1
0
Fork 0

Merge pull request #179 from google/update-cert-manager

Update specs to match cert-manager 0.15
This commit is contained in:
Mikhail Goncharov 2020-05-07 14:40:43 +02:00 committed by GitHub
commit edc77c6e48
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 77 deletions

View file

@ -1,63 +0,0 @@
# Copyright 2019 Google LLC
#
# Licensed under the the Apache License v2.0 with LLVM Exceptions (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://llvm.org/LICENSE.txt
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# -- staging ---------------
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: results-staging-tls-cert
namespace: cert-manager
spec:
commonName: results.staging.llvm-merge-guard.org
secretName: results-staging-tls
issuerRef:
name: letsencrypt-staging
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: jenkins-staging-tls-cert
namespace: cert-manager
spec:
commonName: jenkins.staging.llvm-merge-guard.org
secretName: jenkins-staging-tls
issuerRef:
name: letsencrypt-staging
---
# -- prod ---------------
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: results-prod-tls-cert
namespace: cert-manager
spec:
commonName: results.llvm-merge-guard.org
secretName: results-prod-tls
issuerRef:
name: letsencrypt-prod
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: jenkins-prod-tls-cert
namespace: cert-manager
spec:
commonName: jenkins.llvm-merge-guard.org
secretName: jenkins-prod-tls
issuerRef:
name: letsencrypt-prod
---

View file

@ -21,7 +21,7 @@ metadata:
# static IP assignment not working. Not sure why. # static IP assignment not working. Not sure why.
kubernetes.io/ingress.global-static-ip-name: "web-static-ip" kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
kubernetes.io/ingress.class: "nginx" kubernetes.io/ingress.class: "nginx"
cert-manager.io/issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/auth-type: basic nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: proxy-auth nginx.ingress.kubernetes.io/auth-secret: proxy-auth
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - LLVM pre-merge checks" nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - LLVM pre-merge checks"
@ -51,7 +51,7 @@ metadata:
# static IP assignment not working. Not sure why. # static IP assignment not working. Not sure why.
kubernetes.io/ingress.global-static-ip-name: "web-static-ip" kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
kubernetes.io/ingress.class: "nginx" kubernetes.io/ingress.class: "nginx"
cert-manager.io/issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec: spec:
tls: tls:
- secretName: results-prod-tls - secretName: results-prod-tls
@ -74,7 +74,7 @@ spec:
# # static IP assignment not working. Not sure why. # # static IP assignment not working. Not sure why.
# kubernetes.io/ingress.global-static-ip-name: "web-static-ip" # kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
# kubernetes.io/ingress.class: "nginx" # kubernetes.io/ingress.class: "nginx"
# cert-manager.io/issuer: "letsencrypt-staging" # cert-manager.io/cluster-issuer: "letsencrypt-staging"
# nginx.ingress.kubernetes.io/auth-type: basic # nginx.ingress.kubernetes.io/auth-type: basic
# nginx.ingress.kubernetes.io/auth-secret: proxy-auth # nginx.ingress.kubernetes.io/auth-secret: proxy-auth
# nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - LLVM pre-merge checks" # nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - LLVM pre-merge checks"
@ -104,7 +104,7 @@ spec:
# # static IP assignment not working. Not sure why. # # static IP assignment not working. Not sure why.
# kubernetes.io/ingress.global-static-ip-name: "web-static-ip" # kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
# kubernetes.io/ingress.class: "nginx" # kubernetes.io/ingress.class: "nginx"
# cert-manager.io/issuer: "letsencrypt-staging" # cert-manager.io/cluster-issuer: "letsencrypt-staging"
# spec: # spec:
# tls: # tls:
# - secretName: results-staging-tls # - secretName: results-staging-tls

View file

@ -15,8 +15,8 @@
# based on documentation on # based on documentation on
# https://github.com/jetstack/cert-manager/blob/master/docs/tutorials/acme/quick-start/index.rst # https://github.com/jetstack/cert-manager/blob/master/docs/tutorials/acme/quick-start/index.rst
apiVersion: certmanager.k8s.io/v1alpha1 apiVersion: cert-manager.io/v1alpha2
kind: Issuer kind: ClusterIssuer
metadata: metadata:
name: letsencrypt-staging name: letsencrypt-staging
spec: spec:
@ -29,11 +29,9 @@ spec:
- http01: - http01:
ingress: ingress:
class: nginx class: nginx
--- ---
apiVersion: certmanager.k8s.io/v1alpha1 apiVersion: cert-manager.io/v1alpha2
kind: Issuer kind: ClusterIssuer
metadata: metadata:
name: letsencrypt-prod name: letsencrypt-prod
spec: spec:

View file

@ -23,10 +23,8 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/mast
# install certmanager based on # install certmanager based on
# http://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html # http://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html
kubectl create namespace cert-manager kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.0/cert-manager.yaml
kubectl label namespace kube-system certmanager.k8s.io/disable-validation="true"
kubectl create clusterrolebinding cluster-admin-binding \ kubectl create clusterrolebinding cluster-admin-binding \
--clusterrole=cluster-admin \ --clusterrole=cluster-admin \
--user=$(gcloud config get-value core/account) --user=$(gcloud config get-value core/account)
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.10.1/cert-manager.yaml