add ingress nginx

2021-10-30 19:05:05 +02:00 · 2021-10-30 19:05:05 +02:00 · c91e74a2a0
parent 1d8d2cf7d1
commit c91e74a2a0
7 changed files with 51 additions and 7 deletions
--- a/k8s/applications/ingress-nginx.yaml
+++ b/k8s/applications/ingress-nginx.yaml
@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ingress-nginx
+spec:
+  syncPolicy:
+    syncOptions:
+    - CreateNamespace=true 
+  destination:
+    name: ''
+    namespace: ingress-nginx
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: ''
+    repoURL: 'https://kubernetes.github.io/ingress-nginx'
+    targetRevision: 1.0.4
+    chart: ingress-nginx
+  project: default
--- a/k8s/applications/kustomization.yaml
+++ b/k8s/applications/kustomization.yaml
@ -9,4 +9,5 @@ resources:
  - cert-manager.yaml
  - metrics-server.yaml
  - applications.yaml
-  - external-dns.yaml
+  - external-dns.yaml
+  - ingress-nginx.yaml
--- a/k8s/argocd/base/ingress.yaml
+++ b/k8s/argocd/base/ingress.yaml
@ -4,10 +4,14 @@ metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    kubernetes.io/ingress.class: haproxy
+    cert-manager.io/cluster-issuer: letsencrypt-nginx-production
+    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
-    haproxy-ingress.github.io/backend-protocol: "h1-ssl"
+    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    # If you encounter a redirect loop or are getting a 307 response code 
+    # then you need to force the nginx ingress to connect to the backend using HTTPS.
+    #
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
 spec:
  rules:
  - host: example.com
--- a/k8s/argocd/base/kustomization.yaml
+++ b/k8s/argocd/base/kustomization.yaml
@ -3,5 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

 resources:
-  - https://github.com/argoproj/argo-cd/manifests/namespace-install?ref=stable
+#  - https://github.com/argoproj/argo-cd/manifests/namespace-install?ref=stable
  - ingress.yaml
--- a/k8s/cert-manager/cluster-issuer-production.yaml
+++ b/k8s/cert-manager/cluster-issuer-production.yaml
@ -1,7 +1,7 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-production
+  name: letsencrypt-haproxy-production
 spec:
  acme:
    # You must replace this email address with your own.
--- a/k8s/cert-manager/cluster-issuer-nginx.yaml
+++ b/k8s/cert-manager/cluster-issuer-nginx.yaml
@ -0,0 +1,20 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-nginx-production
+spec:
+  acme:
+    # You must replace this email address with your own.
+    # Let's Encrypt will use this to contact you about expiring
+    # certificates, and issues related to your account.
+    email: victor.barba.martin@toptal.com
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource that will be used to store the account's private key.
+      name: issuer-account-key
+    # Add a single challenge solver, HTTP01 using nginx
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
+
--- a/k8s/cert-manager/kustomization.yaml
+++ b/k8s/cert-manager/kustomization.yaml
@ -4,4 +4,5 @@ kind: Kustomization

 resources:
  - https://github.com/jetstack/cert-manager/releases/download/v1.6.0/cert-manager.yaml
-  - cluster-issuer-production.yaml
+  - cluster-issuer-haproxy.yaml
+  - cluster-issuer-nginx.yaml