Adjust ingress tls values for cert-manager
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Tom Neuber 2024-05-28 17:42:47 +02:00
parent 90dcd9d15f
commit e1ed098915
Signed by: tom
GPG key ID: F17EFE4272D89FF6
9 changed files with 80 additions and 3 deletions

View file

@ -2,6 +2,8 @@
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
annotations:
kubernetes.io/tls-acme: "true"
name: argocd-ingress name: argocd-ingress
namespace: argocd namespace: argocd
spec: spec:
@ -15,4 +17,8 @@ spec:
service: service:
name: argocd-server name: argocd-server
port: port:
number: 80 number: 80
tls:
- hosts:
- argo.services.yolokube.de
secretName: argocd-tls-key

View file

@ -49,6 +49,8 @@ spec:
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
annotations:
kubernetes.io/tls-acme: "true"
name: dashboard-ingress name: dashboard-ingress
namespace: dashboard namespace: dashboard
spec: spec:
@ -63,3 +65,7 @@ spec:
name: dashboard-service name: dashboard-service
port: port:
number: 80 number: 80
tls:
- hosts:
- dashboard.services.yolokube.de
secretName: dashboard-tls-key

View file

@ -15,6 +15,13 @@ patches:
target: target:
kind: Ingress kind: Ingress
name: dashboard-ingress name: dashboard-ingress
- patch: |-
- op: replace
path: /spec/tls/0/hosts/0
value: "dashboard-staging.services.yolokube.de"
target:
kind: Ingress
name: dashboard-ingress
- patch: |- - patch: |-
- op: replace - op: replace
path: /spec/replicas path: /spec/replicas

View file

@ -65,6 +65,8 @@ spec:
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
annotations:
kubernetes.io/tls-acme: "true"
name: example-ingress name: example-ingress
namespace: example namespace: example
#annotations: #annotations:
@ -82,3 +84,7 @@ spec:
name: example-service name: example-service
port: port:
number: 80 number: 80
tls:
- hosts:
- example.apps.yolokube.de
secretName: example-tls-key

View file

@ -24,7 +24,10 @@ ingress:
enabled: true enabled: true
host: longhorn.services.yolokube.de host: longhorn.services.yolokube.de
annotations: annotations:
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
tls: true
tlsSecret: longhorn-tls-key
metrics: metrics:
serviceMonitor: serviceMonitor:
enabled: true enabled: true

View file

@ -60,6 +60,11 @@ alertmanager:
- alertmanager.services.yolokube.de - alertmanager.services.yolokube.de
annotations: annotations:
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
kubernetes.io/tls-acme: "true"
tls:
- secretName: alertmanager-tls-key
hosts:
- alertmanager.services.yolokube.de
ingressPerReplica: ingressPerReplica:
pathType: ImplementationSpecific pathType: ImplementationSpecific
paths: paths:
@ -69,15 +74,25 @@ alertmanager:
hostDomain: services.yolokube.de hostDomain: services.yolokube.de
annotations: annotations:
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
kubernetes.io/tls-acme: "true"
tlsSecretPerReplica:
enabled: true
prefix: alertmanager
servicePerReplica: servicePerReplica:
enabled: true enabled: true
podAntiAffinity: "hard" podAntiAffinity: "hard"
grafana: grafana:
defaultDashboardsTimezone: Europe/Berlin defaultDashboardsTimezone: Europe/Berlin
ingress: ingress:
annotations:
kubernetes.io/tls-acme: "true"
enabled: true enabled: true
hosts: hosts:
- grafana.services.yolokube.de - grafana.services.yolokube.de
tls:
- secretName: grafana-tls-key
hosts:
- grafana.services.yolokube.de
persistence: persistence:
enabled: true enabled: true
accessModes: accessModes:
@ -106,6 +121,11 @@ prometheus:
- prometheus.services.yolokube.de - prometheus.services.yolokube.de
annotations: annotations:
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
kubernetes.io/tls-acme: "true"
tls:
- secretName: prometheus-tls-key
hosts:
- prometheus.services.yolokube.de
ingressPerReplica: ingressPerReplica:
pathType: ImplementationSpecific pathType: ImplementationSpecific
paths: paths:
@ -115,6 +135,10 @@ prometheus:
hostDomain: services.yolokube.de hostDomain: services.yolokube.de
annotations: annotations:
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
kubernetes.io/tls-acme: "true"
tlsSecretPerReplica:
enabled: true
prefix: prometheus
prometheusSpec: prometheusSpec:
retentionSize: "45GB" retentionSize: "45GB"
replicas: 2 replicas: 2
@ -142,4 +166,4 @@ defaultRules:
customRules: customRules:
KubeNodeUnreachable: KubeNodeUnreachable:
for: 0m for: 0m
severity: "critical" severity: "critical"

View file

@ -44,6 +44,8 @@ spec:
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
annotations:
kubernetes.io/tls-acme: "true"
name: test1-ingress name: test1-ingress
namespace: aaron-test namespace: aaron-test
spec: spec:
@ -58,3 +60,7 @@ spec:
name: test1-service name: test1-service
port: port:
number: 80 number: 80
tls:
- hosts:
- test.apps.yolokube.de
secretName: test1-tls-key

View file

@ -66,6 +66,8 @@ spec:
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
annotations:
kubernetes.io/tls-acme: "true"
name: paste-ingress name: paste-ingress
namespace: paste namespace: paste
spec: spec:
@ -79,4 +81,8 @@ spec:
service: service:
name: paste-service name: paste-service
port: port:
number: 80 number: 80
tls:
- hosts:
- paste.apps.yolokube.de
secretName: paste-tls-key

View file

@ -0,0 +1,13 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: traefik-cert
namespace: traefik
spec:
secretName: traefik-tls-key
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- traefik.services.yolokube.de