add cert-manager configuration
This commit is contained in:
parent
d17baece1a
commit
ced7a86e17
|
|
@ -9,6 +9,7 @@ metadata:
|
|||
nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01
|
||||
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" #cf 01
|
||||
# nginx.ingress.kubernetes.io/client_max_body_size: "100m"
|
||||
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
|
|
|
|||
|
|
@ -6,12 +6,17 @@ namespace: nextcloud-dev
|
|||
resources:
|
||||
- ../../base/
|
||||
- resources/namespace.yaml
|
||||
- resources/ssl.yaml
|
||||
- resources/cert-manager
|
||||
|
||||
#- resources/host-config.yaml
|
||||
|
||||
# deux façon de faire la seconde ici =>
|
||||
# - patches/nextcloud-patch.yaml
|
||||
|
||||
patches:
|
||||
- path: patches/nginx-ingress.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- patches/redis-config.yaml
|
||||
- patches/ConfigMaps.yaml
|
||||
|
|
@ -52,12 +57,12 @@ patchesJson6902:
|
|||
kind: Deployment
|
||||
name: app
|
||||
path: patches/nextcloud-smtp.yaml
|
||||
- target:
|
||||
group: apps
|
||||
version: v1
|
||||
kind: Ingress
|
||||
name: nextcloud
|
||||
path: patches/ingress-nextcloud.yaml
|
||||
#- target:
|
||||
# group: apps
|
||||
# version: v1
|
||||
# kind: Ingress
|
||||
# name: nextcloud
|
||||
# path: patches/ingress-nextcloud.yaml
|
||||
- target:
|
||||
group: apps
|
||||
version: v2
|
||||
|
|
@ -71,6 +76,14 @@ patchesJson6902:
|
|||
name: app
|
||||
path: patches/nextcloud-ldap.yaml
|
||||
|
||||
|
||||
#- target:
|
||||
# group: apps
|
||||
# version: v1
|
||||
# kind: Ingress
|
||||
# name: nextcloud
|
||||
# path: patches/ingress-cert-manager.yaml
|
||||
|
||||
# PARTIE MINIO
|
||||
|
||||
# secret re-généré
|
||||
|
|
|
|||
|
|
@ -1,33 +1,33 @@
|
|||
- op: replace
|
||||
path: /metadata/annotations/nginx.ingress.kubernetes.io~1proxy-body-size
|
||||
value: "1G"
|
||||
- op: replace
|
||||
path: /metadata/annotations/nginx.ingress.kubernetes.io~1enable-cors
|
||||
value: "true"
|
||||
- op: replace
|
||||
path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-headers
|
||||
value: "X-Forwarded-For"
|
||||
#- op: replace
|
||||
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1proxy-body-size
|
||||
# value: "1G"
|
||||
#- op: replace
|
||||
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1enable-cors
|
||||
# value: "true"
|
||||
#- op: replace
|
||||
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-headers
|
||||
# value: "X-Forwarded-For"
|
||||
|
||||
# En cas de besoin
|
||||
#- op: add
|
||||
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1client_max_body_size
|
||||
# value: "100m"
|
||||
|
||||
- op: replace
|
||||
path: /spec/rules/0/host
|
||||
value: nxt.cadoles.fr
|
||||
- op: replace
|
||||
path: /spec/rules/0/http/paths/0/path
|
||||
value: /
|
||||
- op: replace
|
||||
path: /spec/rules/0/http/paths/0/pathType
|
||||
value: Prefix
|
||||
- op: replace
|
||||
path: /spec/rules/0/http/paths/0/backend/service/name
|
||||
value: nextcloud
|
||||
- op: replace
|
||||
path: /spec/rules/0/http/paths/0/backend/service/port/number
|
||||
value: 80
|
||||
#- op: replace
|
||||
# path: /spec/rules/0/host
|
||||
# value: nxt.cadoles.fr
|
||||
#- op: replace
|
||||
# path: /spec/rules/0/http/paths/0/path
|
||||
# value: /
|
||||
#- op: replace
|
||||
# path: /spec/rules/0/http/paths/0/pathType
|
||||
# value: Prefix
|
||||
#- op: replace
|
||||
# path: /spec/rules/0/http/paths/0/backend/service/name
|
||||
# value: nextcloud
|
||||
#- op: replace
|
||||
# path: /spec/rules/0/http/paths/0/backend/service/port/number
|
||||
# value: 80
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,29 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: nextcloud
|
||||
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "5m"
|
||||
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||||
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
|
||||
cert-manager.io/issuer: cadoles-selfsigned-ca
|
||||
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- nxt.cadoles.fr
|
||||
secretName: cadoles-selfsigned-ca
|
||||
rules:
|
||||
- host: nxt.cadoles.fr
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: nextcloud
|
||||
port:
|
||||
number: 80
|
||||
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ./resources/cluster-issuer.yaml
|
||||
- ./resources/ca.yaml
|
||||
- ./resources/issuer.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: cadoles-selfsigned-ca
|
||||
# namespace: cert-manager
|
||||
# namespace: ingress-nginx
|
||||
|
||||
spec:
|
||||
isCA: true
|
||||
commonName: cadoles-selfsigned-ca
|
||||
# secretName: root-secret
|
||||
secretName: cadoles-selfsigned-ca
|
||||
privateKey:
|
||||
algorithm: ECDSA
|
||||
size: 256
|
||||
issuerRef:
|
||||
name: cadoles-selfsigned-issuer
|
||||
kind: ClusterIssuer
|
||||
group: cert-manager.io
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: cadoles-selfsigned-issuer
|
||||
spec:
|
||||
selfSigned: {}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: cadoles-ca-issuer
|
||||
# namespace: cert-manager
|
||||
# namespace: ingress-nginx
|
||||
spec:
|
||||
ca:
|
||||
secretName: cadoles-selfsigned-ca
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: nextcloud
|
||||
spec:
|
||||
# Secret names are always required.
|
||||
#secretName: nextcloud-tls
|
||||
secretName: cadoles-selfsigned-ca
|
||||
|
||||
|
||||
duration: 2160h # 90d
|
||||
renewBefore: 360h # 15d
|
||||
subject:
|
||||
organizations:
|
||||
- cadoles
|
||||
# The use of the common name field has been deprecated since 2000 and is
|
||||
# discouraged from being used.
|
||||
commonName: cadoles.fr
|
||||
isCA: false
|
||||
privateKey:
|
||||
algorithm: RSA
|
||||
encoding: PKCS1
|
||||
size: 2048
|
||||
usages:
|
||||
- server auth
|
||||
- client auth
|
||||
# At least one of a DNS Name, URI, or IP address is required.
|
||||
dnsNames:
|
||||
- nextcloud
|
||||
- nextcloud.cadoles.fr
|
||||
- nxt.cadoles.fr
|
||||
# Issuer references are always required.
|
||||
issuerRef:
|
||||
name: cadoles-ca-issuer
|
||||
# We can reference ClusterIssuers by changing the kind here.
|
||||
# The default value is Issuer (i.e. a locally namespaced Issuer)
|
||||
kind: Issuer
|
||||
# This is optional since cert-manager will default to this value however
|
||||
# if you are using an external issuer, change this to that issuer group.
|
||||
group: cert-manager.io
|
||||
Loading…
Reference in New Issue