add cert-manager

This commit is contained in:
ansgarz 2022-01-28 17:34:31 +01:00
parent 84260b5e3c
commit 507dfc137d
4 changed files with 17245 additions and 3 deletions

View file

@ -1,9 +1,8 @@
package org.domaindrivenarchitecture.provs.server.domain.k3s
import org.domaindrivenarchitecture.provs.framework.core.Prov
import org.domaindrivenarchitecture.provs.framework.core.ProvResult
import org.domaindrivenarchitecture.provs.framework.core.echoCommandForText
import org.domaindrivenarchitecture.provs.framework.ubuntu.install.base.aptInstall
import org.domaindrivenarchitecture.provs.server.infrastructure.CertManagerEndPoint
import org.domaindrivenarchitecture.provs.server.infrastructure.provisionK3sCertManager
import org.domaindrivenarchitecture.provs.server.infrastructure.provisionK3sInfra
import org.domaindrivenarchitecture.provs.server.infrastructure.provisionNetwork
@ -22,4 +21,5 @@ fun Prov.provisionK3s() = task {
provisionNetwork(loopbackIpv4 = loopbackIpv4, loopbackIpv6 = loopbackIpv6)
provisionK3sInfra(tlsName = "statistics.prod.meissa-gmbh.de", nodeIpv4 = nodeIpv4, nodeIpv6 = nodeIpv6,
loopbackIpv4 = loopbackIpv4, loopbackIpv6 = loopbackIpv6, installApple = true)
provisionK3sCertManager(CertManagerEndPoint.STAGING)
}

View file

@ -7,9 +7,16 @@ import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.*
private const val k3sConfigFile = "/etc/rancher/k3s/config.yaml"
private const val k3sCalicoFile = "/var/lib/rancher/k3s/server/manifests/calico.yaml"
private const val k3sAppleFile = "/var/lib/rancher/k3s/server/manifests/apple.yaml"
private const val certManagerDeployment = "/etc/rancher/k3s/certmanager.yaml"
private const val certManagerIssuer = "/etc/rancher/k3s/issuer.yaml"
private const val k3sInstallFile = "/usr/local/bin/k3s-install.sh"
private const val k3sResourcePath = "org/domaindrivenarchitecture/provs/infrastructure/k3s/"
enum class CertManagerEndPoint {
STAGING, PROD
}
fun Prov.testConfigExists(): Boolean {
return fileExists(k3sConfigFile)
}
@ -107,6 +114,27 @@ fun Prov.provisionK3sInfra(tlsName: String, nodeIpv4: String, loopbackIpv4: Stri
}
}
fun Prov.provisionK3sCertManager(endpoint: CertManagerEndPoint) = task {
createFileFromResource(
certManagerDeployment,
"cert-manager.yaml",
k3sResourcePath,
"644",
sudo = true
)
createFileFromResourceTemplate(
certManagerIssuer,
"le-issuer.template.yaml",
k3sResourcePath,
mapOf("endpoint" to endpoint.name.lowercase()),
"644",
sudo = true
)
cmd("kubectl apply -f $certManagerDeployment", sudo = true)
cmd("kubectl apply -f $certManagerIssuer", sudo = true)
}
/*
@Suppress("unused")
fun Prov.uninstallK3sServer() = task {

View file

@ -0,0 +1,15 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-${endpoint}-issuer
spec:
acme:
email: admin@meissa-gmbh.de
server: https://acme${endpoint}-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-${endpoint}-account-key
solvers:
- http01:
ingress:
class: traefik