⚡ Add CertManager field to IngressConfig and add an Ingress TLS example

2025-05-03 14:18:28 +00:00 · 2023-05-24 04:01:45 +03:00 · 2023-05-24 04:01:45 +03:00 · c19cd00c77
commit c19cd00c77
parent 39f8d40b76
5 changed files with 47 additions and 4 deletions
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@ -85,10 +85,11 @@ type AuthConfig struct {
 }

 type IngressConfig struct {
-	Enabled bool                    `yaml:"enabled" default:"false"`
-	Host    string                  `yaml:"host" default:"ks.svc.cluster.local"`
-	TLS     []networking.IngressTLS `yaml:"tls"`
-	Auth    AuthConfig              `yaml:"auth"`
+	Enabled     bool                    `yaml:"enabled" default:"false"`
+	Host        string                  `yaml:"host" default:"ks.svc.cluster.local"`
+	TLS         []networking.IngressTLS `yaml:"tls"`
+	Auth        AuthConfig              `yaml:"auth"`
+	CertManager string                  `yaml:"certManager" default:"letsencrypt-prod"`
 }

 type TapConfig struct {
--- a/kubernetes/provider.go
+++ b/kubernetes/provider.go
@ -587,6 +587,7 @@ func (provider *Provider) BuildIngress() *networking.Ingress {
 			}, provider),
 			Annotations: map[string]string{
 				"nginx.ingress.kubernetes.io/rewrite-target": "/$2",
+				"certmanager.k8s.io/cluster-issuer":          config.Config.Tap.Ingress.CertManager,
 			},
 		},
 		Spec: networking.IngressSpec{
--- a/manifests/tls/certificate.yaml
+++ b/manifests/tls/certificate.yaml
@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: staging
+  namespace: default
+spec:
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  secretName: cert-testing
+  dnsNames:
+  - ks.svc.cluster.local
--- a/manifests/tls/cluster-issuer.yaml
+++ b/manifests/tls/cluster-issuer.yaml
@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: info@kubeshark.com
+    privateKeySecretRef:
+      name: letsencrypt-prod-key
+    solvers:
+    - http01:
+        ingress:
+          class: kubeshark-ingress-class
--- a/manifests/tls/run.sh
+++ b/manifests/tls/run.sh
@ -0,0 +1,15 @@
+#!/bin/bash
+
+__dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+helm repo add jetstack https://charts.jetstack.io
+helm repo update
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml
+helm install \
+cert-manager jetstack/cert-manager \
+--namespace cert-manager \
+--create-namespace \
+--version v1.9.1
+
+kubectl apply -f ${__dir}/cluster-issuer.yaml
+kubectl apply -f ${__dir}/certificate.yaml