mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-06-02 13:06:48 +00:00
⚡ Add CertManager field to IngressConfig and add an Ingress TLS example
This commit is contained in:
M. Mert Yildiran
parent
39f8d40b76
commit
c19cd00c77
@ -85,10 +85,11 @@ type AuthConfig struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type IngressConfig struct {
|
type IngressConfig struct {
|
||||||
Enabled bool `yaml:"enabled" default:"false"`
|
Enabled bool `yaml:"enabled" default:"false"`
|
||||||
Host string `yaml:"host" default:"ks.svc.cluster.local"`
|
Host string `yaml:"host" default:"ks.svc.cluster.local"`
|
||||||
TLS []networking.IngressTLS `yaml:"tls"`
|
TLS []networking.IngressTLS `yaml:"tls"`
|
||||||
Auth AuthConfig `yaml:"auth"`
|
Auth AuthConfig `yaml:"auth"`
|
||||||
|
CertManager string `yaml:"certManager" default:"letsencrypt-prod"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type TapConfig struct {
|
type TapConfig struct {
|
||||||
|
|||||||
@ -587,6 +587,7 @@ func (provider *Provider) BuildIngress() *networking.Ingress {
|
|||||||
}, provider),
|
}, provider),
|
||||||
Annotations: map[string]string{
|
Annotations: map[string]string{
|
||||||
"nginx.ingress.kubernetes.io/rewrite-target": "/$2",
|
"nginx.ingress.kubernetes.io/rewrite-target": "/$2",
|
||||||
|
"certmanager.k8s.io/cluster-issuer": config.Config.Tap.Ingress.CertManager,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Spec: networking.IngressSpec{
|
Spec: networking.IngressSpec{
|
||||||
|
|||||||
12
manifests/tls/certificate.yaml
Normal file
12
manifests/tls/certificate.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: staging
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
issuerRef:
|
||||||
|
name: letsencrypt-prod
|
||||||
|
kind: ClusterIssuer
|
||||||
|
secretName: cert-testing
|
||||||
|
dnsNames:
|
||||||
|
- ks.svc.cluster.local
|
||||||
14
manifests/tls/cluster-issuer.yaml
Normal file
14
manifests/tls/cluster-issuer.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
name: letsencrypt-prod
|
||||||
|
spec:
|
||||||
|
acme:
|
||||||
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||||||
|
email: info@kubeshark.com
|
||||||
|
privateKeySecretRef:
|
||||||
|
name: letsencrypt-prod-key
|
||||||
|
solvers:
|
||||||
|
- http01:
|
||||||
|
ingress:
|
||||||
|
class: kubeshark-ingress-class
|
||||||
15
manifests/tls/run.sh
Executable file
15
manifests/tls/run.sh
Executable file
@ -0,0 +1,15 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
__dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||||
|
|
||||||
|
helm repo add jetstack https://charts.jetstack.io
|
||||||
|
helm repo update
|
||||||
|
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml
|
||||||
|
helm install \
|
||||||
|
cert-manager jetstack/cert-manager \
|
||||||
|
--namespace cert-manager \
|
||||||
|
--create-namespace \
|
||||||
|
--version v1.9.1
|
||||||
|
|
||||||
|
kubectl apply -f ${__dir}/cluster-issuer.yaml
|
||||||
|
kubectl apply -f ${__dir}/certificate.yaml
|
||||||
Loading…
Reference in New Issue
Block a user