add cert-manager configuration
This commit is contained in:
parent
d33d3b150d
commit
785cc54cef
@ -9,6 +9,7 @@ metadata:
|
|||||||
nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01
|
nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01
|
||||||
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" #cf 01
|
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" #cf 01
|
||||||
# nginx.ingress.kubernetes.io/client_max_body_size: "100m"
|
# nginx.ingress.kubernetes.io/client_max_body_size: "100m"
|
||||||
|
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
rules:
|
rules:
|
||||||
|
@ -1,33 +1,33 @@
|
|||||||
- op: replace
|
#- op: replace
|
||||||
path: /metadata/annotations/nginx.ingress.kubernetes.io~1proxy-body-size
|
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1proxy-body-size
|
||||||
value: "1G"
|
# value: "1G"
|
||||||
- op: replace
|
#- op: replace
|
||||||
path: /metadata/annotations/nginx.ingress.kubernetes.io~1enable-cors
|
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1enable-cors
|
||||||
value: "true"
|
# value: "true"
|
||||||
- op: replace
|
#- op: replace
|
||||||
path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-headers
|
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-headers
|
||||||
value: "X-Forwarded-For"
|
# value: "X-Forwarded-For"
|
||||||
|
|
||||||
# En cas de besoin
|
# En cas de besoin
|
||||||
#- op: add
|
#- op: add
|
||||||
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1client_max_body_size
|
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1client_max_body_size
|
||||||
# value: "100m"
|
# value: "100m"
|
||||||
|
|
||||||
- op: replace
|
#- op: replace
|
||||||
path: /spec/rules/0/host
|
# path: /spec/rules/0/host
|
||||||
value: nxt.cadoles.fr
|
# value: nxt.cadoles.fr
|
||||||
- op: replace
|
#- op: replace
|
||||||
path: /spec/rules/0/http/paths/0/path
|
# path: /spec/rules/0/http/paths/0/path
|
||||||
value: /
|
# value: /
|
||||||
- op: replace
|
#- op: replace
|
||||||
path: /spec/rules/0/http/paths/0/pathType
|
# path: /spec/rules/0/http/paths/0/pathType
|
||||||
value: Prefix
|
# value: Prefix
|
||||||
- op: replace
|
#- op: replace
|
||||||
path: /spec/rules/0/http/paths/0/backend/service/name
|
# path: /spec/rules/0/http/paths/0/backend/service/name
|
||||||
value: nextcloud
|
# value: nextcloud
|
||||||
- op: replace
|
#- op: replace
|
||||||
path: /spec/rules/0/http/paths/0/backend/service/port/number
|
# path: /spec/rules/0/http/paths/0/backend/service/port/number
|
||||||
value: 80
|
# value: 80
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
29
overlays/dev/patches/nginx-ingress.yaml
Normal file
29
overlays/dev/patches/nginx-ingress.yaml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: nextcloud
|
||||||
|
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/proxy-body-size: "5m"
|
||||||
|
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||||||
|
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
|
||||||
|
cert-manager.io/issuer: cadoles-selfsigned-ca
|
||||||
|
|
||||||
|
spec:
|
||||||
|
ingressClassName: nginx
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- nxt.cadoles.fr
|
||||||
|
secretName: cadoles-selfsigned-ca
|
||||||
|
rules:
|
||||||
|
- host: nxt.cadoles.fr
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: nextcloud
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
|
7
overlays/dev/resources/cert-manager/kustomization.yaml
Normal file
7
overlays/dev/resources/cert-manager/kustomization.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ./resources/cluster-issuer.yaml
|
||||||
|
- ./resources/ca.yaml
|
||||||
|
- ./resources/issuer.yaml
|
19
overlays/dev/resources/cert-manager/resources/ca.yaml
Normal file
19
overlays/dev/resources/cert-manager/resources/ca.yaml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: cadoles-selfsigned-ca
|
||||||
|
# namespace: cert-manager
|
||||||
|
# namespace: ingress-nginx
|
||||||
|
|
||||||
|
spec:
|
||||||
|
isCA: true
|
||||||
|
commonName: cadoles-selfsigned-ca
|
||||||
|
# secretName: root-secret
|
||||||
|
secretName: cadoles-selfsigned-ca
|
||||||
|
privateKey:
|
||||||
|
algorithm: ECDSA
|
||||||
|
size: 256
|
||||||
|
issuerRef:
|
||||||
|
name: cadoles-selfsigned-issuer
|
||||||
|
kind: ClusterIssuer
|
||||||
|
group: cert-manager.io
|
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
name: cadoles-selfsigned-issuer
|
||||||
|
spec:
|
||||||
|
selfSigned: {}
|
@ -0,0 +1,9 @@
|
|||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Issuer
|
||||||
|
metadata:
|
||||||
|
name: cadoles-ca-issuer
|
||||||
|
# namespace: cert-manager
|
||||||
|
# namespace: ingress-nginx
|
||||||
|
spec:
|
||||||
|
ca:
|
||||||
|
secretName: cadoles-selfsigned-ca
|
40
overlays/dev/resources/ssl.yaml
Normal file
40
overlays/dev/resources/ssl.yaml
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: nextcloud
|
||||||
|
spec:
|
||||||
|
# Secret names are always required.
|
||||||
|
#secretName: nextcloud-tls
|
||||||
|
secretName: cadoles-selfsigned-ca
|
||||||
|
|
||||||
|
|
||||||
|
duration: 2160h # 90d
|
||||||
|
renewBefore: 360h # 15d
|
||||||
|
subject:
|
||||||
|
organizations:
|
||||||
|
- cadoles
|
||||||
|
# The use of the common name field has been deprecated since 2000 and is
|
||||||
|
# discouraged from being used.
|
||||||
|
commonName: cadoles.fr
|
||||||
|
isCA: false
|
||||||
|
privateKey:
|
||||||
|
algorithm: RSA
|
||||||
|
encoding: PKCS1
|
||||||
|
size: 2048
|
||||||
|
usages:
|
||||||
|
- server auth
|
||||||
|
- client auth
|
||||||
|
# At least one of a DNS Name, URI, or IP address is required.
|
||||||
|
dnsNames:
|
||||||
|
- nextcloud
|
||||||
|
- nextcloud.cadoles.fr
|
||||||
|
- nxt.cadoles.fr
|
||||||
|
# Issuer references are always required.
|
||||||
|
issuerRef:
|
||||||
|
name: cadoles-ca-issuer
|
||||||
|
# We can reference ClusterIssuers by changing the kind here.
|
||||||
|
# The default value is Issuer (i.e. a locally namespaced Issuer)
|
||||||
|
kind: Issuer
|
||||||
|
# This is optional since cert-manager will default to this value however
|
||||||
|
# if you are using an external issuer, change this to that issuer group.
|
||||||
|
group: cert-manager.io
|
Loading…
Reference in New Issue
Block a user