More bugfixes, ingress certs
This commit is contained in:
parent
09d2b52f74
commit
e27692430e
@ -2,15 +2,34 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: public-ingress-cert
|
||||
name: ingress-cert
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "kubezero-lib.labels" . | indent 4 }}
|
||||
spec:
|
||||
secretName: public-ingress-cert
|
||||
secretName: ingress-cert
|
||||
issuerRef:
|
||||
name: letsencrypt-dns-prod
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
{{ toYaml (index .Values "istio-ingress" "dnsNames") | indent 4 }}
|
||||
{{- end }}
|
||||
|
||||
{{- if index .Values "istio-private-ingress" "dnsNames" }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: private-ingress-cert
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "kubezero-lib.labels" . | indent 4 }}
|
||||
spec:
|
||||
secretName: private-ingress-cert
|
||||
issuerRef:
|
||||
name: letsencrypt-dns-prod
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
{{ toYaml (index .Values "istio-private-ingress" "dnsNames") | indent 4 }}
|
||||
{{- end }}
|
||||
|
||||
|
@ -28,7 +28,7 @@ spec:
|
||||
mode: SIMPLE
|
||||
privateKey: /etc/istio/ingressgateway-certs/tls.key
|
||||
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
|
||||
credentialName: public-ingress-cert
|
||||
credentialName: ingress-cert
|
||||
{{- end }}
|
||||
|
||||
{{- if and (index .Values "istio-private-ingress" "enabled") (index .Values "istio-private-ingress" "dnsNames") }}
|
||||
@ -62,7 +62,7 @@ spec:
|
||||
mode: SIMPLE
|
||||
privateKey: /etc/istio/ingressgateway-certs/tls.key
|
||||
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
|
||||
credentialName: public-ingress-cert
|
||||
credentialName: private-ingress-cert
|
||||
- port:
|
||||
number: 5672
|
||||
name: amqp
|
||||
@ -85,7 +85,7 @@ spec:
|
||||
mode: SIMPLE
|
||||
privateKey: /etc/istio/ingressgateway-certs/tls.key
|
||||
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
|
||||
credentialName: public-ingress-cert
|
||||
credentialName: private-ingress-cert
|
||||
- port:
|
||||
number: 6379
|
||||
name: redis
|
||||
|
@ -11,6 +11,8 @@ global:
|
||||
defaultPodDisruptionBudget:
|
||||
enabled: false
|
||||
|
||||
arch:
|
||||
amd64: 2
|
||||
|
||||
istio-ingress:
|
||||
enabled: false
|
||||
|
@ -30,4 +30,4 @@ cp -r istio-${ISTIO_VERSION}/manifests/charts/gateways/istio-ingress ../kubezero
|
||||
sed -i -e 's/name: istio-ingress/name: istio-private-ingress/' ../kubezero-istio-ingress/charts/istio-private-ingress/Chart.yaml
|
||||
|
||||
# Get matching istioctl
|
||||
# [ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }
|
||||
[ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }
|
||||
|
@ -132,6 +132,10 @@ kube-prometheus-stack:
|
||||
enabled: false
|
||||
testFramework:
|
||||
enabled: false
|
||||
# Missing default in prometheus-stack
|
||||
sidecar:
|
||||
notifiers:
|
||||
enabled: false
|
||||
|
||||
# Assign state metrics to control plane
|
||||
kube-state-metrics:
|
||||
|
Loading…
Reference in New Issue
Block a user