diff --git a/k8s/applications/ingress-nginx.yaml b/k8s/applications/ingress-nginx.yaml new file mode 100644 index 0000000..a46de5a --- /dev/null +++ b/k8s/applications/ingress-nginx.yaml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ingress-nginx +spec: + syncPolicy: + syncOptions: + - CreateNamespace=true + destination: + name: '' + namespace: ingress-nginx + server: 'https://kubernetes.default.svc' + source: + path: '' + repoURL: 'https://kubernetes.github.io/ingress-nginx' + targetRevision: 1.0.4 + chart: ingress-nginx + project: default diff --git a/k8s/applications/kustomization.yaml b/k8s/applications/kustomization.yaml index 090a5c5..862ebbc 100644 --- a/k8s/applications/kustomization.yaml +++ b/k8s/applications/kustomization.yaml @@ -9,4 +9,5 @@ resources: - cert-manager.yaml - metrics-server.yaml - applications.yaml - - external-dns.yaml \ No newline at end of file + - external-dns.yaml + - ingress-nginx.yaml \ No newline at end of file diff --git a/k8s/argocd/base/ingress.yaml b/k8s/argocd/base/ingress.yaml index 6e835f2..155b471 100644 --- a/k8s/argocd/base/ingress.yaml +++ b/k8s/argocd/base/ingress.yaml @@ -4,10 +4,14 @@ metadata: name: argocd-server-ingress namespace: argocd annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - kubernetes.io/ingress.class: haproxy + cert-manager.io/cluster-issuer: letsencrypt-nginx-production + kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" - haproxy-ingress.github.io/backend-protocol: "h1-ssl" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # If you encounter a redirect loop or are getting a 307 response code + # then you need to force the nginx ingress to connect to the backend using HTTPS. + # + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" spec: rules: - host: example.com diff --git a/k8s/argocd/base/kustomization.yaml b/k8s/argocd/base/kustomization.yaml index 4150f56..483e9b3 100644 --- a/k8s/argocd/base/kustomization.yaml +++ b/k8s/argocd/base/kustomization.yaml @@ -3,5 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - https://github.com/argoproj/argo-cd/manifests/namespace-install?ref=stable +# - https://github.com/argoproj/argo-cd/manifests/namespace-install?ref=stable - ingress.yaml diff --git a/k8s/cert-manager/cluster-issuer-production.yaml b/k8s/cert-manager/cluster-issuer-haproxy.yaml similarity index 94% rename from k8s/cert-manager/cluster-issuer-production.yaml rename to k8s/cert-manager/cluster-issuer-haproxy.yaml index 7764f2f..03df4f4 100644 --- a/k8s/cert-manager/cluster-issuer-production.yaml +++ b/k8s/cert-manager/cluster-issuer-haproxy.yaml @@ -1,7 +1,7 @@ apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: - name: letsencrypt-production + name: letsencrypt-haproxy-production spec: acme: # You must replace this email address with your own. diff --git a/k8s/cert-manager/cluster-issuer-nginx.yaml b/k8s/cert-manager/cluster-issuer-nginx.yaml new file mode 100644 index 0000000..ccd1944 --- /dev/null +++ b/k8s/cert-manager/cluster-issuer-nginx.yaml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-nginx-production +spec: + acme: + # You must replace this email address with your own. + # Let's Encrypt will use this to contact you about expiring + # certificates, and issues related to your account. + email: victor.barba.martin@toptal.com + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + # Secret resource that will be used to store the account's private key. + name: issuer-account-key + # Add a single challenge solver, HTTP01 using nginx + solvers: + - http01: + ingress: + class: nginx + diff --git a/k8s/cert-manager/kustomization.yaml b/k8s/cert-manager/kustomization.yaml index e1a1683..06f62ff 100644 --- a/k8s/cert-manager/kustomization.yaml +++ b/k8s/cert-manager/kustomization.yaml @@ -4,4 +4,5 @@ kind: Kustomization resources: - https://github.com/jetstack/cert-manager/releases/download/v1.6.0/cert-manager.yaml - - cluster-issuer-production.yaml \ No newline at end of file + - cluster-issuer-haproxy.yaml + - cluster-issuer-nginx.yaml \ No newline at end of file