Skip to content

brainfood / k8s-helmfiles

Go to a project
Toggle navigation
Toggle navigation pinning
f3c25da7 by Adam Heath
Options

Add gateway-api-gateway, working letsencrypt.

1 parent 9458134d
Inline Side-by-side
Showing 6 changed files with 229 additions and 0 deletions
1 apiVersion: cert-manager.io/v1
2 kind: Certificate
3 metadata:
4 name: exact-cert
5 spec:
6 secretName: exact-cert
7 secretTemplate:
8 labels:
9 "backup.cert-manager.brainfood.com": "true"
10 dnsNames:
11 - 'example.com'
12 issuerRef:
13 name: letsencrypt-staging
14 ---
15 apiVersion: cert-manager.io/v1
16 kind: Certificate
17 metadata:
18 name: subs-cert
19 spec:
20 secretName: subs-cert
21 secretTemplate:
22 labels:
23 "backup.cert-manager.brainfood.com": "true"
24 dnsNames:
25 - 'test.example.com'
26 - 'auth.example.com'
27 issuerRef:
28 name: letsencrypt-staging
29 ---
30
1 apiVersion: gateway.networking.k8s.io/v1beta1
2 kind: Gateway
3 metadata:
4 name: gateway
5 spec:
6 gatewayClassName: istio
7 listeners:
8 - name: http-all
9 port: 80
10 protocol: HTTP
11 - name: https-base
12 protocol: HTTPS
13 port: 443
14 hostname: "example.com"
15 tls:
16 certificateRefs:
17 - kind: Secret
18 name: exact-cert
19 - name: https-subs
20 protocol: HTTPS
21 port: 443
22 hostname: "*.example.com"
23 tls:
24 certificateRefs:
25 - kind: Secret
26 name: subs-cert
27 ---
1 apiVersion: cert-manager.io/v1
2 kind: Issuer
3 metadata:
4 name: letsencrypt-staging
5 spec:
6 acme:
7 email: test@example.com
8 preferredChain: ISRG Root X1
9 privateKeySecretRef:
10 name: letsencrypt-account
11 server: https://acme-staging-v02.api.letsencrypt.org/directory
12 solvers:
13 - http01:
14 gatewayHTTPRoute:
15 parentRefs:
16 - group: gateway.networking.k8s.io
17 kind: Gateway
18 name: gateway
19 ---
20 apiVersion: cert-manager.io/v1
21 kind: Issuer
22 metadata:
23 name: letsencrypt-production
24 spec:
25 acme:
26 email: test@example.com
27 preferredChain: ISRG Root X1
28 privateKeySecretRef:
29 name: letsencrypt-account
30 server: https://acme-v02.api.letsencrypt.org/directory
31 solvers:
32 - http01:
33 gatewayHTTPRoute:
34 parentRefs:
35 - group: gateway.networking.k8s.io
36 kind: Gateway
37 name: gateway
38 ---
1 apiVersion: kustomize.config.k8s.io/v1beta1
2 kind: Kustomization
3
4 resources:
5 - ./gateway.yaml
6 - ./issuers.yaml
7 - ./certificates.yaml
1 name: test
2 namespace: default
3 gatewayClassName: istio
4 baseDomain: example.com
5 subDomains:
6 - auth.example.com
7 - www.example.com
8
9 letsEncrypt:
10 email: name@example.com
1 bases:
2 - ../common/environments.yaml
3
4
5 ---
6
7 releases:
8 - name: {{ .Values.name }}-gateway
9 chart: charts/gateway
10 namespace: {{ .Values.namespace }}
11 values:
12 - namePrefix: "{{ .Values.name }}-"
13
14 jsonPatches:
15 - target:
16 version: v1
17 group: cert-manager.io
18 kind: Certificate
19 namespace: {{ .Values.namespace }}
20 name: {{ .Values.name }}-exact-cert
21 patch:
22 - op: replace
23 path: /spec/dnsNames
24 value:
25 - {{ .Values.baseDomain }}
26 - target:
27 version: v1
28 group: cert-manager.io
29 kind: Certificate
30 namespace: {{ .Values.namespace }}
31 name: {{ .Values.name }}-subs-cert
32 patch:
33 - op: replace
34 path: /spec/dnsNames
35 value: {{ .Values.subDomains | toYaml | nindent 14 }}
36 - target:
37 version: v1beta1
38 group: gateway.networking.k8s.io
39 kind: Gateway
40 namespace: {{ .Values.namespace }}
41 name: {{ .Values.name }}-gateway
42 patch:
43 - op: replace
44 path: /spec/gatewayClassName
45 value: {{ .Values.gatewayClassName }}
46 - op: replace
47 path: /spec/listeners/1/hostname
48 value: {{ .Values.baseDomain }}
49 - op: replace
50 path: /spec/listeners/1/tls/certificateRefs/0/name
51 value: {{ .Values.name }}-exact-cert
52 - op: replace
53 path: /spec/listeners/2/hostname
54 value: "*.{{ .Values.baseDomain }}"
55 - op: replace
56 path: /spec/listeners/2/tls/certificateRefs/0/name
57 value: {{ .Values.name }}-subs-cert
58 - target:
59 version: v1
60 group: cert-manager.io
61 kind: Issuer
62 namespace: {{ .Values.namespace }}
63 name: {{ .Values.name }}-letsencrypt-staging
64 patch:
65 - op: replace
66 path: /spec/acme/solvers/0/http01/gatewayHTTPRoute/parentRefs/0/name
67 value: {{ .Values.name }}-gateway
68 - target:
69 version: v1
70 group: cert-manager.io
71 kind: Issuer
72 namespace: {{ .Values.namespace }}
73 name: {{ .Values.name }}-letsencrypt-production
74 patch:
75 - op: replace
76 path: /spec/acme/solvers/0/http01/gatewayHTTPRoute/parentRefs/0/name
77 value: {{ .Values.name }}-gateway
78 strategicMergePatches:
79 - apiVersion: cert-manager.io/v1
80 kind: Certificate
81 metadata:
82 namespace: {{ .Values.namespace }}
83 name: {{ .Values.name }}-exact-cert
84 spec:
85 issuerRef:
86 name: {{ .Values.name }}-letsencrypt-staging
87 secretName: {{ .Values.name }}-exact-cert
88 - apiVersion: cert-manager.io/v1
89 kind: Certificate
90 metadata:
91 namespace: {{ .Values.namespace }}
92 name: {{ .Values.name }}-subs-cert
93 spec:
94 issuerRef:
95 name: {{ .Values.name }}-letsencrypt-staging
96 secretName: {{ .Values.name }}-subs-cert
97 - apiVersion: cert-manager.io/v1
98 kind: Issuer
99 metadata:
100 namespace: {{ .Values.namespace }}
101 name: {{ .Values.name }}-letsencrypt-staging
102 spec:
103 acme:
104 email: {{ .Values.letsEncrypt.email }}
105 privateKeySecretRef:
106 name: {{ .Values.name }}-letsencrypt-account
107 - apiVersion: cert-manager.io/v1
108 kind: Issuer
109 metadata:
110 namespace: {{ .Values.namespace }}
111 name: {{ .Values.name }}-letsencrypt-production
112 spec:
113 acme:
114 email: {{ .Values.letsEncrypt.email }}
115 privateKeySecretRef:
116 name: {{ .Values.name }}-letsencrypt-account
117