add cert-manager

2022-01-28 17:34:31 +01:00 · 2022-01-28 17:34:31 +01:00 · 507dfc137d
commit 507dfc137d
parent 84260b5e3c
4 changed files with 17245 additions and 3 deletions
--- a/src/main/kotlin/org/domaindrivenarchitecture/provs/server/domain/k3s/K3sService.kt
+++ b/src/main/kotlin/org/domaindrivenarchitecture/provs/server/domain/k3s/K3sService.kt
@ -1,9 +1,8 @@
 package org.domaindrivenarchitecture.provs.server.domain.k3s
 import org.domaindrivenarchitecture.provs.framework.core.Prov
-import org.domaindrivenarchitecture.provs.framework.core.ProvResult
+import org.domaindrivenarchitecture.provs.server.infrastructure.CertManagerEndPoint
-import org.domaindrivenarchitecture.provs.framework.core.echoCommandForText
+import org.domaindrivenarchitecture.provs.server.infrastructure.provisionK3sCertManager
 import org.domaindrivenarchitecture.provs.framework.ubuntu.install.base.aptInstall
 import org.domaindrivenarchitecture.provs.server.infrastructure.provisionK3sInfra
 import org.domaindrivenarchitecture.provs.server.infrastructure.provisionNetwork
@ -22,4 +21,5 @@ fun Prov.provisionK3s() = task {
    provisionNetwork(loopbackIpv4 = loopbackIpv4, loopbackIpv6 = loopbackIpv6)
    provisionK3sInfra(tlsName = "statistics.prod.meissa-gmbh.de", nodeIpv4 = nodeIpv4, nodeIpv6 = nodeIpv6,
        loopbackIpv4 = loopbackIpv4, loopbackIpv6 = loopbackIpv6, installApple = true)
    provisionK3sCertManager(CertManagerEndPoint.STAGING)
 }
--- a/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/K3s.kt
+++ b/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/K3s.kt
@ -7,9 +7,16 @@ import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.*
 private const val k3sConfigFile = "/etc/rancher/k3s/config.yaml"
 private const val k3sCalicoFile = "/var/lib/rancher/k3s/server/manifests/calico.yaml"
 private const val k3sAppleFile = "/var/lib/rancher/k3s/server/manifests/apple.yaml"
 private const val certManagerDeployment = "/etc/rancher/k3s/certmanager.yaml"
 private const val certManagerIssuer = "/etc/rancher/k3s/issuer.yaml"
 private const val k3sInstallFile = "/usr/local/bin/k3s-install.sh"
 private const val k3sResourcePath = "org/domaindrivenarchitecture/provs/infrastructure/k3s/"
 enum class CertManagerEndPoint {
    STAGING, PROD
 }
 fun Prov.testConfigExists(): Boolean {
    return fileExists(k3sConfigFile)
 }
@ -107,6 +114,27 @@ fun Prov.provisionK3sInfra(tlsName: String, nodeIpv4: String, loopbackIpv4: Stri
    }
 }
 fun Prov.provisionK3sCertManager(endpoint: CertManagerEndPoint) = task {
    createFileFromResource(
        certManagerDeployment,
        "cert-manager.yaml",
        k3sResourcePath,
        "644",
        sudo = true
    )
    createFileFromResourceTemplate(
        certManagerIssuer,
        "le-issuer.template.yaml",
        k3sResourcePath,
        mapOf("endpoint" to endpoint.name.lowercase()),
        "644",
        sudo = true
    )
    cmd("kubectl apply -f $certManagerDeployment", sudo = true)
    cmd("kubectl apply -f $certManagerIssuer", sudo = true)
 }
 /*
@Suppress("unused")
 fun Prov.uninstallK3sServer() = task {
--- a/src/main/resources/org/domaindrivenarchitecture/provs/infrastructure/k3s/cert-manager.yaml
+++ b/src/main/resources/org/domaindrivenarchitecture/provs/infrastructure/k3s/cert-manager.yaml
--- a/src/main/resources/org/domaindrivenarchitecture/provs/infrastructure/k3s/le-issuer.template.yaml
+++ b/src/main/resources/org/domaindrivenarchitecture/provs/infrastructure/k3s/le-issuer.template.yaml
@ -0,0 +1,15 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-${endpoint}-issuer
 spec:
  acme:
    email: admin@meissa-gmbh.de
    server: https://acme${endpoint}-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-${endpoint}-account-key
    solvers:
    - http01:
        ingress:
          class:  traefik