: |- + - op: replace + path: /spec/tls/0/hosts/0 + value: "dashboard-staging.services.yolokube.de" + target: + kind: Ingress + name: dashboard-ingress - patch: |- - op: replace path: /spec/replicas diff --git a/examples/example-deployment.yaml b/examples/example-deployment.yaml index df94a40..4eccc7f 100644 --- a/examples/example-deployment.yaml +++ b/examples/example-deployment.yaml @@ -65,6 +65,8 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + kubernetes.io/tls-acme: "true" name: example-ingress namespace: example #annotations: @@ -82,3 +84,7 @@ spec: name: example-service port: number: 80 + tls: + - hosts: + - example.apps.yolokube.de + secretName: example-tls-key diff --git a/longhorn/values.yaml b/longhorn/values.yaml index 8a0f056..3024b2a 100644 --- a/longhorn/values.yaml +++ b/longhorn/values.yaml @@ -24,7 +24,10 @@ ingress: enabled: true host: longhorn.services.yolokube.de annotations: + kubernetes.io/tls-acme: "true" traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + tls: true + tlsSecret: longhorn-tls-key metrics: serviceMonitor: enabled: true diff --git a/prometheus/values.yaml b/prometheus/values.yaml index 1443cac..355a363 100644 --- a/prometheus/values.yaml +++ b/prometheus/values.yaml @@ -60,6 +60,11 @@ alertmanager: - alertmanager.services.yolokube.de annotations: traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + kubernetes.io/tls-acme: "true" + tls: + - secretName: alertmanager-tls-key + hosts: + - alertmanager.services.yolokube.de ingressPerReplica: pathType: ImplementationSpecific paths: @@ -69,15 +74,25 @@ alertmanager: hostDomain: services.yolokube.de annotations: traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + kubernetes.io/tls-acme: "true" + tlsSecretPerReplica: + enabled: true + prefix: alertmanager servicePerReplica: enabled: true podAntiAffinity: "hard" grafana: defaultDashboardsTimezone: Europe/Berlin ingress: + annotations: + kubernetes.io/tls-acme: "true" enabled: true hosts: - grafana.services.yolokube.de + tls: + - secretName: grafana-tls-key + hosts: + - grafana.services.yolokube.de persistence: enabled: true accessModes: @@ -106,6 +121,11 @@ prometheus: - prometheus.services.yolokube.de annotations: traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + kubernetes.io/tls-acme: "true" + tls: + - secretName: prometheus-tls-key + hosts: + - prometheus.services.yolokube.de ingressPerReplica: pathType: ImplementationSpecific paths: @@ -115,6 +135,10 @@ prometheus: hostDomain: services.yolokube.de annotations: traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + kubernetes.io/tls-acme: "true" + tlsSecretPerReplica: + enabled: true + prefix: prometheus prometheusSpec: retentionSize: "45GB" replicas: 2 @@ -142,4 +166,4 @@ defaultRules: customRules: KubeNodeUnreachable: for: 0m - severity: "critical" \ No newline at end of file + severity: "critical" diff --git a/tests/test-ingress.yaml b/tests/test-ingress.yaml index 0a3e556..2e0f08e 100644 --- a/tests/test-ingress.yaml +++ b/tests/test-ingress.yaml @@ -44,6 +44,8 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + kubernetes.io/tls-acme: "true" name: test1-ingress namespace: aaron-test spec: @@ -58,3 +60,7 @@ spec: name: test1-service port: number: 80 + tls: + - hosts: + - test.apps.yolokube.de + secretName: test1-tls-key diff --git a/tests/test-storage.yaml b/tests/test-storage.yaml index 2916d9c..e2ccafc 100644 --- a/tests/test-storage.yaml +++ b/tests/test-storage.yaml @@ -66,6 +66,8 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + kubernetes.io/tls-acme: "true" name: paste-ingress namespace: paste spec: @@ -79,4 +81,8 @@ spec: service: name: paste-service port: - number: 80 \ No newline at end of file + number: 80 + tls: + - hosts: + - paste.apps.yolokube.de + secretName: paste-tls-key diff --git a/traefik/dashboard-cert.yaml b/traefik/dashboard-cert.yaml new file mode 100644 index 0000000..b567b03 --- /dev/null +++ b/traefik/dashboard-cert.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: traefik-cert + namespace: traefik +spec: + secretName: traefik-tls-key + issuerRef: + name: letsencrypt-prod + kind: ClusterIssuer + dnsNames: + - traefik.services.yolokube.de From 329935dbb631fc23046ee2fb73b24c141ed50754 Mon Sep 17 00:00:00 2001 From: tom Date: Tue, 28 May 2024 15:44:30 +0000 Subject: [PATCH 6/7] KUSTOMIZE BUILD: rebuild dashboard deployment with kustomize 1003 (done automagically via Drone pipeline) [CI SKIP] --- dashboard/prod/dashboard.yaml | 6 ++++++ dashboard/staging/dashboard.yaml | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/dashboard/prod/dashboard.yaml b/dashboard/prod/dashboard.yaml index f734f75..7eb7ace 100644 --- a/dashboard/prod/dashboard.yaml +++ b/dashboard/prod/dashboard.yaml @@ -49,6 +49,8 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + kubernetes.io/tls-acme: "true" name: dashboard-ingress namespace: dashboard spec: @@ -63,3 +65,7 @@ spec: number: 80 path: / pathType: Prefix + tls: + - hosts: + - dashboard.services.yolokube.de + secretName: dashboard-tls-key diff --git a/dashboard/staging/dashboard.yaml b/dashboard/staging/dashboard.yaml index 07738ad..7f44146 100644 --- a/dashboard/staging/dashboard.yaml +++ b/dashboard/staging/dashboard.yaml @@ -49,6 +49,8 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + kubernetes.io/tls-acme: "true" name: dashboard-ingress namespace: dashboard-staging spec: @@ -63,3 +65,7 @@ spec: number: 80 path: / pathType: Prefix + tls: + - hosts: + - dashboard-staging.services.yolokube.de + secretName: dashboard-tls-key From c033d08c3bd10155c8f19e4707bad3ad88984537 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Tue, 28 May 2024 17:51:00 +0200 Subject: [PATCH 7/7] example-deployment: move annotations to prevent confusion --- examples/example-deployment.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/examples/example-deployment.yaml b/examples/example-deployment.yaml index 4eccc7f..6af57ee 100644 --- a/examples/example-deployment.yaml +++ b/examples/example-deployment.yaml @@ -67,11 +67,10 @@ kind: Ingress metadata: annotations: kubernetes.io/tls-acme: "true" + # Use for Basic auth: + # traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd name: example-ingress namespace: example - #annotations: - # Use for Basic auth: - # traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd spec: rules: - host: "example.apps.yolokube.de"