Adjust ingress tls values for cert-manager
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
90dcd9d15f
commit
e1ed098915
9 changed files with 80 additions and 3 deletions
|
@ -2,6 +2,8 @@
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
name: argocd-ingress
|
name: argocd-ingress
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
|
@ -15,4 +17,8 @@ spec:
|
||||||
service:
|
service:
|
||||||
name: argocd-server
|
name: argocd-server
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- argo.services.yolokube.de
|
||||||
|
secretName: argocd-tls-key
|
||||||
|
|
|
@ -49,6 +49,8 @@ spec:
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
name: dashboard-ingress
|
name: dashboard-ingress
|
||||||
namespace: dashboard
|
namespace: dashboard
|
||||||
spec:
|
spec:
|
||||||
|
@ -63,3 +65,7 @@ spec:
|
||||||
name: dashboard-service
|
name: dashboard-service
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- dashboard.services.yolokube.de
|
||||||
|
secretName: dashboard-tls-key
|
||||||
|
|
|
@ -15,6 +15,13 @@ patches:
|
||||||
target:
|
target:
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
name: dashboard-ingress
|
name: dashboard-ingress
|
||||||
|
- patch: |-
|
||||||
|
- op: replace
|
||||||
|
path: /spec/tls/0/hosts/0
|
||||||
|
value: "dashboard-staging.services.yolokube.de"
|
||||||
|
target:
|
||||||
|
kind: Ingress
|
||||||
|
name: dashboard-ingress
|
||||||
- patch: |-
|
- patch: |-
|
||||||
- op: replace
|
- op: replace
|
||||||
path: /spec/replicas
|
path: /spec/replicas
|
||||||
|
|
|
@ -65,6 +65,8 @@ spec:
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
name: example-ingress
|
name: example-ingress
|
||||||
namespace: example
|
namespace: example
|
||||||
#annotations:
|
#annotations:
|
||||||
|
@ -82,3 +84,7 @@ spec:
|
||||||
name: example-service
|
name: example-service
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- example.apps.yolokube.de
|
||||||
|
secretName: example-tls-key
|
||||||
|
|
|
@ -24,7 +24,10 @@ ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
host: longhorn.services.yolokube.de
|
host: longhorn.services.yolokube.de
|
||||||
annotations:
|
annotations:
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||||
|
tls: true
|
||||||
|
tlsSecret: longhorn-tls-key
|
||||||
metrics:
|
metrics:
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
@ -60,6 +60,11 @@ alertmanager:
|
||||||
- alertmanager.services.yolokube.de
|
- alertmanager.services.yolokube.de
|
||||||
annotations:
|
annotations:
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
tls:
|
||||||
|
- secretName: alertmanager-tls-key
|
||||||
|
hosts:
|
||||||
|
- alertmanager.services.yolokube.de
|
||||||
ingressPerReplica:
|
ingressPerReplica:
|
||||||
pathType: ImplementationSpecific
|
pathType: ImplementationSpecific
|
||||||
paths:
|
paths:
|
||||||
|
@ -69,15 +74,25 @@ alertmanager:
|
||||||
hostDomain: services.yolokube.de
|
hostDomain: services.yolokube.de
|
||||||
annotations:
|
annotations:
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
tlsSecretPerReplica:
|
||||||
|
enabled: true
|
||||||
|
prefix: alertmanager
|
||||||
servicePerReplica:
|
servicePerReplica:
|
||||||
enabled: true
|
enabled: true
|
||||||
podAntiAffinity: "hard"
|
podAntiAffinity: "hard"
|
||||||
grafana:
|
grafana:
|
||||||
defaultDashboardsTimezone: Europe/Berlin
|
defaultDashboardsTimezone: Europe/Berlin
|
||||||
ingress:
|
ingress:
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
enabled: true
|
enabled: true
|
||||||
hosts:
|
hosts:
|
||||||
- grafana.services.yolokube.de
|
- grafana.services.yolokube.de
|
||||||
|
tls:
|
||||||
|
- secretName: grafana-tls-key
|
||||||
|
hosts:
|
||||||
|
- grafana.services.yolokube.de
|
||||||
persistence:
|
persistence:
|
||||||
enabled: true
|
enabled: true
|
||||||
accessModes:
|
accessModes:
|
||||||
|
@ -106,6 +121,11 @@ prometheus:
|
||||||
- prometheus.services.yolokube.de
|
- prometheus.services.yolokube.de
|
||||||
annotations:
|
annotations:
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
tls:
|
||||||
|
- secretName: prometheus-tls-key
|
||||||
|
hosts:
|
||||||
|
- prometheus.services.yolokube.de
|
||||||
ingressPerReplica:
|
ingressPerReplica:
|
||||||
pathType: ImplementationSpecific
|
pathType: ImplementationSpecific
|
||||||
paths:
|
paths:
|
||||||
|
@ -115,6 +135,10 @@ prometheus:
|
||||||
hostDomain: services.yolokube.de
|
hostDomain: services.yolokube.de
|
||||||
annotations:
|
annotations:
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
tlsSecretPerReplica:
|
||||||
|
enabled: true
|
||||||
|
prefix: prometheus
|
||||||
prometheusSpec:
|
prometheusSpec:
|
||||||
retentionSize: "45GB"
|
retentionSize: "45GB"
|
||||||
replicas: 2
|
replicas: 2
|
||||||
|
@ -142,4 +166,4 @@ defaultRules:
|
||||||
customRules:
|
customRules:
|
||||||
KubeNodeUnreachable:
|
KubeNodeUnreachable:
|
||||||
for: 0m
|
for: 0m
|
||||||
severity: "critical"
|
severity: "critical"
|
||||||
|
|
|
@ -44,6 +44,8 @@ spec:
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
name: test1-ingress
|
name: test1-ingress
|
||||||
namespace: aaron-test
|
namespace: aaron-test
|
||||||
spec:
|
spec:
|
||||||
|
@ -58,3 +60,7 @@ spec:
|
||||||
name: test1-service
|
name: test1-service
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- test.apps.yolokube.de
|
||||||
|
secretName: test1-tls-key
|
||||||
|
|
|
@ -66,6 +66,8 @@ spec:
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
name: paste-ingress
|
name: paste-ingress
|
||||||
namespace: paste
|
namespace: paste
|
||||||
spec:
|
spec:
|
||||||
|
@ -79,4 +81,8 @@ spec:
|
||||||
service:
|
service:
|
||||||
name: paste-service
|
name: paste-service
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- paste.apps.yolokube.de
|
||||||
|
secretName: paste-tls-key
|
||||||
|
|
13
traefik/dashboard-cert.yaml
Normal file
13
traefik/dashboard-cert.yaml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: traefik-cert
|
||||||
|
namespace: traefik
|
||||||
|
spec:
|
||||||
|
secretName: traefik-tls-key
|
||||||
|
issuerRef:
|
||||||
|
name: letsencrypt-prod
|
||||||
|
kind: ClusterIssuer
|
||||||
|
dnsNames:
|
||||||
|
- traefik.services.yolokube.de
|
Loading…
Reference in a new issue