fix ingress-nginx
This commit is contained in:
Victor Barba Martin
parent
66cbe91ca2
commit
28e4ab0a1a
26
README.md
26
README.md
|
|
@ -28,30 +28,14 @@ This README would normally document whatever steps are necessary to get your app
|
|||
* Repo owner or admin
|
||||
* Other community or team contact
|
||||
|
||||
# Install NGINX-INGRESS-CONTROLLER
|
||||
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
|
||||
helm repo update
|
||||
helm install ingress-nginx ingress-nginx/ingress-nginx
|
||||
# Apply terraform
|
||||
|
||||
# GET NGINX INGRESS CONTROLLER LOADBALANCER IP
|
||||
kubectl --namespace default get services -o wide -w ingress-nginx-controller
|
||||
|
||||
# SETUP *.staging.video.jamkazam.com A RECORD to NGINX INGRESS CONTROLLER LB IP
|
||||
|
||||
Manually AWS console
|
||||
|
||||
# Install cert-manager
|
||||
helm install cert-manager cert-manager \
|
||||
--repo https://charts.jetstack.io \
|
||||
--create-namespace --namespace cert-manager \
|
||||
--set installCRDs=true
|
||||
|
||||
# Create cluster-issuer
|
||||
kubectl apply -f k8s/cert-manager/cluster-issuer.yaml
|
||||
|
||||
# Install ArgoCD
|
||||
kubectl create namespace argocd
|
||||
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
|
||||
|
||||
# Create ArgoCD Ingress
|
||||
kubectl apply -f k8s/argocd/ingress.yaml
|
||||
# Add Bitbucket SSH Key secret
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
38
argocd
38
argocd
|
|
@ -1,38 +0,0 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
||||
NhAAAAAwEAAQAAAYEA+cVjgXqQ5qP/+2J3uunKU681+c1YohjBWLXoyglz+GI9MNDoWcz1
|
||||
s0v8GX1AgMU4fTkHcuQCvGLvOiOgNFYWKGKhXvvp8PlXa6qgDIOW62Qg1C6VxdwUMu3QzH
|
||||
lVR/dxCUrtlYL92lj6URXzStCSpviBKnqzGMJitlwyI2CtrEZIRlYkzG9QLypFQ+NdjI3d
|
||||
Q3848g6gOwkInij+LR3x6MvkOOZeXyc+js4YR7wWkzOi/KHrJZ+zwuJqTD2d/wvDR3Eiyf
|
||||
egDDiiyy29ryXWy2LCb5+FmXxzD/iO9Lio0EP8+4figw69jH2LZP/AIn9u7nOs7u6ZXQ56
|
||||
TijgF7UpUwrg7VsfOm1fjC33gdeMwAkOLA8oOTVlaYW3ZbnWYGZ6BHRV8yhohaB7XN3Hc5
|
||||
jDW6y4frmw+Vk8Om0bi6SKTPqn812NfIGSkxFZ9nQ5Z40PtFh/qX9MJQyI6yCwRGFtaARG
|
||||
/8mitnoCClL47kaYHepMy4tSgfKzTFr575tRKJMnAAAFkJVexiOVXsYjAAAAB3NzaC1yc2
|
||||
EAAAGBAPnFY4F6kOaj//tid7rpylOvNfnNWKIYwVi16MoJc/hiPTDQ6FnM9bNL/Bl9QIDF
|
||||
OH05B3LkArxi7zojoDRWFihioV776fD5V2uqoAyDlutkINQulcXcFDLt0Mx5VUf3cQlK7Z
|
||||
WC/dpY+lEV80rQkqb4gSp6sxjCYrZcMiNgraxGSEZWJMxvUC8qRUPjXYyN3UN/OPIOoDsJ
|
||||
CJ4o/i0d8ejL5DjmXl8nPo7OGEe8FpMzovyh6yWfs8Liakw9nf8Lw0dxIsn3oAw4osstva
|
||||
8l1stiwm+fhZl8cw/4jvS4qNBD/PuH4oMOvYx9i2T/wCJ/bu5zrO7umV0Oek4o4Be1KVMK
|
||||
4O1bHzptX4wt94HXjMAJDiwPKDk1ZWmFt2W51mBmegR0VfMoaIWge1zdx3OYw1usuH65sP
|
||||
lZPDptG4ukikz6p/NdjXyBkpMRWfZ0OWeND7RYf6l/TCUMiOsgsERhbWgERv/JorZ6AgpS
|
||||
+O5GmB3qTMuLUoHys0xa+e+bUSiTJwAAAAMBAAEAAAGAduOBANGxhUdNAoCVUzATcY/11k
|
||||
jrRoUYCzzTaM/lFrbUP5dA8fXAgi7J+ewHtwOpZtmtdP+ZWciR7I+moyLS+zgvbcHlUiGt
|
||||
ff9CnZJJVRRdGAJwojSmnLNcbufWMyJR+MVkn4UxhixSQiR7oQH0vGuPOAQdmcx1Ji5uYy
|
||||
6SnGz73BcG/xSBC2JIhA8GqW+hgY5eMcHKfS9IndgPXLRjQJdEs9zb0NkiSuFI52RdLoYm
|
||||
r6/2+PqymzIgvNebjBoxUeV7IGRjaXoqW7f+D5D0oRLnUb+7ueIHlxrdydtvWaTM6IBeCa
|
||||
9gngve6y71eVJVuxeaXzuzxUjZqXEKQXNBJV6HQRy4uFzpJcvYcZQLAZTa6KIjXGPO8Ujw
|
||||
MnIcs/YaoQMOXYR357kFSFMTQ9aN4tnzAYFnY32+R3o4NQX6nkcld9mje3F1msMosPlLOe
|
||||
7AVqkqs4ebZk6F7THisTN1s7WP3mq1ogCb+JgujGRaArDULrkmOWUM5bQigAPjGDMhAAAA
|
||||
wQCJSnPE7HFPLcTxXv5YvHlMdtRTLbvWtvKjMM1lMPo5rKd1gJHKJfYp16EmI9TUeFFiev
|
||||
HzCHDaamzXcFs1th8u1exYxWdN4bftxBiM9QiFA3OMbl+qtBa9nSU+nOwtmRb6TP1Ai5QM
|
||||
gtsqhQ6GIeeYWTtS8spFhIkQdCejb8mvGbZDvvbGO3vlddwPKJtoDWHzETje+ygRTrjqOi
|
||||
4jCUuNAAyw1LFQshY9BLbCcCd+MOlvEd5wDlNALg1PdyUx/OkAAADBAP6iX1VmMMfwb2Bw
|
||||
wW2ZR6QkEHsDMt1N5hBQmj5E765zou6Cxcud8/sRjfEfSrGr4m0MpqmrED4AB4lKo1GxG6
|
||||
zxO7Xrv7DwXjrj95F9cTvMEE5o4TiKh5ZB+lCNdqhb/scidMkrnFQgn3qpWAMkLIXOqG0O
|
||||
rrCYMrKyjgoM0nKovZseboIAiHGmTkIJfSOiT0Lwd9rKznNugYcuZkCB3eyW+rujowIcry
|
||||
Nb6AInHJh8TRoBpRpNEs+bAsfdNuJkEQAAAMEA+xxWvMfUG82ZEjRIxLIzVuEB1OihiVhN
|
||||
IHYxYpz5qrqbva+fCNIKGZypqhbtf6pJUvOD1rS8OyzBUZYhPryUGRuiabMggK+RrfK0st
|
||||
+fHCYbquigYgLJoODF7RUTGEE/EaXR9gJdyETSXH6K+PzNUI4bytOdgorxNnKxB6jnyNeZ
|
||||
t2hY8ruoZe+I94E2Elmq9IQ9xG2UZtlZ8PviJT1Llr54p7AWmD00O6mczf95XNE7bo/ykH
|
||||
as6fPnAPSssVu3AAAAGnZiYXJiYUBNYWNCb29rLVByby0yLmxvY2Fs
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
|
@ -1 +0,0 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD5xWOBepDmo//7Yne66cpTrzX5zViiGMFYtejKCXP4Yj0w0OhZzPWzS/wZfUCAxTh9OQdy5AK8Yu86I6A0VhYoYqFe++nw+VdrqqAMg5brZCDULpXF3BQy7dDMeVVH93EJSu2Vgv3aWPpRFfNK0JKm+IEqerMYwmK2XDIjYK2sRkhGViTMb1AvKkVD412Mjd1DfzjyDqA7CQieKP4tHfHoy+Q45l5fJz6OzhhHvBaTM6L8oesln7PC4mpMPZ3/C8NHcSLJ96AMOKLLLb2vJdbLYsJvn4WZfHMP+I70uKjQQ/z7h+KDDr2MfYtk/8Aif27uc6zu7pldDnpOKOAXtSlTCuDtWx86bV+MLfeB14zACQ4sDyg5NWVphbdludZgZnoEdFXzKGiFoHtc3cdzmMNbrLh+ubD5WTw6bRuLpIpM+qfzXY18gZKTEVn2dDlnjQ+0WH+pf0wlDIjrILBEYW1oBEb/yaK2egIKUvjuRpgd6kzLi1KB8rNMWvnvm1Eokyc= vbarba@MacBook-Pro-2.local
|
||||
|
|
@ -2,6 +2,7 @@ apiVersion: argoproj.io/v1alpha1
|
|||
kind: Application
|
||||
metadata:
|
||||
name: applications
|
||||
namespace: argocd
|
||||
spec:
|
||||
destination:
|
||||
name: ''
|
||||
|
|
@ -12,3 +13,13 @@ spec:
|
|||
repoURL: 'git@bitbucket.org:jamkazam/video-iac.git'
|
||||
targetRevision: HEAD
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
allowEmpty: false
|
||||
retry:
|
||||
limit: 5
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m
|
||||
|
|
@ -13,6 +13,6 @@ spec:
|
|||
source:
|
||||
path: ''
|
||||
repoURL: 'https://kubernetes.github.io/ingress-nginx'
|
||||
targetRevision: 1.0.4
|
||||
# targetRevision: 1.0.4
|
||||
chart: ingress-nginx
|
||||
project: default
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: argocd
|
||||
resources:
|
||||
- https://github.com/argoproj/argo-cd/manifests/namespace-install?ref=stable
|
||||
# - https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
|
||||
- ingress.yaml
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ spec:
|
|||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
# Secret resource that will be used to store the account's private key.
|
||||
name: issuer-account-key
|
||||
name: haproxy-issuer-account-key
|
||||
# Add a single challenge solver, HTTP01 using nginx
|
||||
solvers:
|
||||
- http01:
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ spec:
|
|||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
# Secret resource that will be used to store the account's private key.
|
||||
name: issuer-account-key
|
||||
name: nginx-issuer-account-key
|
||||
# Add a single challenge solver, HTTP01 using nginx
|
||||
solvers:
|
||||
- http01:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,23 @@
|
|||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/gavinbunney/kubectl" {
|
||||
version = "1.13.0"
|
||||
constraints = ">= 1.7.0"
|
||||
hashes = [
|
||||
"h1:rL7qqvUpmTiaZDi0b+GQC8mUMpme+RfRfWFzLsp3F0Q=",
|
||||
"zh:088c99d7e079ba2be3abe1d5c5b2070eff85256178467783af125d11026f08b6",
|
||||
"zh:0d3fa3bfb4768dd39e2f3af4d85e69fdb8f6abcbe92fece37fc78a97dedd7dc1",
|
||||
"zh:227d9fb591a0cdcd482410b88c6d91f17922a85fb9caef9b73c2883f6964b483",
|
||||
"zh:607bff8e6e03ae2b4d523c21377fa655d370cc8310812310ae61b409e7c271d5",
|
||||
"zh:621d46414e23d5a7cfb1ba25275f1cac1fba78be5c1512f0a0614752425411cc",
|
||||
"zh:76aace9adb7dc9c10abcc52b31947821335b60b7b335b485bd05f20a91debd63",
|
||||
"zh:a9ff1f7c676d89cacd64605ad899749dd718f65cb879fabba8e15fcfd0a07629",
|
||||
"zh:b122fa06ad1978ec3092cce48f16456aa820bf5786a101a8378323659ed11db3",
|
||||
"zh:fcf5ad18fafe717739c5d40d8c4e4a70e123cf4296efc7286f9d98e3c42e410f",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/aws" {
|
||||
version = "3.63.0"
|
||||
hashes = [
|
||||
|
|
@ -19,6 +36,24 @@ provider "registry.terraform.io/hashicorp/aws" {
|
|||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/http" {
|
||||
version = "2.1.0"
|
||||
hashes = [
|
||||
"h1:GYoVrTtiSAE3AlP1fad3fFmHoPaXAPhm/DJyMcVCwZA=",
|
||||
"zh:03d82dc0887d755b8406697b1d27506bc9f86f93b3e9b4d26e0679d96b802826",
|
||||
"zh:0704d02926393ddc0cfad0b87c3d51eafeeae5f9e27cc71e193c141079244a22",
|
||||
"zh:095ea350ea94973e043dad2394f10bca4a4bf41be775ba59d19961d39141d150",
|
||||
"zh:0b71ac44e87d6964ace82979fc3cbb09eb876ed8f954449481bcaa969ba29cb7",
|
||||
"zh:0e255a170db598bd1142c396cefc59712ad6d4e1b0e08a840356a371e7b73bc4",
|
||||
"zh:67c8091cfad226218c472c04881edf236db8f2dc149dc5ada878a1cd3c1de171",
|
||||
"zh:75df05e25d14b5101d4bc6624ac4a01bb17af0263c9e8a740e739f8938b86ee3",
|
||||
"zh:b4e36b2c4f33fdc44bf55fa1c9bb6864b5b77822f444bd56f0be7e9476674d0e",
|
||||
"zh:b9b36b01d2ec4771838743517bc5f24ea27976634987c6d5529ac4223e44365d",
|
||||
"zh:ca264a916e42e221fddb98d640148b12e42116046454b39ede99a77fc52f59f4",
|
||||
"zh:fe373b2fb2cc94777a91ecd7ac5372e699748c455f44f6ea27e494de9e5e6f92",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/kubernetes" {
|
||||
version = "2.6.1"
|
||||
hashes = [
|
||||
|
|
@ -37,6 +72,24 @@ provider "registry.terraform.io/hashicorp/kubernetes" {
|
|||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/local" {
|
||||
version = "2.1.0"
|
||||
hashes = [
|
||||
"h1:KfieWtVyGWwplSoLIB5usKAUnrIkDQBkWaR5TI+4WYg=",
|
||||
"zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2",
|
||||
"zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab",
|
||||
"zh:6db9db2a1819e77b1642ec3b5e95042b202aee8151a0256d289f2e141bf3ceb3",
|
||||
"zh:719dfd97bb9ddce99f7d741260b8ece2682b363735c764cac83303f02386075a",
|
||||
"zh:7598bb86e0378fd97eaa04638c1a4c75f960f62f69d3662e6d80ffa5a89847fe",
|
||||
"zh:ad0a188b52517fec9eca393f1e2c9daea362b33ae2eb38a857b6b09949a727c1",
|
||||
"zh:c46846c8df66a13fee6eff7dc5d528a7f868ae0dcf92d79deaac73cc297ed20c",
|
||||
"zh:dc1a20a2eec12095d04bf6da5321f535351a594a636912361db20eb2a707ccc4",
|
||||
"zh:e57ab4771a9d999401f6badd8b018558357d3cbdf3d33cc0c4f83e818ca8e94b",
|
||||
"zh:ebdcde208072b4b0f8d305ebf2bfdc62c926e0717599dcf8ec2fd8c5845031c3",
|
||||
"zh:ef34c52b68933bedd0868a13ccfd59ff1c820f299760b3c02e008dc95e2ece91",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/linode/linode" {
|
||||
version = "1.18.0"
|
||||
hashes = [
|
||||
|
|
|
|||
|
|
@ -1,42 +0,0 @@
|
|||
|
||||
provider "aws" {
|
||||
region = "us-east-1"
|
||||
}
|
||||
resource "aws_iam_user" "lke-external-dns" {
|
||||
name = "lke-external-dns"
|
||||
}
|
||||
|
||||
resource "aws_iam_access_key" "lke-external-dns" {
|
||||
user = aws_iam_user.lke-external-dns.name
|
||||
}
|
||||
|
||||
resource "aws_iam_user_policy" "lke-external-dns" {
|
||||
name = "route-53"
|
||||
user = aws_iam_user.lke-external-dns.name
|
||||
policy = <<EOF
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"route53:ChangeResourceRecordSets"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:route53:::hostedzone/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"route53:ListHostedZones",
|
||||
"route53:ListResourceRecordSets"
|
||||
],
|
||||
"Resource": [
|
||||
"*"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
|
@ -1,9 +1,12 @@
|
|||
|
||||
|
||||
resource "linode_lke_cluster" "stg-video-cluster" {
|
||||
label = "stg-video-cluster"
|
||||
k8s_version = "1.21"
|
||||
region = "us-central"
|
||||
tags = ["staging"]
|
||||
|
||||
# Services
|
||||
pool {
|
||||
type = "g6-standard-2"
|
||||
count = 1
|
||||
|
|
@ -22,31 +25,13 @@ resource "linode_lke_cluster" "stg-video-cluster" {
|
|||
|
||||
}
|
||||
|
||||
resource "local_file" "kubeconfig" {
|
||||
filename = "stg-kubeconfig.yaml"
|
||||
content = base64decode(linode_lke_cluster.stg-video-cluster.kubeconfig)
|
||||
}
|
||||
|
||||
provider "kubernetes" {
|
||||
config_path = "../k8s/stg-video-cluster-kubeconfig.yaml"
|
||||
alias = "cluster-staging"
|
||||
}
|
||||
|
||||
resource "kubernetes_namespace" "external-dns" {
|
||||
metadata {
|
||||
name = "external-dns"
|
||||
}
|
||||
provider = kubernetes.cluster-staging
|
||||
}
|
||||
|
||||
resource "kubernetes_secret" "aws_user_external_dns" {
|
||||
metadata {
|
||||
name = "aws-user-external-dns"
|
||||
namespace = "external-dns"
|
||||
}
|
||||
|
||||
data = {
|
||||
username = aws_iam_access_key.lke-external-dns.id
|
||||
password = aws_iam_access_key.lke-external-dns.secret
|
||||
}
|
||||
|
||||
type = "kubernetes.io/basic-auth"
|
||||
provider = kubernetes.cluster-staging
|
||||
config_path = local_file.kubeconfig.filename
|
||||
}
|
||||
|
||||
resource "linode_lke_cluster" "prd-video-cluster" {
|
||||
|
|
|
|||
|
|
@ -18,5 +18,6 @@ provider "linode" {
|
|||
|
||||
}
|
||||
|
||||
|
||||
|
||||
provider "aws" {
|
||||
region = "us-east-1"
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue