futureporn
/
fp
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

set letsencrypt to appropriate env
ci / build (push) Waiting to run Details

This commit is contained in:
CJ_Clippy 2024-06-28 15:59:31 -08:00
parent 4f01c341b3
commit f27b88d797
3 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
clusters/production/infrastructure.yaml
View File

@ -36,6 +36,26 @@ spec:
- op: replace - op: replace
path: /spec/acme/server path: /spec/acme/server
value: https://acme-staging-v02.api.letsencrypt.org/directory value: https://acme-staging-v02.api.letsencrypt.org/directory
- op: replace
path: /metadata/name
value: letsencrypt-staging
- op: replace
path: /spec/acme/privateKeySecretRef/name
value: letsencrypt-staging
target: target:
kind: ClusterIssuer kind: ClusterIssuer
name: letsencrypt name: letsencrypt
# - patch: |
# - op: replace
# path: /metadata/name
# value: letsencrypt-staging
# target:
# kind: ClusterIssuer
# name: letsencrypt
# - patch: |
# - op: replace
# path: /spec/acme/privateKeySecretRef/name
# value: letsencrypt-staging
# target:
# kind: ClusterIssuer
# name: letsencrypt

6
infrastructure/configs/cluster-issuers.yaml
View File

@ -1,14 +1,16 @@
## Example values are replaced using Kuztomization patches
--- ---
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:
name: letsencrypt name: letsencrypt-example
spec: spec:
acme: acme:
# Replace the email address with your own contact email # Replace the email address with your own contact email
email: cj@futureporn.net email: cj@futureporn.net
# The server is replaced in /clusters/production/infrastructure.yaml # The server is replaced in /clusters/production/infrastructure.yaml
server: https://acme-staging-v02.api.letsencrypt.org/directory server: https://example.com
privateKeySecretRef: privateKeySecretRef:
name: letsencrypt-staging name: letsencrypt-staging
solvers: solvers:

7
scripts/k8s-secrets.sh
View File

@ -30,6 +30,13 @@ kubectl --namespace cert-manager create secret generic exoscale \
--from-literal=apiKey=${EXOSCALE_API_KEY} \ --from-literal=apiKey=${EXOSCALE_API_KEY} \
--from-literal=apiSecret=${EXOSCALE_API_SECRET} --from-literal=apiSecret=${EXOSCALE_API_SECRET}
## @todo we need exoscale in two separate namespaces.
## Is it worth using secrets reflector?
kubectl --namespace futureporn delete secret exoscale --ignore-not-found
kubectl --namespace futureporn create secret generic exoscale \
--from-literal=apiKey=${EXOSCALE_API_KEY} \
--from-literal=apiSecret=${EXOSCALE_API_SECRET}
kubectl --namespace futureporn delete secret grafana --ignore-not-found kubectl --namespace futureporn delete secret grafana --ignore-not-found
kubectl --namespace futureporn create secret generic grafana \ kubectl --namespace futureporn create secret generic grafana \
--from-literal=admin-user=${GRAFANA_USERNAME} \ --from-literal=admin-user=${GRAFANA_USERNAME} \