diff --git a/base/resources/nextcloud/resources/ingress.yaml b/base/resources/nextcloud/resources/ingress.yaml index 9796b01..97fe7a9 100644 --- a/base/resources/nextcloud/resources/ingress.yaml +++ b/base/resources/nextcloud/resources/ingress.yaml @@ -9,6 +9,7 @@ metadata: nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01 nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" #cf 01 # nginx.ingress.kubernetes.io/client_max_body_size: "100m" + spec: ingressClassName: nginx rules: diff --git a/overlays/dev/patches/ingress-nextcloud.yaml b/overlays/dev/patches/ingress-nextcloud.yaml index 32cb828..4243a29 100644 --- a/overlays/dev/patches/ingress-nextcloud.yaml +++ b/overlays/dev/patches/ingress-nextcloud.yaml @@ -1,33 +1,33 @@ -- op: replace - path: /metadata/annotations/nginx.ingress.kubernetes.io~1proxy-body-size - value: "1G" -- op: replace - path: /metadata/annotations/nginx.ingress.kubernetes.io~1enable-cors - value: "true" -- op: replace - path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-headers - value: "X-Forwarded-For" +#- op: replace +# path: /metadata/annotations/nginx.ingress.kubernetes.io~1proxy-body-size +# value: "1G" +#- op: replace +# path: /metadata/annotations/nginx.ingress.kubernetes.io~1enable-cors +# value: "true" +#- op: replace +# path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-headers +# value: "X-Forwarded-For" # En cas de besoin #- op: add # path: /metadata/annotations/nginx.ingress.kubernetes.io~1client_max_body_size # value: "100m" -- op: replace - path: /spec/rules/0/host - value: nxt.cadoles.fr -- op: replace - path: /spec/rules/0/http/paths/0/path - value: / -- op: replace - path: /spec/rules/0/http/paths/0/pathType - value: Prefix -- op: replace - path: /spec/rules/0/http/paths/0/backend/service/name - value: nextcloud -- op: replace - path: /spec/rules/0/http/paths/0/backend/service/port/number - value: 80 +#- op: replace +# path: /spec/rules/0/host +# value: nxt.cadoles.fr +#- op: replace +# path: /spec/rules/0/http/paths/0/path +# value: / +#- op: replace +# path: /spec/rules/0/http/paths/0/pathType +# value: Prefix +#- op: replace +# path: /spec/rules/0/http/paths/0/backend/service/name +# value: nextcloud +#- op: replace +# path: /spec/rules/0/http/paths/0/backend/service/port/number +# value: 80 diff --git a/overlays/dev/patches/nginx-ingress.yaml b/overlays/dev/patches/nginx-ingress.yaml new file mode 100644 index 0000000..c8977de --- /dev/null +++ b/overlays/dev/patches/nginx-ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nextcloud + + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: "5m" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" + cert-manager.io/issuer: cadoles-selfsigned-ca + +spec: + ingressClassName: nginx + tls: + - hosts: + - nxt.cadoles.fr + secretName: cadoles-selfsigned-ca + rules: + - host: nxt.cadoles.fr + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nextcloud + port: + number: 80 + diff --git a/overlays/dev/resources/cert-manager/kustomization.yaml b/overlays/dev/resources/cert-manager/kustomization.yaml new file mode 100644 index 0000000..1d3af80 --- /dev/null +++ b/overlays/dev/resources/cert-manager/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ./resources/cluster-issuer.yaml +- ./resources/ca.yaml +- ./resources/issuer.yaml \ No newline at end of file diff --git a/overlays/dev/resources/cert-manager/resources/ca.yaml b/overlays/dev/resources/cert-manager/resources/ca.yaml new file mode 100644 index 0000000..454a39c --- /dev/null +++ b/overlays/dev/resources/cert-manager/resources/ca.yaml @@ -0,0 +1,19 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: cadoles-selfsigned-ca +# namespace: cert-manager +# namespace: ingress-nginx + +spec: + isCA: true + commonName: cadoles-selfsigned-ca +# secretName: root-secret + secretName: cadoles-selfsigned-ca + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: cadoles-selfsigned-issuer + kind: ClusterIssuer + group: cert-manager.io diff --git a/overlays/dev/resources/cert-manager/resources/cluster-issuer.yaml b/overlays/dev/resources/cert-manager/resources/cluster-issuer.yaml new file mode 100644 index 0000000..a81d113 --- /dev/null +++ b/overlays/dev/resources/cert-manager/resources/cluster-issuer.yaml @@ -0,0 +1,6 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: cadoles-selfsigned-issuer +spec: + selfSigned: {} diff --git a/overlays/dev/resources/cert-manager/resources/issuer.yaml b/overlays/dev/resources/cert-manager/resources/issuer.yaml new file mode 100644 index 0000000..7b5105c --- /dev/null +++ b/overlays/dev/resources/cert-manager/resources/issuer.yaml @@ -0,0 +1,9 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: cadoles-ca-issuer +# namespace: cert-manager +# namespace: ingress-nginx +spec: + ca: + secretName: cadoles-selfsigned-ca \ No newline at end of file diff --git a/overlays/dev/resources/ssl.yaml b/overlays/dev/resources/ssl.yaml new file mode 100644 index 0000000..6f2098d --- /dev/null +++ b/overlays/dev/resources/ssl.yaml @@ -0,0 +1,40 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nextcloud +spec: + # Secret names are always required. + #secretName: nextcloud-tls + secretName: cadoles-selfsigned-ca + + + duration: 2160h # 90d + renewBefore: 360h # 15d + subject: + organizations: + - cadoles + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: cadoles.fr + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + usages: + - server auth + - client auth + # At least one of a DNS Name, URI, or IP address is required. + dnsNames: + - nextcloud + - nextcloud.cadoles.fr + - nxt.cadoles.fr + # Issuer references are always required. + issuerRef: + name: cadoles-ca-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: cert-manager.io \ No newline at end of file