Setup Ingress resource and cert-manager integration

This commit is contained in:
Rob Watson 2022-05-11 03:10:48 +02:00
parent af6c8e118f
commit 025bc425d8
13 changed files with 87 additions and 0 deletions

View File

@ -0,0 +1,6 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: cluster-issuer-selfsigned
spec:
selfSigned: {}

18
deploy/base/ingress.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
spec:
ingressClassName: nginx
# NOTE: overlays depend on the order of rule entries.
rules:
- host: grafana
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: grafana
port:
name: service

View File

@ -59,3 +59,5 @@ resources:
- inflated/grafana/templates/podsecuritypolicy.yaml - inflated/grafana/templates/podsecuritypolicy.yaml
- inflated/grafana/templates/configmap.yaml - inflated/grafana/templates/configmap.yaml
- inflated/grafana/templates/clusterrolebinding.yaml - inflated/grafana/templates/clusterrolebinding.yaml
- ingress.yaml

View File

@ -5,3 +5,6 @@
- op: replace - op: replace
path: /spec/template/spec/containers/0/args/5 path: /spec/template/spec/containers/0/args/5
value: "--configmap=$(POD_NAMESPACE)/dev-ingress-nginx-controller" value: "--configmap=$(POD_NAMESPACE)/dev-ingress-nginx-controller"
- op: replace
path: /spec/template/spec/volumes/0/secret/secretName
value: dev-ingress-nginx-admission

15
deploy/dev/ingress.yaml Normal file
View File

@ -0,0 +1,15 @@
- op: replace
path: /spec/ingressClassName
value: dev-nginx
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: cluster-issuer-selfsigned
- op: replace
path: /spec/tls
value:
- hosts:
- grafana.local
- op: replace
path: /spec/rules/0/host
value: grafana.local

View File

@ -2,3 +2,6 @@
- op: replace - op: replace
path: /spec/template/spec/containers/0/args/1 path: /spec/template/spec/containers/0/args/1
value: "--host=dev-ingress-nginx-controller-admission,dev-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc" value: "--host=dev-ingress-nginx-controller-admission,dev-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc"
- op: replace
path: /spec/template/spec/containers/0/args/3
value: "--secret-name=dev-ingress-nginx-admission"

View File

@ -2,3 +2,6 @@
- op: replace - op: replace
path: /spec/template/spec/containers/0/args/1 path: /spec/template/spec/containers/0/args/1
value: "--webhook-name=dev-ingress-nginx-admission" value: "--webhook-name=dev-ingress-nginx-admission"
- op: replace
path: /spec/template/spec/containers/0/args/4
value: "--secret-name=dev-ingress-nginx-admission"

View File

@ -55,6 +55,12 @@ patches:
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
path: job-ingress-nginx-admission-patch.yaml path: job-ingress-nginx-admission-patch.yaml
# Patch the ingress resource with stage-specific hostnames:
- target:
kind: Ingress
name: ingress
path: ingress.yaml
# Patch Grafana deployment to inject PostgreSQL credentials: # Patch Grafana deployment to inject PostgreSQL credentials:
- target: - target:
kind: Deployment kind: Deployment

View File

@ -5,3 +5,6 @@
- op: replace - op: replace
path: /spec/template/spec/containers/0/args/5 path: /spec/template/spec/containers/0/args/5
value: "--configmap=$(POD_NAMESPACE)/prod-ingress-nginx-controller" value: "--configmap=$(POD_NAMESPACE)/prod-ingress-nginx-controller"
- op: replace
path: /spec/template/spec/volumes/0/secret/secretName
value: prod-ingress-nginx-admission

16
deploy/prod/ingress.yaml Normal file
View File

@ -0,0 +1,16 @@
- op: replace
path: /spec/ingressClassName
value: prod-nginx
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: letsencrypt-production
- op: replace
path: /spec/tls
value:
- hosts:
- grafana.netflux.io
secretName: prod-ingress-tls
- op: replace
path: /spec/rules/0/host
value: grafana.netflux.io

View File

@ -2,3 +2,6 @@
- op: replace - op: replace
path: /spec/template/spec/containers/0/args/1 path: /spec/template/spec/containers/0/args/1
value: "--host=prod-ingress-nginx-controller-admission,prod-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc" value: "--host=prod-ingress-nginx-controller-admission,prod-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc"
- op: replace
path: /spec/template/spec/containers/0/args/3
value: "--secret-name=prod-ingress-nginx-admission"

View File

@ -2,3 +2,6 @@
- op: replace - op: replace
path: /spec/template/spec/containers/0/args/1 path: /spec/template/spec/containers/0/args/1
value: "--webhook-name=prod-ingress-nginx-admission" value: "--webhook-name=prod-ingress-nginx-admission"
- op: replace
path: /spec/template/spec/containers/0/args/4
value: "--secret-name=prod-ingress-nginx-admission"

View File

@ -46,6 +46,12 @@ patches:
name: ingress-nginx-admission-patch name: ingress-nginx-admission-patch
path: job-ingress-nginx-admission-patch.yaml path: job-ingress-nginx-admission-patch.yaml
# Patch the ingress resource with stage-specific hostnames:
- target:
kind: Ingress
name: ingress
path: ingress.yaml
# Patch prometheus-server pod to mount the secrets volume. # Patch prometheus-server pod to mount the secrets volume.
- target: - target:
kind: Deployment kind: Deployment