revi-archive/llvm-premerge-checks
1
0
Fork 0
Code Activity

Updates to certificate issuer / load balancer

Browse source
This commit is contained in:
Mikhail Goncharov 2022-09-23 10:40:52 +02:00
parent 2a4f65cf9b
commit ed757c3d37
3 changed files with 25 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
docs/development.md
View file

@ -102,8 +102,16 @@ HTTP authentication and forwards all requests from load balancer to
Follow up to date docs to install [reverse Follow up to date docs to install [reverse
proxy](https://kubernetes.github.io/ingress-nginx/deploy/#gce-gke). proxy](https://kubernetes.github.io/ingress-nginx/deploy/#gce-gke).
We also have [certificate manager]( [cert-manager] is installed with helm https://cert-manager.io/docs/installation/helm/
http://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html) and
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.9.1 \
--set installCRDs=true
We also have [certificate manager](https://cert-manager.io/docs/) and
[lets-encrypt configuration](../kubernetes/cert-issuer.yaml) in place, but they are [lets-encrypt configuration](../kubernetes/cert-issuer.yaml) in place, but they are
not used at the moment and should be removed if we decide to live with static IP. not used at the moment and should be removed if we decide to live with static IP.

8
kubernetes/cert-issuer.yaml
View file

@ -15,14 +15,14 @@
# based on documentation on # based on documentation on
# https://github.com/jetstack/cert-manager/blob/master/docs/tutorials/acme/quick-start/index.rst # https://github.com/jetstack/cert-manager/blob/master/docs/tutorials/acme/quick-start/index.rst
apiVersion: cert-manager.io/v1alpha2 apiVersion: cert-manager.io/v1
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:
name: letsencrypt-staging name: letsencrypt-staging
spec: spec:
acme: acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory server: https://acme-staging-v02.api.letsencrypt.org/directory
email: kuhnel@google.com email: goncharov@google.com
privateKeySecretRef: privateKeySecretRef:
name: letsencrypt-staging name: letsencrypt-staging
solvers: solvers:
@ -30,14 +30,14 @@ spec:
ingress: ingress:
class: nginx class: nginx
--- ---
apiVersion: cert-manager.io/v1alpha2 apiVersion: cert-manager.io/v1
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:
name: letsencrypt-prod name: letsencrypt-prod
spec: spec:
acme: acme:
server: https://acme-v02.api.letsencrypt.org/directory server: https://acme-v02.api.letsencrypt.org/directory
email: kuhnel@google.com email: goncharov@google.com
privateKeySecretRef: privateKeySecretRef:
name: letsencrypt-prod name: letsencrypt-prod
solvers: solvers:

12
kubernetes/phabricator-proxy/Ingress.yaml
View file

@ -1,5 +1,5 @@
# This ingress matches ALL requests to nginx. # This ingress matches ALL requests to nginx.
apiVersion: extensions/v1beta1 apiVersion: networking.k8s.io/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: nginx-ingress-all name: nginx-ingress-all
@ -10,7 +10,17 @@ metadata:
nginx.ingress.kubernetes.io/auth-type: basic nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: http-auth nginx.ingress.kubernetes.io/auth-secret: http-auth
nginx.ingress.kubernetes.io/auth-realm: "LLVM pre-merge checks" nginx.ingress.kubernetes.io/auth-realm: "LLVM pre-merge checks"
# cert-manager
cert-manager.io/cluster-issuer: letsencrypt-staging
acme.cert-manager.io/http01-edit-in-place: "true"
# ^ cert-manager
spec: spec:
# cert-manager
tls:
- secretName: llvm-premerge-staging-cert
hosts:
- llvm-premerge.org
# ^ cert-manager
rules: rules:
- http: - http:
paths: paths: