add cert-manager
This commit is contained in:
parent
84260b5e3c
commit
507dfc137d
4 changed files with 17245 additions and 3 deletions
|
@ -1,9 +1,8 @@
|
||||||
package org.domaindrivenarchitecture.provs.server.domain.k3s
|
package org.domaindrivenarchitecture.provs.server.domain.k3s
|
||||||
|
|
||||||
import org.domaindrivenarchitecture.provs.framework.core.Prov
|
import org.domaindrivenarchitecture.provs.framework.core.Prov
|
||||||
import org.domaindrivenarchitecture.provs.framework.core.ProvResult
|
import org.domaindrivenarchitecture.provs.server.infrastructure.CertManagerEndPoint
|
||||||
import org.domaindrivenarchitecture.provs.framework.core.echoCommandForText
|
import org.domaindrivenarchitecture.provs.server.infrastructure.provisionK3sCertManager
|
||||||
import org.domaindrivenarchitecture.provs.framework.ubuntu.install.base.aptInstall
|
|
||||||
import org.domaindrivenarchitecture.provs.server.infrastructure.provisionK3sInfra
|
import org.domaindrivenarchitecture.provs.server.infrastructure.provisionK3sInfra
|
||||||
import org.domaindrivenarchitecture.provs.server.infrastructure.provisionNetwork
|
import org.domaindrivenarchitecture.provs.server.infrastructure.provisionNetwork
|
||||||
|
|
||||||
|
@ -22,4 +21,5 @@ fun Prov.provisionK3s() = task {
|
||||||
provisionNetwork(loopbackIpv4 = loopbackIpv4, loopbackIpv6 = loopbackIpv6)
|
provisionNetwork(loopbackIpv4 = loopbackIpv4, loopbackIpv6 = loopbackIpv6)
|
||||||
provisionK3sInfra(tlsName = "statistics.prod.meissa-gmbh.de", nodeIpv4 = nodeIpv4, nodeIpv6 = nodeIpv6,
|
provisionK3sInfra(tlsName = "statistics.prod.meissa-gmbh.de", nodeIpv4 = nodeIpv4, nodeIpv6 = nodeIpv6,
|
||||||
loopbackIpv4 = loopbackIpv4, loopbackIpv6 = loopbackIpv6, installApple = true)
|
loopbackIpv4 = loopbackIpv4, loopbackIpv6 = loopbackIpv6, installApple = true)
|
||||||
|
provisionK3sCertManager(CertManagerEndPoint.STAGING)
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,9 +7,16 @@ import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.*
|
||||||
private const val k3sConfigFile = "/etc/rancher/k3s/config.yaml"
|
private const val k3sConfigFile = "/etc/rancher/k3s/config.yaml"
|
||||||
private const val k3sCalicoFile = "/var/lib/rancher/k3s/server/manifests/calico.yaml"
|
private const val k3sCalicoFile = "/var/lib/rancher/k3s/server/manifests/calico.yaml"
|
||||||
private const val k3sAppleFile = "/var/lib/rancher/k3s/server/manifests/apple.yaml"
|
private const val k3sAppleFile = "/var/lib/rancher/k3s/server/manifests/apple.yaml"
|
||||||
|
private const val certManagerDeployment = "/etc/rancher/k3s/certmanager.yaml"
|
||||||
|
private const val certManagerIssuer = "/etc/rancher/k3s/issuer.yaml"
|
||||||
private const val k3sInstallFile = "/usr/local/bin/k3s-install.sh"
|
private const val k3sInstallFile = "/usr/local/bin/k3s-install.sh"
|
||||||
private const val k3sResourcePath = "org/domaindrivenarchitecture/provs/infrastructure/k3s/"
|
private const val k3sResourcePath = "org/domaindrivenarchitecture/provs/infrastructure/k3s/"
|
||||||
|
|
||||||
|
enum class CertManagerEndPoint {
|
||||||
|
STAGING, PROD
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
fun Prov.testConfigExists(): Boolean {
|
fun Prov.testConfigExists(): Boolean {
|
||||||
return fileExists(k3sConfigFile)
|
return fileExists(k3sConfigFile)
|
||||||
}
|
}
|
||||||
|
@ -107,6 +114,27 @@ fun Prov.provisionK3sInfra(tlsName: String, nodeIpv4: String, loopbackIpv4: Stri
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
fun Prov.provisionK3sCertManager(endpoint: CertManagerEndPoint) = task {
|
||||||
|
createFileFromResource(
|
||||||
|
certManagerDeployment,
|
||||||
|
"cert-manager.yaml",
|
||||||
|
k3sResourcePath,
|
||||||
|
"644",
|
||||||
|
sudo = true
|
||||||
|
)
|
||||||
|
createFileFromResourceTemplate(
|
||||||
|
certManagerIssuer,
|
||||||
|
"le-issuer.template.yaml",
|
||||||
|
k3sResourcePath,
|
||||||
|
mapOf("endpoint" to endpoint.name.lowercase()),
|
||||||
|
"644",
|
||||||
|
sudo = true
|
||||||
|
)
|
||||||
|
cmd("kubectl apply -f $certManagerDeployment", sudo = true)
|
||||||
|
cmd("kubectl apply -f $certManagerIssuer", sudo = true)
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@Suppress("unused")
|
@Suppress("unused")
|
||||||
fun Prov.uninstallK3sServer() = task {
|
fun Prov.uninstallK3sServer() = task {
|
||||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -0,0 +1,15 @@
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
name: letsencrypt-${endpoint}-issuer
|
||||||
|
spec:
|
||||||
|
acme:
|
||||||
|
email: admin@meissa-gmbh.de
|
||||||
|
server: https://acme${endpoint}-v02.api.letsencrypt.org/directory
|
||||||
|
privateKeySecretRef:
|
||||||
|
name: letsencrypt-${endpoint}-account-key
|
||||||
|
solvers:
|
||||||
|
- http01:
|
||||||
|
ingress:
|
||||||
|
class: traefik
|
||||||
|
|
Loading…
Reference in a new issue