From e1ed098915bde128e7c0ed9ebdbee513aa809624 Mon Sep 17 00:00:00 2001
From: Tom Neuber <tomneuber@web.de>
Date: Tue, 28 May 2024 17:42:47 +0200
Subject: [PATCH] Adjust ingress tls values for cert-manager

---
 argo/ingress.yaml                             |  8 +++++-
 dashboard/base/dashboard.yaml                 |  6 +++++
 dashboard/overlays/staging/kustomization.yaml |  7 +++++
 examples/example-deployment.yaml              |  6 +++++
 longhorn/values.yaml                          |  3 +++
 prometheus/values.yaml                        | 26 ++++++++++++++++++-
 tests/test-ingress.yaml                       |  6 +++++
 tests/test-storage.yaml                       |  8 +++++-
 traefik/dashboard-cert.yaml                   | 13 ++++++++++
 9 files changed, 80 insertions(+), 3 deletions(-)
 create mode 100644 traefik/dashboard-cert.yaml

diff --git a/argo/ingress.yaml b/argo/ingress.yaml
index 688776e..906bb78 100644
--- a/argo/ingress.yaml
+++ b/argo/ingress.yaml
@@ -2,6 +2,8 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
+  annotations:
+    kubernetes.io/tls-acme: "true"
   name: argocd-ingress
   namespace: argocd
 spec:
@@ -15,4 +17,8 @@ spec:
           service:
             name: argocd-server
             port:
-              number: 80
\ No newline at end of file
+              number: 80
+  tls:
+  - hosts:
+      - argo.services.yolokube.de
+    secretName: argocd-tls-key
diff --git a/dashboard/base/dashboard.yaml b/dashboard/base/dashboard.yaml
index 6076d3f..2656ea2 100644
--- a/dashboard/base/dashboard.yaml
+++ b/dashboard/base/dashboard.yaml
@@ -49,6 +49,8 @@ spec:
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
+  annotations:
+    kubernetes.io/tls-acme: "true"
   name: dashboard-ingress
   namespace: dashboard
 spec:
@@ -63,3 +65,7 @@ spec:
             name: dashboard-service
             port:
               number: 80
+  tls:
+  - hosts:
+      - dashboard.services.yolokube.de
+    secretName: dashboard-tls-key
diff --git a/dashboard/overlays/staging/kustomization.yaml b/dashboard/overlays/staging/kustomization.yaml
index f4c409a..78cf4cb 100644
--- a/dashboard/overlays/staging/kustomization.yaml
+++ b/dashboard/overlays/staging/kustomization.yaml
@@ -15,6 +15,13 @@ patches:
   target:
     kind: Ingress
     name: dashboard-ingress
+- patch: |-
+    - op: replace
+      path: /spec/tls/0/hosts/0
+      value: "dashboard-staging.services.yolokube.de"
+  target:
+    kind: Ingress
+    name: dashboard-ingress
 - patch: |-
     - op: replace
       path: /spec/replicas
diff --git a/examples/example-deployment.yaml b/examples/example-deployment.yaml
index df94a40..4eccc7f 100644
--- a/examples/example-deployment.yaml
+++ b/examples/example-deployment.yaml
@@ -65,6 +65,8 @@ spec:
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
+  annotations:
+    kubernetes.io/tls-acme: "true"
   name: example-ingress
   namespace: example
   #annotations:
@@ -82,3 +84,7 @@ spec:
             name: example-service
             port:
               number: 80
+  tls:
+  - hosts:
+      - example.apps.yolokube.de
+    secretName: example-tls-key
diff --git a/longhorn/values.yaml b/longhorn/values.yaml
index 8a0f056..3024b2a 100644
--- a/longhorn/values.yaml
+++ b/longhorn/values.yaml
@@ -24,7 +24,10 @@ ingress:
   enabled: true
   host: longhorn.services.yolokube.de
   annotations:
+    kubernetes.io/tls-acme: "true"
     traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
+  tls: true
+  tlsSecret: longhorn-tls-key
 metrics:
   serviceMonitor:
     enabled: true
diff --git a/prometheus/values.yaml b/prometheus/values.yaml
index 1443cac..355a363 100644
--- a/prometheus/values.yaml
+++ b/prometheus/values.yaml
@@ -60,6 +60,11 @@ alertmanager:
       - alertmanager.services.yolokube.de
     annotations:
       traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
+      kubernetes.io/tls-acme: "true"
+    tls:
+      - secretName: alertmanager-tls-key
+        hosts:
+          - alertmanager.services.yolokube.de
   ingressPerReplica:
     pathType: ImplementationSpecific
     paths:
@@ -69,15 +74,25 @@ alertmanager:
     hostDomain: services.yolokube.de
     annotations:
       traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
+      kubernetes.io/tls-acme: "true"
+    tlsSecretPerReplica:
+      enabled: true
+      prefix: alertmanager
   servicePerReplica:
     enabled: true
   podAntiAffinity: "hard"
 grafana:
   defaultDashboardsTimezone: Europe/Berlin
   ingress:
+    annotations:
+      kubernetes.io/tls-acme: "true"
     enabled: true
     hosts:
       - grafana.services.yolokube.de
+    tls:
+      - secretName: grafana-tls-key
+        hosts:
+          - grafana.services.yolokube.de
   persistence:
     enabled: true
     accessModes:
@@ -106,6 +121,11 @@ prometheus:
       - prometheus.services.yolokube.de
     annotations:
       traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
+      kubernetes.io/tls-acme: "true"
+    tls:
+      - secretName: prometheus-tls-key
+        hosts:
+          - prometheus.services.yolokube.de
   ingressPerReplica:
     pathType: ImplementationSpecific
     paths:
@@ -115,6 +135,10 @@ prometheus:
     hostDomain: services.yolokube.de
     annotations:
       traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
+      kubernetes.io/tls-acme: "true"
+    tlsSecretPerReplica:
+      enabled: true
+      prefix: prometheus
   prometheusSpec:
     retentionSize: "45GB"
     replicas: 2
@@ -142,4 +166,4 @@ defaultRules:
 customRules:
   KubeNodeUnreachable:
     for: 0m
-    severity: "critical"
\ No newline at end of file
+    severity: "critical"
diff --git a/tests/test-ingress.yaml b/tests/test-ingress.yaml
index 0a3e556..2e0f08e 100644
--- a/tests/test-ingress.yaml
+++ b/tests/test-ingress.yaml
@@ -44,6 +44,8 @@ spec:
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
+  annotations:
+    kubernetes.io/tls-acme: "true"
   name: test1-ingress
   namespace: aaron-test
 spec:
@@ -58,3 +60,7 @@ spec:
             name: test1-service
             port:
               number: 80
+  tls:
+  - hosts:
+      - test.apps.yolokube.de
+    secretName: test1-tls-key
diff --git a/tests/test-storage.yaml b/tests/test-storage.yaml
index 2916d9c..e2ccafc 100644
--- a/tests/test-storage.yaml
+++ b/tests/test-storage.yaml
@@ -66,6 +66,8 @@ spec:
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
+  annotations:
+    kubernetes.io/tls-acme: "true"
   name: paste-ingress
   namespace: paste
 spec:
@@ -79,4 +81,8 @@ spec:
           service:
             name: paste-service
             port:
-              number: 80
\ No newline at end of file
+              number: 80
+  tls:
+  - hosts:
+      - paste.apps.yolokube.de
+    secretName: paste-tls-key
diff --git a/traefik/dashboard-cert.yaml b/traefik/dashboard-cert.yaml
new file mode 100644
index 0000000..b567b03
--- /dev/null
+++ b/traefik/dashboard-cert.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: traefik-cert
+  namespace: traefik
+spec:
+  secretName: traefik-tls-key
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+    - traefik.services.yolokube.de