add possibility for k8s apple service with selfsigned certificate

This commit is contained in:
ansgarz 2022-03-10 20:30:59 +01:00
parent e61c6236c7
commit 064243da60
8 changed files with 53 additions and 26 deletions

View file

@ -1,11 +0,0 @@
<component name="ProjectRunConfigurationManager">
<configuration default="false" name="provs-server statistics.prod" type="JetRunConfigurationType">
<option name="MAIN_CLASS_NAME" value="org.domaindrivenarchitecture.provs.server.application.ApplicationKt" />
<module name="provs.main" />
<option name="PROGRAM_PARAMETERS" value="k3s -r statistics.prod.meissa-gmbh.de -u root -k myK3sServerConfig.yaml" />
<shortenClasspath name="NONE" />
<method v="2">
<option name="Make" enabled="true" />
</method>
</configuration>
</component>

View file

@ -1,8 +1,8 @@
<component name="ProjectRunConfigurationManager"> <component name="ProjectRunConfigurationManager">
<configuration default="false" name="provs-server statistics.dev" type="JetRunConfigurationType"> <configuration default="false" name="provs-server_k3s" type="JetRunConfigurationType">
<option name="MAIN_CLASS_NAME" value="org.domaindrivenarchitecture.provs.server.application.ApplicationKt" /> <option name="MAIN_CLASS_NAME" value="org.domaindrivenarchitecture.provs.server.application.ApplicationKt" />
<module name="provs.main" /> <module name="provs.main" />
<option name="PROGRAM_PARAMETERS" value="k3s -r statistics.test.meissa-gmbh.de -u root -k myK3sServerConfig.yaml" /> <option name="PROGRAM_PARAMETERS" value="k3s root@192.168.56.123 -p" />
<shortenClasspath name="NONE" /> <shortenClasspath name="NONE" />
<method v="2"> <method v="2">
<option name="Make" enabled="true" /> <option name="Make" enabled="true" />

View file

@ -13,7 +13,7 @@ import kotlin.system.exitProcess
*/ */
fun main(args: Array<String>) { fun main(args: Array<String>) {
val checkedArgs = if (args.size == 0) arrayOf("-h") else args val checkedArgs = if (args.isEmpty()) arrayOf("-h") else args
val cmd = CliArgumentsParser("java -jar provs-server.jar").parseCommand(checkedArgs) val cmd = CliArgumentsParser("java -jar provs-server.jar").parseCommand(checkedArgs)
if (!cmd.isValid()) { if (!cmd.isValid()) {

View file

@ -12,9 +12,6 @@ data class K3sConfig(
val apple: Apple? = null, val apple: Apple? = null,
val reprovision: Reprovision = false val reprovision: Reprovision = false
) { ) {
// valid only if: apple != null >> certmanager != null
fun isDualStack(): Boolean { fun isDualStack(): Boolean {
return node.ipv6 != null && loopback.ipv6 != null return node.ipv6 != null && loopback.ipv6 != null
} }

View file

@ -21,7 +21,7 @@ fun Prov.provisionK3s(configFileName: ConfigFileName?) = task {
provisionK3sCertManager(k3sConfig.certmanager) provisionK3sCertManager(k3sConfig.certmanager)
} }
if (k3sConfig.apple != null && k3sConfig.apple) { if (k3sConfig.apple != null && k3sConfig.apple) {
provisionK3sApple(k3sConfig.fqdn, k3sConfig.certmanager!!.letsencryptEndpoint) provisionK3sApple(k3sConfig.fqdn, k3sConfig.certmanager?.letsencryptEndpoint)
} }
ProvResult(true) ProvResult(true)
} }

View file

@ -78,7 +78,7 @@ fun Prov.provisionK3sInfra(k3sConfig: K3sConfig) = task {
"644", "644",
sudo = true sudo = true
) )
cmd ("kubectl apply -f $k3sTraeficWorkaround", sudo = true) cmd("kubectl apply -f $k3sTraeficWorkaround", sudo = true)
} else { } else {
ProvResult(true) ProvResult(true)
} }
@ -97,7 +97,7 @@ fun Prov.provisionK3sCertManager(certmanager: Certmanager) = task {
"644", "644",
sudo = true sudo = true
) )
cmd ("kubectl apply -f $certManagerDeployment", sudo = true) cmd("kubectl apply -f $certManagerDeployment", sudo = true)
createFileFromResourceTemplate( createFileFromResourceTemplate(
certManagerIssuer, certManagerIssuer,
"le-issuer.template.yaml", "le-issuer.template.yaml",
@ -115,12 +115,28 @@ fun Prov.provisionK3sCertManager(certmanager: Certmanager) = task {
} }
} }
fun Prov.provisionK3sApple(fqdn: String, endpoint: CertmanagerEndpoint) = task { fun Prov.provisionK3sApple(fqdn: String, endpoint: CertmanagerEndpoint?) = task {
val endpointName = endpoint?.name?.lowercase()
val issuer = if (endpointName != null)
endpointName
else {
createFileFromResourceTemplate(
k3sApple,
"selfsigned-certificate.template.yaml",
k3sResourcePath,
mapOf("host" to fqdn),
"644",
sudo = true
)
"selfsigned-issuer"
}
createFileFromResourceTemplate( createFileFromResourceTemplate(
k3sApple, k3sApple,
"apple.template.yaml", "apple.template.yaml",
k3sResourcePath, k3sResourcePath,
mapOf("fqdn" to fqdn, "issuer_name" to endpoint.name.lowercase()), mapOf("fqdn" to fqdn, "issuer_name" to issuer),
"644", "644",
sudo = true sudo = true
) )

View file

@ -4,11 +4,16 @@ import org.domaindrivenarchitecture.provs.configuration.domain.ConfigFileName
import org.domaindrivenarchitecture.provs.framework.core.readFromFile import org.domaindrivenarchitecture.provs.framework.core.readFromFile
import org.domaindrivenarchitecture.provs.framework.core.yamlToType import org.domaindrivenarchitecture.provs.framework.core.yamlToType
import org.domaindrivenarchitecture.provs.server.domain.k3s.K3sConfig import org.domaindrivenarchitecture.provs.server.domain.k3s.K3sConfig
import org.domaindrivenarchitecture.provs.server.domain.k3s.Node
import java.io.File
private const val DEFAULT_CONFIG_FILE = "server-config.yaml"
private const val DEFAULT_CONFIG_FILE = "ServerConfig.yaml"
fun getK3sConfig(fileName: ConfigFileName?): K3sConfig { fun getK3sConfig(fileName: ConfigFileName?): K3sConfig {
return readFromFile(fileName?.fileName ?: DEFAULT_CONFIG_FILE).yamlToType() val filename = fileName?.fileName ?: DEFAULT_CONFIG_FILE
return if (File(filename).exists()) {
readFromFile(filename).yamlToType()
} else {
K3sConfig("localhost", Node("127.0.0.1"), apple = true)
}
} }

View file

@ -0,0 +1,20 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: self-signed-certificate
namespace: default
spec:
secretName: self-signed-certificate-secret
commonName: ${host}
dnsNames:
- ${host}
issuerRef:
name: selfsigned-issuer
kind: ClusterIssuer
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned-issuer
spec:
selfSigned: {}