add cert-manager stuff

IaC-test/securitygroup-k8s-external.tf

@@ -111,7 +111,7 @@ resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_ru
   security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-sto4.id
 }
 
-# Rules sto4
+# Rules dco
 resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_rule2_v4_dco" {
   direction         = "ingress"
   ethertype         = "IPv4"
@@ -123,3 +123,15 @@ resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_ru
   security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-dco.id
 }
 
+# Rules dco
+resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_rule3_v4_dco" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = "80"
+  port_range_max    = "80"
+  provider          = openstack.dco
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-dco.id
+}
+

k8s/cert-manager/README.md

@@ -0,0 +1,6 @@
+# install cert-manager addon
+microk8s enable cert-manager
+microk8s enable ingress dns
+# init the clusterissuer
+kubectl apply -f clusterissuer.yaml
+kubectl get clusterissuer -o wide

k8s/cert-manager/clusterissuer.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt
+spec:
+ acme:
+   email: someemailaddress+element@sunet.se
+   server: https://acme-v02.api.letsencrypt.org/directory
+   privateKeySecretRef:
+     name: lets-encrypt-private-key
+   # Add a single challenge solver, HTTP01 using nginx
+   solvers:
+   - http01:
+       ingress:
+         class: public