Add certificates with renew

2 years ago · 0e341c98e6
parent 7345c6364a
commit 0e341c98e6
6 changed files with 57 additions and 3 deletions
--- a/src/main/cljc/dda/c4k_jitsi/core.cljc
+++ b/src/main/cljc/dda/c4k_jitsi/core.cljc
@ -17,6 +17,8 @@
 (defn k8s-objects [config]
  (map yaml/to-string
       [(jitsi/generate-secret-jitsi config)
+        (jitsi/generate-certificate-jitsi config)
+        (jitsi/generate-certificate-etherpad config)
        (jitsi/generate-jvb-service)
        (jitsi/generate-web-service)
        (jitsi/generate-etherpad-service)
--- a/src/main/cljc/dda/c4k_jitsi/jitsi.cljc
+++ b/src/main/cljc/dda/c4k_jitsi/jitsi.cljc
@ -71,4 +71,26 @@
     (yaml/from-string (yaml/load-resource "jitsi/deployment.yaml"))
     (cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn)
     (cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_URL"
-                                                  (str "https://etherpad." fqdn "/p/")))))
+                                                  (str "https://etherpad." fqdn "/p/")))))
+
+(defn generate-certificate-jitsi
+  [config]
+  (let [{:keys [fqdn issuer ingress-type]
+         :or {issuer :staging ingress-type :default}} config
+        letsencrypt-issuer (name issuer)
+        ingress-kind (if (= :default ingress-type) "" (name ingress-type))]
+    (->
+     (yaml/load-as-edn "jitsi/certificate-jitsi.yaml")
+     (assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
+     (cm/replace-all-matching-values-by-new-value "REPLACE_JITSI_FQDN" fqdn))))
+
+(defn generate-certificate-etherpad
+  [config]
+  (let [{:keys [fqdn issuer ingress-type]
+         :or {issuer :staging ingress-type :default}} config
+        letsencrypt-issuer (name issuer)
+        ingress-kind (if (= :default ingress-type) "" (name ingress-type))]
+    (->
+     (yaml/load-as-edn "jitsi/certificate-etherpad.yaml")
+     (assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
+     (cm/replace-all-matching-values-by-new-value "REPLACE_ETHERPAD_FQDN" (str "etherpad." fqdn)))))
--- a/src/main/resources/jitsi/certificate-etherpad.yaml
+++ b/src/main/resources/jitsi/certificate-etherpad.yaml
@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etherpad-cert
+  namespace: default
+spec:
+  secretName: etherpad-cert
+  commonName: REPLACE_ETHERPAD_FQDN
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  dnsNames:
+  - REPLACE_ETHERPAD_FQDN
+  issuerRef:
+    name: REPLACEME
+    kind: ClusterIssuer
--- a/src/main/resources/jitsi/certificate-jitsi.yaml
+++ b/src/main/resources/jitsi/certificate-jitsi.yaml
@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: jitsi-cert
+  namespace: default
+spec:
+  secretName: jitsi-cert
+  commonName: REPLACE_JITSI_FQDN
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  dnsNames:
+  - REPLACE_JITSI_FQDN
+  issuerRef:
+    name: REPLACEME
+    kind: ClusterIssuer
--- a/src/main/resources/jitsi/ingress-etherpad.yaml
+++ b/src/main/resources/jitsi/ingress-etherpad.yaml
@ -9,7 +9,7 @@ spec:
  tls:
  - hosts:
    - REPLACE_ETHERPAD_FQDN
-    secretName: tls-etherpad
+    secretName: etherpad-cert
  rules:
  - host: REPLACE_ETHERPAD_FQDN
    http:
--- a/src/main/resources/jitsi/ingress-jitsi.yaml
+++ b/src/main/resources/jitsi/ingress-jitsi.yaml
@ -9,7 +9,7 @@ spec:
  tls:
  - hosts:
    - REPLACE_JITSI_FQDN
-    secretName: tls-jitsi
+    secretName: jitsi-cert
  rules:
  - host: REPLACE_JITSI_FQDN
    http: