From 09d137b0921ec4e0f0901569b43ce2411e29b8c1 Mon Sep 17 00:00:00 2001 From: Liam Date: Sat, 21 Sep 2024 22:26:30 +0100 Subject: [PATCH] add cert-manager --- apps/base/traefik/kustomization.yaml | 7 ------ .../certificates/fascinated-cc.yml | 15 ++++++++++++ .../certificates/local-fascinated-cc.yml | 14 +++++++++++ .../cert-manager/certificates/mcutils-xyz.yml | 15 ++++++++++++ apps/production/cert-manager/issuer.yml | 23 +++++++++++++++++++ .../cert-manager/kustomization.yaml | 8 +++++++ apps/production/cert-manager/namespace.yaml | 5 ++++ apps/production/traefik/kustomization.yaml | 7 +++--- apps/{base => production}/traefik/rbac.yaml | 0 .../traefik/service.yaml} | 1 - apps/production/traefik/traefik-patch.yaml | 23 ------------------- .../{base => production}/traefik/traefik.yaml | 9 ++++++-- 12 files changed, 90 insertions(+), 37 deletions(-) delete mode 100644 apps/base/traefik/kustomization.yaml create mode 100644 apps/production/cert-manager/certificates/fascinated-cc.yml create mode 100644 apps/production/cert-manager/certificates/local-fascinated-cc.yml create mode 100644 apps/production/cert-manager/certificates/mcutils-xyz.yml create mode 100644 apps/production/cert-manager/issuer.yml create mode 100644 apps/production/cert-manager/kustomization.yaml create mode 100644 apps/production/cert-manager/namespace.yaml rename apps/{base => production}/traefik/rbac.yaml (100%) rename apps/{base/traefik/svc.yaml => production/traefik/service.yaml} (93%) delete mode 100644 apps/production/traefik/traefik-patch.yaml rename apps/{base => production}/traefik/traefik.yaml (79%) diff --git a/apps/base/traefik/kustomization.yaml b/apps/base/traefik/kustomization.yaml deleted file mode 100644 index 056e8a3..0000000 --- a/apps/base/traefik/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - rbac.yaml - - traefik.yaml - - svc.yaml diff --git a/apps/production/cert-manager/certificates/fascinated-cc.yml b/apps/production/cert-manager/certificates/fascinated-cc.yml new file mode 100644 index 0000000..45dd1e1 --- /dev/null +++ b/apps/production/cert-manager/certificates/fascinated-cc.yml @@ -0,0 +1,15 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: fascinated-cc + namespace: traefik +spec: + secretName: fascinated-cc + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "*.fascinated.cc" + dnsNames: + - "fascinated.cc" + - "*.fascinated.cc" diff --git a/apps/production/cert-manager/certificates/local-fascinated-cc.yml b/apps/production/cert-manager/certificates/local-fascinated-cc.yml new file mode 100644 index 0000000..af9dc2b --- /dev/null +++ b/apps/production/cert-manager/certificates/local-fascinated-cc.yml @@ -0,0 +1,14 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: local-fascinated-cc + namespace: traefik +spec: + secretName: local-fascinated-cc + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "*.local.fascinated.cc" + dnsNames: + - "*.local.fascinated.cc" diff --git a/apps/production/cert-manager/certificates/mcutils-xyz.yml b/apps/production/cert-manager/certificates/mcutils-xyz.yml new file mode 100644 index 0000000..a955591 --- /dev/null +++ b/apps/production/cert-manager/certificates/mcutils-xyz.yml @@ -0,0 +1,15 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: mcutils-xyz + namespace: traefik +spec: + secretName: mcutils-xyz + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "*.mcutils.xyz" + dnsNames: + - "mcutils.xyz" + - "*.mcutils.xyz" diff --git a/apps/production/cert-manager/issuer.yml b/apps/production/cert-manager/issuer.yml new file mode 100644 index 0000000..e9a4f7c --- /dev/null +++ b/apps/production/cert-manager/issuer.yml @@ -0,0 +1,23 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production + namespace: cert-manager +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: liam@fascinated.cc + privateKeySecretRef: + name: letsencrypt-production + solvers: + - dns01: + cloudflare: + email: liam@fascinated.cc + apiTokenSecretRef: + name: cloudflare-token-secret + key: cloudflare-token + selector: + dnsZones: + - "fascinated.cc" + - "mcutils.xyz" diff --git a/apps/production/cert-manager/kustomization.yaml b/apps/production/cert-manager/kustomization.yaml new file mode 100644 index 0000000..e95818b --- /dev/null +++ b/apps/production/cert-manager/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cert-manager +resources: + - namespace.yaml + - certificates/*.yaml + - issuers.yaml diff --git a/apps/production/cert-manager/namespace.yaml b/apps/production/cert-manager/namespace.yaml new file mode 100644 index 0000000..6bc19f4 --- /dev/null +++ b/apps/production/cert-manager/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager diff --git a/apps/production/traefik/kustomization.yaml b/apps/production/traefik/kustomization.yaml index 00f9e9a..32d350d 100644 --- a/apps/production/traefik/kustomization.yaml +++ b/apps/production/traefik/kustomization.yaml @@ -4,7 +4,6 @@ kind: Kustomization namespace: traefik-production resources: - namespace.yaml - - ../../base/traefik - -patchesStrategicMerge: - - traefik-patch.yaml + - rbac.yaml + - traefik.yaml + - service.yaml diff --git a/apps/base/traefik/rbac.yaml b/apps/production/traefik/rbac.yaml similarity index 100% rename from apps/base/traefik/rbac.yaml rename to apps/production/traefik/rbac.yaml diff --git a/apps/base/traefik/svc.yaml b/apps/production/traefik/service.yaml similarity index 93% rename from apps/base/traefik/svc.yaml rename to apps/production/traefik/service.yaml index 725f450..56a089e 100644 --- a/apps/base/traefik/svc.yaml +++ b/apps/production/traefik/service.yaml @@ -12,7 +12,6 @@ spec: app.kubernetes.io/name: traefik type: LoadBalancer loadBalancerIP: 10.0.69.250 - externalTrafficPolicy: Local ports: - port: 80 name: web diff --git a/apps/production/traefik/traefik-patch.yaml b/apps/production/traefik/traefik-patch.yaml deleted file mode 100644 index 2b3de6a..0000000 --- a/apps/production/traefik/traefik-patch.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: traefik -spec: - template: - spec: - containers: - - name: traefik - args: - - "--entryPoints.web.address=:8000/tcp" - - "--entryPoints.websecure.address=:8443/tcp" - - "--ping=true" - - "--global.sendanonymoususage=false" - - "--global.checknewversion=false" - - "--serversTransport.insecureSkipVerify=true" - - "--log.level=INFO" - - "--providers.kubernetescrd" - - "--providers.kubernetescrd.allowCrossNamespace=true" - - "--providers.kubernetescrd.allowExternalNameServices=true" - - "--providers.kubernetesingress.allowCrossNamespace=true" - - "--providers.kubernetesingress.allowExternalNameServices=true" diff --git a/apps/base/traefik/traefik.yaml b/apps/production/traefik/traefik.yaml similarity index 79% rename from apps/base/traefik/traefik.yaml rename to apps/production/traefik/traefik.yaml index f7a2250..d13764c 100644 --- a/apps/base/traefik/traefik.yaml +++ b/apps/production/traefik/traefik.yaml @@ -26,11 +26,16 @@ spec: args: - "--entryPoints.web.address=:8000/tcp" - "--entryPoints.websecure.address=:8443/tcp" - - "--api=true" - - "--api.dashboard=true" - "--ping=true" + - "--global.sendanonymoususage=false" + - "--global.checknewversion=false" + - "--serversTransport.insecureSkipVerify=true" + - "--log.level=INFO" - "--providers.kubernetescrd" - "--providers.kubernetescrd.allowCrossNamespace=true" + - "--providers.kubernetescrd.allowExternalNameServices=true" + - "--providers.kubernetesingress.allowCrossNamespace=true" + - "--providers.kubernetesingress.allowExternalNameServices=true" readinessProbe: httpGet: path: /ping