More bugfixes, ingress certs
This commit is contained in:
parent
09d2b52f74
commit
e27692430e
@ -2,15 +2,34 @@
|
|||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: Certificate
|
kind: Certificate
|
||||||
metadata:
|
metadata:
|
||||||
name: public-ingress-cert
|
name: ingress-cert
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{ include "kubezero-lib.labels" . | indent 4 }}
|
{{ include "kubezero-lib.labels" . | indent 4 }}
|
||||||
spec:
|
spec:
|
||||||
secretName: public-ingress-cert
|
secretName: ingress-cert
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: letsencrypt-dns-prod
|
name: letsencrypt-dns-prod
|
||||||
kind: ClusterIssuer
|
kind: ClusterIssuer
|
||||||
dnsNames:
|
dnsNames:
|
||||||
{{ toYaml (index .Values "istio-ingress" "dnsNames") | indent 4 }}
|
{{ toYaml (index .Values "istio-ingress" "dnsNames") | indent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if index .Values "istio-private-ingress" "dnsNames" }}
|
||||||
|
---
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: private-ingress-cert
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{ include "kubezero-lib.labels" . | indent 4 }}
|
||||||
|
spec:
|
||||||
|
secretName: private-ingress-cert
|
||||||
|
issuerRef:
|
||||||
|
name: letsencrypt-dns-prod
|
||||||
|
kind: ClusterIssuer
|
||||||
|
dnsNames:
|
||||||
|
{{ toYaml (index .Values "istio-private-ingress" "dnsNames") | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
@ -28,7 +28,7 @@ spec:
|
|||||||
mode: SIMPLE
|
mode: SIMPLE
|
||||||
privateKey: /etc/istio/ingressgateway-certs/tls.key
|
privateKey: /etc/istio/ingressgateway-certs/tls.key
|
||||||
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
|
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
|
||||||
credentialName: public-ingress-cert
|
credentialName: ingress-cert
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{- if and (index .Values "istio-private-ingress" "enabled") (index .Values "istio-private-ingress" "dnsNames") }}
|
{{- if and (index .Values "istio-private-ingress" "enabled") (index .Values "istio-private-ingress" "dnsNames") }}
|
||||||
@ -62,7 +62,7 @@ spec:
|
|||||||
mode: SIMPLE
|
mode: SIMPLE
|
||||||
privateKey: /etc/istio/ingressgateway-certs/tls.key
|
privateKey: /etc/istio/ingressgateway-certs/tls.key
|
||||||
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
|
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
|
||||||
credentialName: public-ingress-cert
|
credentialName: private-ingress-cert
|
||||||
- port:
|
- port:
|
||||||
number: 5672
|
number: 5672
|
||||||
name: amqp
|
name: amqp
|
||||||
@ -85,7 +85,7 @@ spec:
|
|||||||
mode: SIMPLE
|
mode: SIMPLE
|
||||||
privateKey: /etc/istio/ingressgateway-certs/tls.key
|
privateKey: /etc/istio/ingressgateway-certs/tls.key
|
||||||
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
|
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
|
||||||
credentialName: public-ingress-cert
|
credentialName: private-ingress-cert
|
||||||
- port:
|
- port:
|
||||||
number: 6379
|
number: 6379
|
||||||
name: redis
|
name: redis
|
||||||
|
@ -11,6 +11,8 @@ global:
|
|||||||
defaultPodDisruptionBudget:
|
defaultPodDisruptionBudget:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
arch:
|
||||||
|
amd64: 2
|
||||||
|
|
||||||
istio-ingress:
|
istio-ingress:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
@ -30,4 +30,4 @@ cp -r istio-${ISTIO_VERSION}/manifests/charts/gateways/istio-ingress ../kubezero
|
|||||||
sed -i -e 's/name: istio-ingress/name: istio-private-ingress/' ../kubezero-istio-ingress/charts/istio-private-ingress/Chart.yaml
|
sed -i -e 's/name: istio-ingress/name: istio-private-ingress/' ../kubezero-istio-ingress/charts/istio-private-ingress/Chart.yaml
|
||||||
|
|
||||||
# Get matching istioctl
|
# Get matching istioctl
|
||||||
# [ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }
|
[ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }
|
||||||
|
@ -132,6 +132,10 @@ kube-prometheus-stack:
|
|||||||
enabled: false
|
enabled: false
|
||||||
testFramework:
|
testFramework:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
# Missing default in prometheus-stack
|
||||||
|
sidecar:
|
||||||
|
notifiers:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
# Assign state metrics to control plane
|
# Assign state metrics to control plane
|
||||||
kube-state-metrics:
|
kube-state-metrics:
|
||||||
|
Loading…
Reference in New Issue
Block a user