Update specs to match cert-manager 0.15
Certificates are created automatically and not needed
This commit is contained in:
Mikhail Goncharov
parent
b22cb43579
commit
d09a194b1c
4 changed files with 10 additions and 77 deletions
|
|
@ -1,63 +0,0 @@
|
|||
# Copyright 2019 Google LLC
|
||||
#
|
||||
# Licensed under the the Apache License v2.0 with LLVM Exceptions (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://llvm.org/LICENSE.txt
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# -- staging ---------------
|
||||
apiVersion: certmanager.k8s.io/v1alpha1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: results-staging-tls-cert
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
commonName: results.staging.llvm-merge-guard.org
|
||||
secretName: results-staging-tls
|
||||
issuerRef:
|
||||
name: letsencrypt-staging
|
||||
|
||||
---
|
||||
apiVersion: certmanager.k8s.io/v1alpha1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: jenkins-staging-tls-cert
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
commonName: jenkins.staging.llvm-merge-guard.org
|
||||
secretName: jenkins-staging-tls
|
||||
issuerRef:
|
||||
name: letsencrypt-staging
|
||||
|
||||
---
|
||||
# -- prod ---------------
|
||||
apiVersion: certmanager.k8s.io/v1alpha1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: results-prod-tls-cert
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
commonName: results.llvm-merge-guard.org
|
||||
secretName: results-prod-tls
|
||||
issuerRef:
|
||||
name: letsencrypt-prod
|
||||
|
||||
---
|
||||
apiVersion: certmanager.k8s.io/v1alpha1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: jenkins-prod-tls-cert
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
commonName: jenkins.llvm-merge-guard.org
|
||||
secretName: jenkins-prod-tls
|
||||
issuerRef:
|
||||
name: letsencrypt-prod
|
||||
---
|
||||
|
|
@ -21,7 +21,7 @@ metadata:
|
|||
# static IP assignment not working. Not sure why.
|
||||
kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
|
||||
kubernetes.io/ingress.class: "nginx"
|
||||
cert-manager.io/issuer: "letsencrypt-prod"
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
nginx.ingress.kubernetes.io/auth-type: basic
|
||||
nginx.ingress.kubernetes.io/auth-secret: proxy-auth
|
||||
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - LLVM pre-merge checks"
|
||||
|
|
@ -51,7 +51,7 @@ metadata:
|
|||
# static IP assignment not working. Not sure why.
|
||||
kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
|
||||
kubernetes.io/ingress.class: "nginx"
|
||||
cert-manager.io/issuer: "letsencrypt-prod"
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
spec:
|
||||
tls:
|
||||
- secretName: results-prod-tls
|
||||
|
|
@ -74,7 +74,7 @@ spec:
|
|||
# # static IP assignment not working. Not sure why.
|
||||
# kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
|
||||
# kubernetes.io/ingress.class: "nginx"
|
||||
# cert-manager.io/issuer: "letsencrypt-staging"
|
||||
# cert-manager.io/cluster-issuer: "letsencrypt-staging"
|
||||
# nginx.ingress.kubernetes.io/auth-type: basic
|
||||
# nginx.ingress.kubernetes.io/auth-secret: proxy-auth
|
||||
# nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - LLVM pre-merge checks"
|
||||
|
|
@ -104,7 +104,7 @@ spec:
|
|||
# # static IP assignment not working. Not sure why.
|
||||
# kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
|
||||
# kubernetes.io/ingress.class: "nginx"
|
||||
# cert-manager.io/issuer: "letsencrypt-staging"
|
||||
# cert-manager.io/cluster-issuer: "letsencrypt-staging"
|
||||
# spec:
|
||||
# tls:
|
||||
# - secretName: results-staging-tls
|
||||
|
|
|
|||
|
|
@ -15,8 +15,8 @@
|
|||
# based on documentation on
|
||||
# https://github.com/jetstack/cert-manager/blob/master/docs/tutorials/acme/quick-start/index.rst
|
||||
|
||||
apiVersion: certmanager.k8s.io/v1alpha1
|
||||
kind: Issuer
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-staging
|
||||
spec:
|
||||
|
|
@ -29,11 +29,9 @@ spec:
|
|||
- http01:
|
||||
ingress:
|
||||
class: nginx
|
||||
|
||||
|
||||
---
|
||||
apiVersion: certmanager.k8s.io/v1alpha1
|
||||
kind: Issuer
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-prod
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -23,10 +23,8 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/mast
|
|||
# install certmanager based on
|
||||
# http://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html
|
||||
|
||||
kubectl create namespace cert-manager
|
||||
kubectl label namespace kube-system certmanager.k8s.io/disable-validation="true"
|
||||
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.0/cert-manager.yaml
|
||||
kubectl create clusterrolebinding cluster-admin-binding \
|
||||
--clusterrole=cluster-admin \
|
||||
--user=$(gcloud config get-value core/account)
|
||||
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.10.1/cert-manager.yaml
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue