More bugfixes, ingress certs

This commit is contained in:
Stefan Reimer 2020-11-28 15:01:20 -08:00
parent 09d2b52f74
commit e27692430e
5 changed files with 31 additions and 6 deletions

View File

@ -2,15 +2,34 @@
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
metadata: metadata:
name: public-ingress-cert name: ingress-cert
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
{{ include "kubezero-lib.labels" . | indent 4 }} {{ include "kubezero-lib.labels" . | indent 4 }}
spec: spec:
secretName: public-ingress-cert secretName: ingress-cert
issuerRef: issuerRef:
name: letsencrypt-dns-prod name: letsencrypt-dns-prod
kind: ClusterIssuer kind: ClusterIssuer
dnsNames: dnsNames:
{{ toYaml (index .Values "istio-ingress" "dnsNames") | indent 4 }} {{ toYaml (index .Values "istio-ingress" "dnsNames") | indent 4 }}
{{- end }} {{- end }}
{{- if index .Values "istio-private-ingress" "dnsNames" }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: private-ingress-cert
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
secretName: private-ingress-cert
issuerRef:
name: letsencrypt-dns-prod
kind: ClusterIssuer
dnsNames:
{{ toYaml (index .Values "istio-private-ingress" "dnsNames") | indent 4 }}
{{- end }}

View File

@ -28,7 +28,7 @@ spec:
mode: SIMPLE mode: SIMPLE
privateKey: /etc/istio/ingressgateway-certs/tls.key privateKey: /etc/istio/ingressgateway-certs/tls.key
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
credentialName: public-ingress-cert credentialName: ingress-cert
{{- end }} {{- end }}
{{- if and (index .Values "istio-private-ingress" "enabled") (index .Values "istio-private-ingress" "dnsNames") }} {{- if and (index .Values "istio-private-ingress" "enabled") (index .Values "istio-private-ingress" "dnsNames") }}
@ -62,7 +62,7 @@ spec:
mode: SIMPLE mode: SIMPLE
privateKey: /etc/istio/ingressgateway-certs/tls.key privateKey: /etc/istio/ingressgateway-certs/tls.key
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
credentialName: public-ingress-cert credentialName: private-ingress-cert
- port: - port:
number: 5672 number: 5672
name: amqp name: amqp
@ -85,7 +85,7 @@ spec:
mode: SIMPLE mode: SIMPLE
privateKey: /etc/istio/ingressgateway-certs/tls.key privateKey: /etc/istio/ingressgateway-certs/tls.key
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
credentialName: public-ingress-cert credentialName: private-ingress-cert
- port: - port:
number: 6379 number: 6379
name: redis name: redis

View File

@ -11,6 +11,8 @@ global:
defaultPodDisruptionBudget: defaultPodDisruptionBudget:
enabled: false enabled: false
arch:
amd64: 2
istio-ingress: istio-ingress:
enabled: false enabled: false

View File

@ -30,4 +30,4 @@ cp -r istio-${ISTIO_VERSION}/manifests/charts/gateways/istio-ingress ../kubezero
sed -i -e 's/name: istio-ingress/name: istio-private-ingress/' ../kubezero-istio-ingress/charts/istio-private-ingress/Chart.yaml sed -i -e 's/name: istio-ingress/name: istio-private-ingress/' ../kubezero-istio-ingress/charts/istio-private-ingress/Chart.yaml
# Get matching istioctl # Get matching istioctl
# [ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; } [ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }

View File

@ -132,6 +132,10 @@ kube-prometheus-stack:
enabled: false enabled: false
testFramework: testFramework:
enabled: false enabled: false
# Missing default in prometheus-stack
sidecar:
notifiers:
enabled: false
# Assign state metrics to control plane # Assign state metrics to control plane
kube-state-metrics: kube-state-metrics: