From bd3ef454a6ebbdf9d4bf391a0ae9b79dd7e33b75 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sun, 22 Dec 2024 18:16:44 +0100 Subject: [PATCH] new ingressroute for woodpecker --- traefik-certmanager/base/kustomization.yaml | 5 ++ .../base/traefik-certmanager.yaml | 66 +++++++++++++++++++ .../overlay/kustomization.yaml | 9 +++ traefik/dashboard-cert.yaml | 13 ---- woodpecker/grpc-ingress/ingress.yaml | 34 ++++------ 5 files changed, 93 insertions(+), 34 deletions(-) create mode 100644 traefik-certmanager/base/kustomization.yaml create mode 100644 traefik-certmanager/base/traefik-certmanager.yaml create mode 100644 traefik-certmanager/overlay/kustomization.yaml delete mode 100644 traefik/dashboard-cert.yaml diff --git a/traefik-certmanager/base/kustomization.yaml b/traefik-certmanager/base/kustomization.yaml new file mode 100644 index 0000000..df9d748 --- /dev/null +++ b/traefik-certmanager/base/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - traefik-certmanager.yaml diff --git a/traefik-certmanager/base/traefik-certmanager.yaml b/traefik-certmanager/base/traefik-certmanager.yaml new file mode 100644 index 0000000..d6571e3 --- /dev/null +++ b/traefik-certmanager/base/traefik-certmanager.yaml @@ -0,0 +1,66 @@ +# from https://github.com/ncsa/traefik-certmanager +# +# Used to automatically create cert request for IngressRoute Objects +# +# Added by Aaron + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: traefik-certmanager + namespace: traefik +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traefik-certmanager +rules: +- apiGroups: ["traefik.io"] + resources: ["ingressroutes"] + verbs: ["watch", "patch"] +- apiGroups: ["cert-manager.io"] + resources: ["certificates"] + verbs: ["get", "create", "delete"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traefik-certmanager +subjects: +- kind: ServiceAccount + name: traefik-certmanager + namespace: traefik +roleRef: + kind: ClusterRole + name: traefik-certmanager + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: traefik-certmanager + namespace: traefik +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: traefik-certmanager + template: + metadata: + labels: + app.kubernetes.io/name: traefik-certmanager + spec: + serviceAccount: traefik-certmanager + containers: + - name: traefik-certmanager + image: git.ar21.de/yolokube/traefik-certmanager:latest + imagePullPolicy: Always + env: + - name: ISSUER_NAME + value: letsencrypt-prod + - name: ISSUER_KIND + value: ClusterIssuer + - name: CERT_CLEANUP + value: "true" + - name: PATCH_SECRETNAME + value: "true" diff --git a/traefik-certmanager/overlay/kustomization.yaml b/traefik-certmanager/overlay/kustomization.yaml new file mode 100644 index 0000000..359b287 --- /dev/null +++ b/traefik-certmanager/overlay/kustomization.yaml @@ -0,0 +1,9 @@ +--- +resources: +- ../base +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: git.ar21.de/yolokube/traefik-certmanager + newName: git.ar21.de/yolokube/traefik-certmanager + newTag: "1" diff --git a/traefik/dashboard-cert.yaml b/traefik/dashboard-cert.yaml deleted file mode 100644 index b567b03..0000000 --- a/traefik/dashboard-cert.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: traefik-cert - namespace: traefik -spec: - secretName: traefik-tls-key - issuerRef: - name: letsencrypt-prod - kind: ClusterIssuer - dnsNames: - - traefik.services.yolokube.de diff --git a/woodpecker/grpc-ingress/ingress.yaml b/woodpecker/grpc-ingress/ingress.yaml index 1fcc5a3..0573e30 100644 --- a/woodpecker/grpc-ingress/ingress.yaml +++ b/woodpecker/grpc-ingress/ingress.yaml @@ -16,28 +16,20 @@ spec: port: 9000 targetPort: grpc --- -apiVersion: networking.k8s.io/v1 -kind: Ingress +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute metadata: - annotations: - kubernetes.io/tls-acme: "true" - traefik.ingress.kubernetes.io/loadbalancer.server.scheme: h2c - traefik.ingress.kubernetes.io/service.serversscheme: h2c - name: woodpecker-grpc namespace: woodpecker + name: woodpecker-grpc spec: - rules: - - host: "woodpecker-grpc.apps.yolokube.de" - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: woodpecker-grpc - port: - name: grpc + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`woodpecker-grpc.apps.yolokube.de`) && Header(`Content-Type`, `application/grpc`) + services: + - name: woodpecker-grpc + port: grpc + scheme: h2c tls: - - hosts: - - woodpecker-grpc.apps.yolokube.de - secretName: woodpecker-grpc-tls-key + secretName: woodpecker-grpc-tls-key