diff --git a/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 b/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
index 625f0eb..35a44ff 100644
--- a/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
+++ b/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
@@ -58,6 +58,7 @@ dkmanager IN A 192.168.4.11
; service domains
cik IN CNAME dkhost
+stash IN CNAME dkhost
;fs IN CNAME dkhost
git IN CNAME dkhost
;dkui IN CNAME dkhost
diff --git a/ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.prod.yaml b/ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.prod.yaml
index ce6cdcf..5ea8785 100644
--- a/ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.prod.yaml
+++ b/ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.prod.yaml
@@ -2,11 +2,11 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
- name: xai-corp
+ name: xai-corp-production-tls
namespace: default
spec:
# Secret names are always required.
- secretName: xai-corp-staging-tls
+ secretName: xai-corp-production-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
@@ -19,6 +19,7 @@ spec:
- xaibox.xai-corp.net
- sql.xai-corp.net
- cik.xai-corp.net
+ - stash.xai-corp.net
acme:
config:
- http01:
diff --git a/ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.stg.yaml b/ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.stg.yaml
index 01239e9..017a3a1 100644
--- a/ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.stg.yaml
+++ b/ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.stg.yaml
@@ -2,7 +2,7 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
- name: xai-corp
+ name: xai-corp-staging-tls
namespace: default
spec:
# Secret names are always required.
@@ -21,8 +21,3 @@ spec:
ingressClass: traefik
domains:
- xai-corp.net
-# - http01:
-# ingress: certs-ingress
-# domains:
-# - hello.xai-corp.net
-# - sql.xai-corp.net
diff --git a/ansible-5/roles/prod.k3s/files/hello-world/configmap.yaml b/ansible-5/roles/prod.k3s/files/hello-world/configmap.yaml
new file mode 100644
index 0000000..545586a
--- /dev/null
+++ b/ansible-5/roles/prod.k3s/files/hello-world/configmap.yaml
@@ -0,0 +1,15 @@
+---
+#configmap
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: hello-world
+ namespace: default
+data:
+ index.html: |
+
+
+ Hello World!
+
+ Hello World!
+
diff --git a/ansible-5/roles/prod.k3s/files/hello-world/deployment.yaml b/ansible-5/roles/prod.k3s/files/hello-world/deployment.yaml
new file mode 100644
index 0000000..1f88f31
--- /dev/null
+++ b/ansible-5/roles/prod.k3s/files/hello-world/deployment.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: hello-world-nginx
+ namespace: default
+spec:
+ selector:
+ matchLabels:
+ app: hello-world
+ replicas: 3
+ template:
+ metadata:
+ labels:
+ app: hello-world
+ spec:
+ containers:
+ - name: nginx
+ image: nginx
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - name: hello-world-volume
+ mountPath: /usr/share/nginx/html
+ volumes:
+ - name: hello-world-volume
+ configMap:
+ name: hello-world
diff --git a/ansible-5/roles/prod.k3s/files/hello-world/hello-world.html b/ansible-5/roles/prod.k3s/files/hello-world/hello-world.html
new file mode 100644
index 0000000..15268bd
--- /dev/null
+++ b/ansible-5/roles/prod.k3s/files/hello-world/hello-world.html
@@ -0,0 +1,6 @@
+
+
+ Hello World!
+
+Hello World!
+
diff --git a/ansible-5/roles/prod.k3s/files/hello-world/ingress.yaml b/ansible-5/roles/prod.k3s/files/hello-world/ingress.yaml
new file mode 100644
index 0000000..b13fa6f
--- /dev/null
+++ b/ansible-5/roles/prod.k3s/files/hello-world/ingress.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: hello-world
+ namespace: default
+ annotations:
+ kubernetes.io/ingress.class: "traefik"
+ traefik.ingress.kubernetes.io/router.entrypoints: websecure
+ traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+ rules:
+ - host: www.xai-corp.net
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: hello-world
+ port:
+ number: 80
+
+ tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
+ - secretName: xai-corp-production-tls
diff --git a/ansible-5/roles/prod.k3s/files/hello-world/service.yaml b/ansible-5/roles/prod.k3s/files/hello-world/service.yaml
new file mode 100644
index 0000000..4d2e7ca
--- /dev/null
+++ b/ansible-5/roles/prod.k3s/files/hello-world/service.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: hello-world
+ namespace: default
+spec:
+ ports:
+ - port: 80
+ protocol: TCP
+ selector:
+ app: hello-world
diff --git a/ansible-5/roles/prod.k3s/tasks/hello-world.yaml b/ansible-5/roles/prod.k3s/tasks/hello-world.yaml
new file mode 100644
index 0000000..dee582f
--- /dev/null
+++ b/ansible-5/roles/prod.k3s/tasks/hello-world.yaml
@@ -0,0 +1,14 @@
+---
+# https://www.jeffgeerling.com/blog/2022/quick-hello-world-http-deployment-testing-k3s-and-traefik
+
+- name: create hello world resources
+ kubernetes.core.k8s:
+ kubeconfig: "/etc/rancher/k3s/k3s.yaml"
+ state: present
+ definition: "{{ lookup('file', item) | from_yaml }}"
+ loop:
+ - hello-world/configmap.yaml
+ - hello-world/ingress.yaml
+ - hello-world/service.yaml
+ - hello-world/deployment.yaml
+ become: true
diff --git a/ansible-5/roles/prod.k3s/tasks/main.yml b/ansible-5/roles/prod.k3s/tasks/main.yml
index 498c00e..9e34124 100644
--- a/ansible-5/roles/prod.k3s/tasks/main.yml
+++ b/ansible-5/roles/prod.k3s/tasks/main.yml
@@ -7,9 +7,10 @@
# add helm repositories
#- include_tasks: add_repos.yml
-
- include_tasks: cert_manager.yml
+- include_tasks: hello-world.yaml
+
# https://artifacthub.io/packages/helm/twuni/docker-registry
#- name: Deploy latest version of docker-registry in dev-tools namespace
# local_action: