add cert-manager

2022-01-28 17:34:31 +01:00 · 2022-01-28 17:34:31 +01:00 · 507dfc137d
commit 507dfc137d
parent 84260b5e3c
4 changed files with 17245 additions and 3 deletions
--- a/src/main/kotlin/org/domaindrivenarchitecture/provs/server/domain/k3s/K3sService.kt
+++ b/src/main/kotlin/org/domaindrivenarchitecture/provs/server/domain/k3s/K3sService.kt
@ -1,9 +1,8 @@
 package org.domaindrivenarchitecture.provs.server.domain.k3s

 import org.domaindrivenarchitecture.provs.framework.core.Prov
-import org.domaindrivenarchitecture.provs.framework.core.ProvResult
-import org.domaindrivenarchitecture.provs.framework.core.echoCommandForText
-import org.domaindrivenarchitecture.provs.framework.ubuntu.install.base.aptInstall
+import org.domaindrivenarchitecture.provs.server.infrastructure.CertManagerEndPoint
+import org.domaindrivenarchitecture.provs.server.infrastructure.provisionK3sCertManager
 import org.domaindrivenarchitecture.provs.server.infrastructure.provisionK3sInfra
 import org.domaindrivenarchitecture.provs.server.infrastructure.provisionNetwork

@ -22,4 +21,5 @@ fun Prov.provisionK3s() = task {
    provisionNetwork(loopbackIpv4 = loopbackIpv4, loopbackIpv6 = loopbackIpv6)
    provisionK3sInfra(tlsName = "statistics.prod.meissa-gmbh.de", nodeIpv4 = nodeIpv4, nodeIpv6 = nodeIpv6,
        loopbackIpv4 = loopbackIpv4, loopbackIpv6 = loopbackIpv6, installApple = true)
+    provisionK3sCertManager(CertManagerEndPoint.STAGING)
 }
--- a/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/K3s.kt
+++ b/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/K3s.kt
@ -7,9 +7,16 @@ import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.*
 private const val k3sConfigFile = "/etc/rancher/k3s/config.yaml"
 private const val k3sCalicoFile = "/var/lib/rancher/k3s/server/manifests/calico.yaml"
 private const val k3sAppleFile = "/var/lib/rancher/k3s/server/manifests/apple.yaml"
+private const val certManagerDeployment = "/etc/rancher/k3s/certmanager.yaml"
+private const val certManagerIssuer = "/etc/rancher/k3s/issuer.yaml"
 private const val k3sInstallFile = "/usr/local/bin/k3s-install.sh"
 private const val k3sResourcePath = "org/domaindrivenarchitecture/provs/infrastructure/k3s/"

+enum class CertManagerEndPoint {
+    STAGING, PROD
+}
+
+
 fun Prov.testConfigExists(): Boolean {
    return fileExists(k3sConfigFile)
 }
@ -107,6 +114,27 @@ fun Prov.provisionK3sInfra(tlsName: String, nodeIpv4: String, loopbackIpv4: Stri
    }
 }

+
+fun Prov.provisionK3sCertManager(endpoint: CertManagerEndPoint) = task {
+    createFileFromResource(
+        certManagerDeployment,
+        "cert-manager.yaml",
+        k3sResourcePath,
+        "644",
+        sudo = true
+    )
+    createFileFromResourceTemplate(
+        certManagerIssuer,
+        "le-issuer.template.yaml",
+        k3sResourcePath,
+        mapOf("endpoint" to endpoint.name.lowercase()),
+        "644",
+        sudo = true
+    )
+    cmd("kubectl apply -f $certManagerDeployment", sudo = true)
+    cmd("kubectl apply -f $certManagerIssuer", sudo = true)
+}
+
 /*
@Suppress("unused")
 fun Prov.uninstallK3sServer() = task {
--- a/src/main/resources/org/domaindrivenarchitecture/provs/infrastructure/k3s/cert-manager.yaml
+++ b/src/main/resources/org/domaindrivenarchitecture/provs/infrastructure/k3s/cert-manager.yaml
--- a/src/main/resources/org/domaindrivenarchitecture/provs/infrastructure/k3s/le-issuer.template.yaml
+++ b/src/main/resources/org/domaindrivenarchitecture/provs/infrastructure/k3s/le-issuer.template.yaml
@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-${endpoint}-issuer
+spec:
+  acme:
+    email: admin@meissa-gmbh.de
+    server: https://acme${endpoint}-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-${endpoint}-account-key
+    solvers:
+    - http01:
+        ingress:
+          class:  traefik
+