xai-corp.net/provisioning
1
0
Fork 0
Code Issues 9 Releases Activity

setup ingress for hello-world to use https only

Browse Source
This commit is contained in:
richard
2022-08-05 08:04:37 -04:00
parent b1470afd80
commit bbc6b7818d
10 changed files with 107 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
View File

@@ -58,6 +58,7 @@ dkmanager IN A 192.168.4.11
; service domains ; service domains
cik IN CNAME dkhost cik IN CNAME dkhost
stash IN CNAME dkhost
;fs IN CNAME dkhost ;fs IN CNAME dkhost
git IN CNAME dkhost git IN CNAME dkhost
;dkui IN CNAME dkhost ;dkui IN CNAME dkhost

5
ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.prod.yaml
View File

@@ -2,11 +2,11 @@
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
metadata: metadata:
name: xai-corp name: xai-corp-production-tls
namespace: default namespace: default
spec: spec:
# Secret names are always required. # Secret names are always required.
secretName: xai-corp-staging-tls secretName: xai-corp-production-tls
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt-production
kind: ClusterIssuer kind: ClusterIssuer
@@ -19,6 +19,7 @@ spec:
- xaibox.xai-corp.net - xaibox.xai-corp.net
- sql.xai-corp.net - sql.xai-corp.net
- cik.xai-corp.net - cik.xai-corp.net
- stash.xai-corp.net
acme: acme:
config: config:
- http01: - http01:

7
ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.stg.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
metadata: metadata:
name: xai-corp name: xai-corp-staging-tls
namespace: default namespace: default
spec: spec:
# Secret names are always required. # Secret names are always required.
@@ -21,8 +21,3 @@ spec:
ingressClass: traefik ingressClass: traefik
domains: domains:
- xai-corp.net - xai-corp.net
# - http01:
# ingress: certs-ingress
# domains:
# - hello.xai-corp.net
# - sql.xai-corp.net

15
ansible-5/roles/prod.k3s/files/hello-world/configmap.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
#configmap
apiVersion: v1
kind: ConfigMap
metadata:
name: hello-world
namespace: default
data:
index.html: |
<html>
<head>
<title>Hello World!</title>
</head>
<body>Hello World!</body>
</html>

28
ansible-5/roles/prod.k3s/files/hello-world/deployment.yaml Normal file
View File

@@ -0,0 +1,28 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-world-nginx
namespace: default
spec:
selector:
matchLabels:
app: hello-world
replicas: 3
template:
metadata:
labels:
app: hello-world
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
volumeMounts:
- name: hello-world-volume
mountPath: /usr/share/nginx/html
volumes:
- name: hello-world-volume
configMap:
name: hello-world

6
ansible-5/roles/prod.k3s/files/hello-world/hello-world.html Normal file
View File

@@ -0,0 +1,6 @@
<html>
<head>
<title>Hello World!</title>
</head>
<body>Hello World!</body>
</html>

25
ansible-5/roles/prod.k3s/files/hello-world/ingress.yaml Normal file
View File

@@ -0,0 +1,25 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world
namespace: default
annotations:
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
rules:
- host: www.xai-corp.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hello-world
port:
number: 80
tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
- secretName: xai-corp-production-tls

12
ansible-5/roles/prod.k3s/files/hello-world/service.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Service
metadata:
name: hello-world
namespace: default
spec:
ports:
- port: 80
protocol: TCP
selector:
app: hello-world

14
ansible-5/roles/prod.k3s/tasks/hello-world.yaml Normal file
View File

@@ -0,0 +1,14 @@
---
# https://www.jeffgeerling.com/blog/2022/quick-hello-world-http-deployment-testing-k3s-and-traefik
- name: create hello world resources
kubernetes.core.k8s:
kubeconfig: "/etc/rancher/k3s/k3s.yaml"
state: present
definition: "{{ lookup('file', item) | from_yaml }}"
loop:
- hello-world/configmap.yaml
- hello-world/ingress.yaml
- hello-world/service.yaml
- hello-world/deployment.yaml
become: true

3
ansible-5/roles/prod.k3s/tasks/main.yml
View File

@@ -7,9 +7,10 @@
# add helm repositories # add helm repositories
#- include_tasks: add_repos.yml #- include_tasks: add_repos.yml
- include_tasks: cert_manager.yml - include_tasks: cert_manager.yml
- include_tasks: hello-world.yaml
# https://artifacthub.io/packages/helm/twuni/docker-registry # https://artifacthub.io/packages/helm/twuni/docker-registry
#- name: Deploy latest version of docker-registry in dev-tools namespace #- name: Deploy latest version of docker-registry in dev-tools namespace
# local_action: # local_action: