Add gateway-api-gateway, working letsencrypt.

Adam Heath
Showing 6 changed files with 229 additions and 0 deletions
gateway-api-gateway/charts/gateway/certificates.yaml
gateway-api-gateway/charts/gateway/gateway.yaml
gateway-api-gateway/charts/gateway/issuers.yaml
gateway-api-gateway/charts/gateway/kustomization.yaml
gateway-api-gateway/environments/default-values.yaml
gateway-api-gateway/helmfile.yaml
--- a/gateway-api-gateway/charts/gateway/certificates.yaml 0 → 100644
View file @f3c25da
+++ b/gateway-api-gateway/charts/gateway/certificates.yaml 0 → 100644
View file @f3c25da
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: exact-cert
+spec:
+  secretName: exact-cert
+  secretTemplate:
+    labels:
+      "backup.cert-manager.brainfood.com": "true"
+  dnsNames:
+    - 'example.com'
+  issuerRef:
+    name: letsencrypt-staging
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: subs-cert
+spec:
+  secretName: subs-cert
+  secretTemplate:
+    labels:
+      "backup.cert-manager.brainfood.com": "true"
+  dnsNames:
+    - 'test.example.com'
+    - 'auth.example.com'
+  issuerRef:
+    name: letsencrypt-staging
+---
+
--- a/gateway-api-gateway/charts/gateway/gateway.yaml 0 → 100644
View file @f3c25da
+++ b/gateway-api-gateway/charts/gateway/gateway.yaml 0 → 100644
View file @f3c25da
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+  name: gateway
+spec:
+  gatewayClassName: istio
+  listeners:
+    - name: http-all
+      port: 80
+      protocol: HTTP
+    - name: https-base
+      protocol: HTTPS
+      port: 443
+      hostname: "example.com"
+      tls:
+        certificateRefs:
+          - kind: Secret
+            name: exact-cert
+    - name: https-subs
+      protocol: HTTPS
+      port: 443
+      hostname: "*.example.com"
+      tls:
+        certificateRefs:
+          - kind: Secret
+            name: subs-cert
+---
--- a/gateway-api-gateway/charts/gateway/issuers.yaml 0 → 100644
View file @f3c25da
+++ b/gateway-api-gateway/charts/gateway/issuers.yaml 0 → 100644
View file @f3c25da
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    email: test@example.com
+    preferredChain: ISRG Root X1
+    privateKeySecretRef:
+      name: letsencrypt-account
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    solvers:
+      - http01:
+          gatewayHTTPRoute:
+            parentRefs:
+              - group: gateway.networking.k8s.io
+                kind: Gateway
+                name: gateway
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    email: test@example.com
+    preferredChain: ISRG Root X1
+    privateKeySecretRef:
+      name: letsencrypt-account
+    server: https://acme-v02.api.letsencrypt.org/directory
+    solvers:
+      - http01:
+          gatewayHTTPRoute:
+            parentRefs:
+              - group: gateway.networking.k8s.io
+                kind: Gateway
+                name: gateway
+---
--- a/gateway-api-gateway/charts/gateway/kustomization.yaml 0 → 100644
View file @f3c25da
+++ b/gateway-api-gateway/charts/gateway/kustomization.yaml 0 → 100644
View file @f3c25da
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./gateway.yaml
+  - ./issuers.yaml
+  - ./certificates.yaml
--- a/gateway-api-gateway/environments/default-values.yaml 0 → 100644
View file @f3c25da
+++ b/gateway-api-gateway/environments/default-values.yaml 0 → 100644
View file @f3c25da
+name: test
+namespace: default
+gatewayClassName: istio
+baseDomain: example.com
+subDomains:
+  - auth.example.com
+  - www.example.com
+
+letsEncrypt:
+  email: name@example.com
--- a/gateway-api-gateway/helmfile.yaml 0 → 100644
View file @f3c25da
+++ b/gateway-api-gateway/helmfile.yaml 0 → 100644
View file @f3c25da
+bases:
+  - ../common/environments.yaml
+
+
+---
+
+releases:
+  - name: {{ .Values.name }}-gateway
+    chart: charts/gateway
+    namespace: {{ .Values.namespace }}
+    values:
+      - namePrefix: "{{ .Values.name }}-"
+
+    jsonPatches:
+      - target:
+          version: v1
+          group: cert-manager.io
+          kind: Certificate
+          namespace: {{ .Values.namespace }}
+          name: {{ .Values.name }}-exact-cert
+        patch:
+          - op: replace
+            path: /spec/dnsNames
+            value:
+              - {{ .Values.baseDomain }}
+      - target:
+          version: v1
+          group: cert-manager.io
+          kind: Certificate
+          namespace: {{ .Values.namespace }}
+          name: {{ .Values.name }}-subs-cert
+        patch:
+          - op: replace
+            path: /spec/dnsNames
+            value: {{ .Values.subDomains | toYaml | nindent 14 }}
+      - target:
+          version: v1beta1
+          group: gateway.networking.k8s.io
+          kind: Gateway
+          namespace: {{ .Values.namespace }}
+          name: {{ .Values.name }}-gateway
+        patch:
+          - op: replace
+            path: /spec/gatewayClassName
+            value: {{ .Values.gatewayClassName }}
+          - op: replace
+            path: /spec/listeners/1/hostname
+            value: {{ .Values.baseDomain }}
+          - op: replace
+            path: /spec/listeners/1/tls/certificateRefs/0/name
+            value: {{ .Values.name }}-exact-cert
+          - op: replace
+            path: /spec/listeners/2/hostname
+            value: "*.{{ .Values.baseDomain }}"
+          - op: replace
+            path: /spec/listeners/2/tls/certificateRefs/0/name
+            value: {{ .Values.name }}-subs-cert
+      - target:
+          version: v1
+          group: cert-manager.io
+          kind: Issuer
+          namespace: {{ .Values.namespace }}
+          name: {{ .Values.name }}-letsencrypt-staging
+        patch:
+          - op: replace
+            path: /spec/acme/solvers/0/http01/gatewayHTTPRoute/parentRefs/0/name
+            value: {{ .Values.name }}-gateway
+      - target:
+          version: v1
+          group: cert-manager.io
+          kind: Issuer
+          namespace: {{ .Values.namespace }}
+          name: {{ .Values.name }}-letsencrypt-production
+        patch:
+          - op: replace
+            path: /spec/acme/solvers/0/http01/gatewayHTTPRoute/parentRefs/0/name
+            value: {{ .Values.name }}-gateway
+    strategicMergePatches:
+      - apiVersion: cert-manager.io/v1
+        kind: Certificate
+        metadata:
+          namespace: {{ .Values.namespace }}
+          name: {{ .Values.name }}-exact-cert
+        spec:
+          issuerRef:
+            name: {{ .Values.name }}-letsencrypt-staging
+          secretName: {{ .Values.name }}-exact-cert
+      - apiVersion: cert-manager.io/v1
+        kind: Certificate
+        metadata:
+          namespace: {{ .Values.namespace }}
+          name: {{ .Values.name }}-subs-cert
+        spec:
+          issuerRef:
+            name: {{ .Values.name }}-letsencrypt-staging
+          secretName: {{ .Values.name }}-subs-cert
+      - apiVersion: cert-manager.io/v1
+        kind: Issuer
+        metadata:
+          namespace: {{ .Values.namespace }}
+          name: {{ .Values.name }}-letsencrypt-staging
+        spec:
+          acme:
+            email: {{ .Values.letsEncrypt.email }}
+            privateKeySecretRef:
+              name: {{ .Values.name }}-letsencrypt-account
+      - apiVersion: cert-manager.io/v1
+        kind: Issuer
+        metadata:
+          namespace: {{ .Values.namespace }}
+          name: {{ .Values.name }}-letsencrypt-production
+        spec:
+          acme:
+            email: {{ .Values.letsEncrypt.email }}
+            privateKeySecretRef:
+              name: {{ .Values.name }}-letsencrypt-account
+