add cert-manager stuff
This commit is contained in:
parent
46ade449bb
commit
1c22bfb722
|
@ -111,7 +111,7 @@ resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_ru
|
|||
security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-sto4.id
|
||||
}
|
||||
|
||||
# Rules sto4
|
||||
# Rules dco
|
||||
resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_rule2_v4_dco" {
|
||||
direction = "ingress"
|
||||
ethertype = "IPv4"
|
||||
|
@ -123,3 +123,15 @@ resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_ru
|
|||
security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-dco.id
|
||||
}
|
||||
|
||||
# Rules dco
|
||||
resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_rule3_v4_dco" {
|
||||
direction = "ingress"
|
||||
ethertype = "IPv4"
|
||||
protocol = "tcp"
|
||||
port_range_min = "80"
|
||||
port_range_max = "80"
|
||||
provider = openstack.dco
|
||||
remote_ip_prefix = "0.0.0.0/0"
|
||||
security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-dco.id
|
||||
}
|
||||
|
||||
|
|
6
k8s/cert-manager/README.md
Normal file
6
k8s/cert-manager/README.md
Normal file
|
@ -0,0 +1,6 @@
|
|||
# install cert-manager addon
|
||||
microk8s enable cert-manager
|
||||
microk8s enable ingress dns
|
||||
# init the clusterissuer
|
||||
kubectl apply -f clusterissuer.yaml
|
||||
kubectl get clusterissuer -o wide
|
16
k8s/cert-manager/clusterissuer.yaml
Normal file
16
k8s/cert-manager/clusterissuer.yaml
Normal file
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt
|
||||
spec:
|
||||
acme:
|
||||
email: someemailaddress+element@sunet.se
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: lets-encrypt-private-key
|
||||
# Add a single challenge solver, HTTP01 using nginx
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: public
|
Loading…
Reference in a new issue