*: post-certmanager manifests update

Change-Id: I745c850268c31777c5722a9833c8152a55615aed
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1512
Reviewed-by: q3k <q3k@hackerspace.pl>
This commit is contained in:
informatic 2023-04-23 11:36:15 +02:00 committed by informatic
parent 3dd3ff5dcd
commit 7e841065b0
24 changed files with 34 additions and 32 deletions

View file

@ -93,7 +93,7 @@ local postgres = import "../../kube/postgres.libsonnet";
metadata+: app.metadata("covid-formity") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
"nginx.ingress.kubernetes.io/configuration-snippet": "
location /qr1 { rewrite ^/qr1(.*)$ https://covid.hackerspace.pl$1 redirect; }

View file

@ -283,7 +283,7 @@ local redis = import "../../../kube/redis.libsonnet";
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},

View file

@ -365,7 +365,7 @@ local coturn = import "./coturn.libsonnet";
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
"nginx.ingress.kubernetes.io/use-regex": "true",
},

View file

@ -397,7 +397,7 @@ local postgres = import "../../../kube/postgres.libsonnet";
metadata+: app.metadata("matrix") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},

View file

@ -80,7 +80,7 @@ local policies = import "../../kube/policies.libsonnet";
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {

View file

@ -429,7 +429,7 @@ local kube = import "../../../kube/kube.libsonnet";
metadata+: ix.metadata("public") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
@ -454,7 +454,7 @@ local kube = import "../../../kube/kube.libsonnet";
metadata+: ix.metadata("alice") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
@ -479,7 +479,7 @@ local kube = import "../../../kube/kube.libsonnet";
metadata+: ix.metadata("grpc") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"kubernetes.io/ingress.class": "nginx",
"nginx.ingress.kubernetes.io/ssl-redirect": "true",
"nginx.ingress.kubernetes.io/backend-protocol": "GRPC",

View file

@ -63,7 +63,7 @@ local kube = import '../../../kube/kube.libsonnet';
metadata+: internet.metadata("frontend") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {

View file

@ -62,7 +62,7 @@ local kube = import '../../../kube/kube.libsonnet';
metadata+: speedtest.metadata("public") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},

View file

@ -127,7 +127,7 @@ local pki = import "lib/pki.libsonnet";
verbs: ["*"],
},
{
apiGroups: ["certmanager.k8s.io"],
apiGroups: ["cert-manager.io/v1"],
resources: ["certificates"],
verbs: ["*"],
},
@ -205,7 +205,9 @@ local pki = import "lib/pki.libsonnet";
privateKeySecretRef: {
name: "letsencrypt-prod"
},
http01: {},
solvers: [
{ http01: { ingress: {} } },
]
},
},
},

View file

@ -286,7 +286,7 @@ local kube = import "../../../kube/kube.libsonnet";
metadata+: env.metadata("registry") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/backend-protocol": "HTTPS",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},

View file

@ -757,7 +757,7 @@ local oa = kube.OpenAPI;
metadata+: cluster.metadata {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {
@ -1197,7 +1197,7 @@ local oa = kube.OpenAPI;
metadata+: zonegroup.realm.cluster.metadata {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},

View file

@ -194,7 +194,7 @@ local kube = import "../../../kube/kube.libsonnet";
metadata+: gerrit.metadata("ingress") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},

View file

@ -134,7 +134,7 @@ local postgres = import "../../kube/postgres.libsonnet";
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
@ -186,7 +186,7 @@ local postgres = import "../../kube/postgres.libsonnet";
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},

View file

@ -64,7 +64,7 @@ local kube = import "../../kube/kube.libsonnet";
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},

View file

@ -167,7 +167,7 @@ local redis = import "../../kube/redis.libsonnet";
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},

View file

@ -3,13 +3,13 @@
local kube = import "kube.upstream.libsonnet";
kube {
ClusterIssuer(name): kube._Object("certmanager.k8s.io/v1alpha1", "ClusterIssuer", name) {
ClusterIssuer(name): kube._Object("cert-manager.io/v1", "ClusterIssuer", name) {
spec: error "spec must be defined",
},
Issuer(name): kube._Object("certmanager.k8s.io/v1alpha1", "Issuer", name) {
Issuer(name): kube._Object("cert-manager.io/v1", "Issuer", name) {
spec: error "spec must be defined",
},
Certificate(name): kube._Object("certmanager.k8s.io/v1alpha1", "Certificate", name) {
Certificate(name): kube._Object("cert-manager.io/v1", "Certificate", name) {
spec: error "spec must be defined",
},
# For use in PodSpec.volumes_

View file

@ -55,7 +55,7 @@ local kube = import "kube.libsonnet";
},
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
[if env.ingressServerSnippet != null then "nginx.ingress.kubernetes.io/server-snippet"]: env.ingressServerSnippet,
[if std.length(env.extraHeaders) > 0 then "nginx.ingress.kubernetes.io/configuration-snippet"]:
std.join("\n", ["proxy_set_header %s;" % [h] for h in env.extraHeaders]),

View file

@ -138,7 +138,7 @@ local kube = import "../../../kube/kube.libsonnet";
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {
@ -283,7 +283,7 @@ local kube = import "../../../kube/kube.libsonnet";
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {

View file

@ -108,7 +108,7 @@ local kube = import "../../../kube/kube.libsonnet";
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},

View file

@ -51,7 +51,7 @@ local kube = import '../../../kube/kube.libsonnet';
namespace: "q3k",
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {

View file

@ -37,7 +37,7 @@ local kube = import "../../kube/kube.libsonnet";
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},

View file

@ -37,7 +37,7 @@ local kube = import "../../kube/kube.libsonnet";
namespace: "personal-q3k",
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},

View file

@ -276,7 +276,7 @@ local kube = import "../../../kube/kube.libsonnet";
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {

View file

@ -141,7 +141,7 @@ local kube = import '../../../kube/kube.libsonnet';
metadata+: shells.metadata("frontend") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {