new ingressroute for woodpecker
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
This commit is contained in:
parent
689aecd870
commit
d44c9fbc34
5 changed files with 93 additions and 34 deletions
5
traefik-certmanager/base/kustomization.yaml
Normal file
5
traefik-certmanager/base/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- traefik-certmanager.yaml
|
66
traefik-certmanager/base/traefik-certmanager.yaml
Normal file
66
traefik-certmanager/base/traefik-certmanager.yaml
Normal file
|
@ -0,0 +1,66 @@
|
||||||
|
# from https://github.com/ncsa/traefik-certmanager
|
||||||
|
#
|
||||||
|
# Used to automatically create cert request for IngressRoute Objects
|
||||||
|
#
|
||||||
|
# Added by Aaron
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: traefik-certmanager
|
||||||
|
namespace: traefik
|
||||||
|
---
|
||||||
|
kind: ClusterRole
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: traefik-certmanager
|
||||||
|
rules:
|
||||||
|
- apiGroups: ["traefik.io"]
|
||||||
|
resources: ["ingressroutes"]
|
||||||
|
verbs: ["watch", "patch"]
|
||||||
|
- apiGroups: ["cert-manager.io"]
|
||||||
|
resources: ["certificates"]
|
||||||
|
verbs: ["get", "create", "delete"]
|
||||||
|
---
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: traefik-certmanager
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: traefik-certmanager
|
||||||
|
namespace: traefik
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: traefik-certmanager
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: traefik-certmanager
|
||||||
|
namespace: traefik
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: traefik-certmanager
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: traefik-certmanager
|
||||||
|
spec:
|
||||||
|
serviceAccount: traefik-certmanager
|
||||||
|
containers:
|
||||||
|
- name: traefik-certmanager
|
||||||
|
image: git.ar21.de/yolokube/traefik-certmanager:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
env:
|
||||||
|
- name: ISSUER_NAME
|
||||||
|
value: letsencrypt-prod
|
||||||
|
- name: ISSUER_KIND
|
||||||
|
value: ClusterIssuer
|
||||||
|
- name: CERT_CLEANUP
|
||||||
|
value: "true"
|
||||||
|
- name: PATCH_SECRETNAME
|
||||||
|
value: "true"
|
9
traefik-certmanager/overlay/kustomization.yaml
Normal file
9
traefik-certmanager/overlay/kustomization.yaml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
resources:
|
||||||
|
- ../base
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
images:
|
||||||
|
- name: git.ar21.de/yolokube/traefik-certmanager
|
||||||
|
newName: git.ar21.de/yolokube/traefik-certmanager
|
||||||
|
newTag: "1"
|
|
@ -1,13 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: traefik-cert
|
|
||||||
namespace: traefik
|
|
||||||
spec:
|
|
||||||
secretName: traefik-tls-key
|
|
||||||
issuerRef:
|
|
||||||
name: letsencrypt-prod
|
|
||||||
kind: ClusterIssuer
|
|
||||||
dnsNames:
|
|
||||||
- traefik.services.yolokube.de
|
|
|
@ -16,28 +16,20 @@ spec:
|
||||||
port: 9000
|
port: 9000
|
||||||
targetPort: grpc
|
targetPort: grpc
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: Ingress
|
kind: IngressRoute
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
|
||||||
kubernetes.io/tls-acme: "true"
|
|
||||||
traefik.ingress.kubernetes.io/loadbalancer.server.scheme: h2c
|
|
||||||
traefik.ingress.kubernetes.io/service.serversscheme: h2c
|
|
||||||
name: woodpecker-grpc
|
|
||||||
namespace: woodpecker
|
namespace: woodpecker
|
||||||
|
name: woodpecker-grpc
|
||||||
spec:
|
spec:
|
||||||
rules:
|
entryPoints:
|
||||||
- host: "woodpecker-grpc.apps.yolokube.de"
|
- websecure
|
||||||
http:
|
routes:
|
||||||
paths:
|
- kind: Rule
|
||||||
- pathType: Prefix
|
match: Host(`woodpecker-grpc.apps.yolokube.de`) && Header(`Content-Type`, `application/grpc`)
|
||||||
path: "/"
|
services:
|
||||||
backend:
|
- name: woodpecker-grpc
|
||||||
service:
|
port: grpc
|
||||||
name: woodpecker-grpc
|
scheme: h2c
|
||||||
port:
|
|
||||||
name: grpc
|
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
secretName: woodpecker-grpc-tls-key
|
||||||
- woodpecker-grpc.apps.yolokube.de
|
|
||||||
secretName: woodpecker-grpc-tls-key
|
|
||||||
|
|
Loading…
Reference in a new issue