forked from hswaw/hscloud
*: post-certmanager manifests update
Change-Id: I745c850268c31777c5722a9833c8152a55615aed Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1512 Reviewed-by: q3k <q3k@hackerspace.pl>
This commit is contained in:
parent
3dd3ff5dcd
commit
7e841065b0
24 changed files with 34 additions and 32 deletions
|
@ -93,7 +93,7 @@ local postgres = import "../../kube/postgres.libsonnet";
|
|||
metadata+: app.metadata("covid-formity") {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet": "
|
||||
location /qr1 { rewrite ^/qr1(.*)$ https://covid.hackerspace.pl$1 redirect; }
|
||||
|
|
|
@ -283,7 +283,7 @@ local redis = import "../../../kube/redis.libsonnet";
|
|||
metadata+: {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
|
|
|
@ -365,7 +365,7 @@ local coturn = import "./coturn.libsonnet";
|
|||
metadata+: {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
"nginx.ingress.kubernetes.io/use-regex": "true",
|
||||
},
|
||||
|
|
|
@ -397,7 +397,7 @@ local postgres = import "../../../kube/postgres.libsonnet";
|
|||
metadata+: app.metadata("matrix") {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
|
|
|
@ -80,7 +80,7 @@ local policies = import "../../kube/policies.libsonnet";
|
|||
metadata+: {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
},
|
||||
},
|
||||
spec+: {
|
||||
|
|
|
@ -429,7 +429,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
metadata+: ix.metadata("public") {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
|
@ -454,7 +454,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
metadata+: ix.metadata("alice") {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
|
@ -479,7 +479,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
metadata+: ix.metadata("grpc") {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"kubernetes.io/ingress.class": "nginx",
|
||||
"nginx.ingress.kubernetes.io/ssl-redirect": "true",
|
||||
"nginx.ingress.kubernetes.io/backend-protocol": "GRPC",
|
||||
|
|
|
@ -63,7 +63,7 @@ local kube = import '../../../kube/kube.libsonnet';
|
|||
metadata+: internet.metadata("frontend") {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
},
|
||||
},
|
||||
spec+: {
|
||||
|
|
|
@ -62,7 +62,7 @@ local kube = import '../../../kube/kube.libsonnet';
|
|||
metadata+: speedtest.metadata("public") {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
|
|
|
@ -127,7 +127,7 @@ local pki = import "lib/pki.libsonnet";
|
|||
verbs: ["*"],
|
||||
},
|
||||
{
|
||||
apiGroups: ["certmanager.k8s.io"],
|
||||
apiGroups: ["cert-manager.io/v1"],
|
||||
resources: ["certificates"],
|
||||
verbs: ["*"],
|
||||
},
|
||||
|
@ -205,7 +205,9 @@ local pki = import "lib/pki.libsonnet";
|
|||
privateKeySecretRef: {
|
||||
name: "letsencrypt-prod"
|
||||
},
|
||||
http01: {},
|
||||
solvers: [
|
||||
{ http01: { ingress: {} } },
|
||||
]
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
@ -286,7 +286,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
metadata+: env.metadata("registry") {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/backend-protocol": "HTTPS",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
|
|
|
@ -757,7 +757,7 @@ local oa = kube.OpenAPI;
|
|||
metadata+: cluster.metadata {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
},
|
||||
},
|
||||
spec+: {
|
||||
|
@ -1197,7 +1197,7 @@ local oa = kube.OpenAPI;
|
|||
metadata+: zonegroup.realm.cluster.metadata {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
|
|
|
@ -194,7 +194,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
metadata+: gerrit.metadata("ingress") {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
|
|
|
@ -134,7 +134,7 @@ local postgres = import "../../kube/postgres.libsonnet";
|
|||
metadata+: {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
|
@ -186,7 +186,7 @@ local postgres = import "../../kube/postgres.libsonnet";
|
|||
metadata+: {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
|
|
|
@ -64,7 +64,7 @@ local kube = import "../../kube/kube.libsonnet";
|
|||
metadata+: {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
|
|
|
@ -167,7 +167,7 @@ local redis = import "../../kube/redis.libsonnet";
|
|||
metadata+: {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
|
|
|
@ -3,13 +3,13 @@
|
|||
local kube = import "kube.upstream.libsonnet";
|
||||
|
||||
kube {
|
||||
ClusterIssuer(name): kube._Object("certmanager.k8s.io/v1alpha1", "ClusterIssuer", name) {
|
||||
ClusterIssuer(name): kube._Object("cert-manager.io/v1", "ClusterIssuer", name) {
|
||||
spec: error "spec must be defined",
|
||||
},
|
||||
Issuer(name): kube._Object("certmanager.k8s.io/v1alpha1", "Issuer", name) {
|
||||
Issuer(name): kube._Object("cert-manager.io/v1", "Issuer", name) {
|
||||
spec: error "spec must be defined",
|
||||
},
|
||||
Certificate(name): kube._Object("certmanager.k8s.io/v1alpha1", "Certificate", name) {
|
||||
Certificate(name): kube._Object("cert-manager.io/v1", "Certificate", name) {
|
||||
spec: error "spec must be defined",
|
||||
},
|
||||
# For use in PodSpec.volumes_
|
||||
|
|
|
@ -55,7 +55,7 @@ local kube = import "kube.libsonnet";
|
|||
},
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
[if env.ingressServerSnippet != null then "nginx.ingress.kubernetes.io/server-snippet"]: env.ingressServerSnippet,
|
||||
[if std.length(env.extraHeaders) > 0 then "nginx.ingress.kubernetes.io/configuration-snippet"]:
|
||||
std.join("\n", ["proxy_set_header %s;" % [h] for h in env.extraHeaders]),
|
||||
|
|
|
@ -138,7 +138,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
metadata+: {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
},
|
||||
},
|
||||
spec+: {
|
||||
|
@ -283,7 +283,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
metadata+: {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
},
|
||||
},
|
||||
spec+: {
|
||||
|
|
|
@ -108,7 +108,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
metadata+: {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
|
|
|
@ -51,7 +51,7 @@ local kube = import '../../../kube/kube.libsonnet';
|
|||
namespace: "q3k",
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
},
|
||||
},
|
||||
spec+: {
|
||||
|
|
|
@ -37,7 +37,7 @@ local kube = import "../../kube/kube.libsonnet";
|
|||
metadata+: {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
|
|
|
@ -37,7 +37,7 @@ local kube = import "../../kube/kube.libsonnet";
|
|||
namespace: "personal-q3k",
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
|
|
|
@ -276,7 +276,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
metadata+: {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
},
|
||||
},
|
||||
spec+: {
|
||||
|
|
|
@ -141,7 +141,7 @@ local kube = import '../../../kube/kube.libsonnet';
|
|||
metadata+: shells.metadata("frontend") {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
},
|
||||
},
|
||||
spec+: {
|
||||
|
|
Loading…
Reference in a new issue