From 1c22bfb7226849ad35b9b7999a6695c6766194be Mon Sep 17 00:00:00 2001
From: pettai <pettai@sunet.se>
Date: Tue, 12 Nov 2024 15:08:49 +0100
Subject: [PATCH] add cert-manager stuff

---
 IaC-test/securitygroup-k8s-external.tf | 14 +++++++++++++-
 k8s/cert-manager/README.md             |  6 ++++++
 k8s/cert-manager/clusterissuer.yaml    | 16 ++++++++++++++++
 3 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 k8s/cert-manager/README.md
 create mode 100644 k8s/cert-manager/clusterissuer.yaml

diff --git a/IaC-test/securitygroup-k8s-external.tf b/IaC-test/securitygroup-k8s-external.tf
index a4df848..8a55b17 100644
--- a/IaC-test/securitygroup-k8s-external.tf
+++ b/IaC-test/securitygroup-k8s-external.tf
@@ -111,7 +111,7 @@ resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_ru
   security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-sto4.id
 }
 
-# Rules sto4
+# Rules dco
 resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_rule2_v4_dco" {
   direction         = "ingress"
   ethertype         = "IPv4"
@@ -123,3 +123,15 @@ resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_ru
   security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-dco.id
 }
 
+# Rules dco
+resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_rule3_v4_dco" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = "80"
+  port_range_max    = "80"
+  provider          = openstack.dco
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-dco.id
+}
+
diff --git a/k8s/cert-manager/README.md b/k8s/cert-manager/README.md
new file mode 100644
index 0000000..ac31c61
--- /dev/null
+++ b/k8s/cert-manager/README.md
@@ -0,0 +1,6 @@
+# install cert-manager addon
+microk8s enable cert-manager
+microk8s enable ingress dns
+# init the clusterissuer
+kubectl apply -f clusterissuer.yaml
+kubectl get clusterissuer -o wide
diff --git a/k8s/cert-manager/clusterissuer.yaml b/k8s/cert-manager/clusterissuer.yaml
new file mode 100644
index 0000000..c737359
--- /dev/null
+++ b/k8s/cert-manager/clusterissuer.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt
+spec:
+ acme:
+   email: someemailaddress+element@sunet.se
+   server: https://acme-v02.api.letsencrypt.org/directory
+   privateKeySecretRef:
+     name: lets-encrypt-private-key
+   # Add a single challenge solver, HTTP01 using nginx
+   solvers:
+   - http01:
+       ingress:
+         class: public