add possibility for k8s apple service with selfsigned certificate

This commit is contained in:
ansgarz 2022-03-10 20:30:59 +01:00
parent e61c6236c7
commit 064243da60
8 changed files with 53 additions and 26 deletions

View file

@ -1,11 +0,0 @@
<component name="ProjectRunConfigurationManager">
<configuration default="false" name="provs-server statistics.prod" type="JetRunConfigurationType">
<option name="MAIN_CLASS_NAME" value="org.domaindrivenarchitecture.provs.server.application.ApplicationKt" />
<module name="provs.main" />
<option name="PROGRAM_PARAMETERS" value="k3s -r statistics.prod.meissa-gmbh.de -u root -k myK3sServerConfig.yaml" />
<shortenClasspath name="NONE" />
<method v="2">
<option name="Make" enabled="true" />
</method>
</configuration>
</component>

View file

@ -1,8 +1,8 @@
<component name="ProjectRunConfigurationManager">
<configuration default="false" name="provs-server statistics.dev" type="JetRunConfigurationType">
<configuration default="false" name="provs-server_k3s" type="JetRunConfigurationType">
<option name="MAIN_CLASS_NAME" value="org.domaindrivenarchitecture.provs.server.application.ApplicationKt" />
<module name="provs.main" />
<option name="PROGRAM_PARAMETERS" value="k3s -r statistics.test.meissa-gmbh.de -u root -k myK3sServerConfig.yaml" />
<option name="PROGRAM_PARAMETERS" value="k3s root@192.168.56.123 -p" />
<shortenClasspath name="NONE" />
<method v="2">
<option name="Make" enabled="true" />

View file

@ -13,7 +13,7 @@ import kotlin.system.exitProcess
*/
fun main(args: Array<String>) {
val checkedArgs = if (args.size == 0) arrayOf("-h") else args
val checkedArgs = if (args.isEmpty()) arrayOf("-h") else args
val cmd = CliArgumentsParser("java -jar provs-server.jar").parseCommand(checkedArgs)
if (!cmd.isValid()) {

View file

@ -12,9 +12,6 @@ data class K3sConfig(
val apple: Apple? = null,
val reprovision: Reprovision = false
) {
// valid only if: apple != null >> certmanager != null
fun isDualStack(): Boolean {
return node.ipv6 != null && loopback.ipv6 != null
}

View file

@ -21,7 +21,7 @@ fun Prov.provisionK3s(configFileName: ConfigFileName?) = task {
provisionK3sCertManager(k3sConfig.certmanager)
}
if (k3sConfig.apple != null && k3sConfig.apple) {
provisionK3sApple(k3sConfig.fqdn, k3sConfig.certmanager!!.letsencryptEndpoint)
provisionK3sApple(k3sConfig.fqdn, k3sConfig.certmanager?.letsencryptEndpoint)
}
ProvResult(true)
}

View file

@ -115,12 +115,28 @@ fun Prov.provisionK3sCertManager(certmanager: Certmanager) = task {
}
}
fun Prov.provisionK3sApple(fqdn: String, endpoint: CertmanagerEndpoint) = task {
fun Prov.provisionK3sApple(fqdn: String, endpoint: CertmanagerEndpoint?) = task {
val endpointName = endpoint?.name?.lowercase()
val issuer = if (endpointName != null)
endpointName
else {
createFileFromResourceTemplate(
k3sApple,
"selfsigned-certificate.template.yaml",
k3sResourcePath,
mapOf("host" to fqdn),
"644",
sudo = true
)
"selfsigned-issuer"
}
createFileFromResourceTemplate(
k3sApple,
"apple.template.yaml",
k3sResourcePath,
mapOf("fqdn" to fqdn, "issuer_name" to endpoint.name.lowercase()),
mapOf("fqdn" to fqdn, "issuer_name" to issuer),
"644",
sudo = true
)

View file

@ -4,11 +4,16 @@ import org.domaindrivenarchitecture.provs.configuration.domain.ConfigFileName
import org.domaindrivenarchitecture.provs.framework.core.readFromFile
import org.domaindrivenarchitecture.provs.framework.core.yamlToType
import org.domaindrivenarchitecture.provs.server.domain.k3s.K3sConfig
import org.domaindrivenarchitecture.provs.server.domain.k3s.Node
import java.io.File
private const val DEFAULT_CONFIG_FILE = "ServerConfig.yaml"
private const val DEFAULT_CONFIG_FILE = "server-config.yaml"
fun getK3sConfig(fileName: ConfigFileName?): K3sConfig {
return readFromFile(fileName?.fileName ?: DEFAULT_CONFIG_FILE).yamlToType()
val filename = fileName?.fileName ?: DEFAULT_CONFIG_FILE
return if (File(filename).exists()) {
readFromFile(filename).yamlToType()
} else {
K3sConfig("localhost", Node("127.0.0.1"), apple = true)
}
}

View file

@ -0,0 +1,20 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: self-signed-certificate
namespace: default
spec:
secretName: self-signed-certificate-secret
commonName: ${host}
dnsNames:
- ${host}
issuerRef:
name: selfsigned-issuer
kind: ClusterIssuer
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned-issuer
spec:
selfSigned: {}