From 1f6f15d961746d14d85e714725dee745f62afd3d Mon Sep 17 00:00:00 2001 From: baschno Date: Sat, 21 Dec 2024 22:08:27 +0100 Subject: [PATCH] update --- traefik_lempa/cert-manager-cluster-issuer.yaml | 16 ++++++++++++++++ traefik_lempa/cert-manager-issuer-secret.yaml | 8 ++++++++ traefik_lempa/cert-manager-values.yaml | 6 ++++++ traefik_lempa/nginx-certificate.yaml | 12 ++++++++++++ traefik_lempa/nginx-ingress.yaml | 4 ++++ traefik_lempa/traefik-values.yaml | 5 +++++ 6 files changed, 51 insertions(+) create mode 100644 traefik_lempa/cert-manager-cluster-issuer.yaml create mode 100644 traefik_lempa/cert-manager-issuer-secret.yaml create mode 100644 traefik_lempa/cert-manager-values.yaml create mode 100644 traefik_lempa/nginx-certificate.yaml diff --git a/traefik_lempa/cert-manager-cluster-issuer.yaml b/traefik_lempa/cert-manager-cluster-issuer.yaml new file mode 100644 index 0000000..d6f18c9 --- /dev/null +++ b/traefik_lempa/cert-manager-cluster-issuer.yaml @@ -0,0 +1,16 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: cloudflare-cluster-issuer +spec: + acme: + email: cloudflare@schnorbus.net + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: cloudflare-acme-key + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api-token-secret + key: api-token \ No newline at end of file diff --git a/traefik_lempa/cert-manager-issuer-secret.yaml b/traefik_lempa/cert-manager-issuer-secret.yaml new file mode 100644 index 0000000..0421077 --- /dev/null +++ b/traefik_lempa/cert-manager-issuer-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare-api-token-secret + namespace: cert-manager +type: Opaque +data: + api-token: UDk2TXk0dWlIdWRadGlDMnltalNHUTAxNzRDb1JCbkk5enRtQTBXaA== \ No newline at end of file diff --git a/traefik_lempa/cert-manager-values.yaml b/traefik_lempa/cert-manager-values.yaml new file mode 100644 index 0000000..39838fa --- /dev/null +++ b/traefik_lempa/cert-manager-values.yaml @@ -0,0 +1,6 @@ +namespace: "cert-manager" +crds: + enabled: true +extraArgs: + - --dns01-recursive-nameservers-only + - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53 \ No newline at end of file diff --git a/traefik_lempa/nginx-certificate.yaml b/traefik_lempa/nginx-certificate.yaml new file mode 100644 index 0000000..8d94434 --- /dev/null +++ b/traefik_lempa/nginx-certificate.yaml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nginx-ingress-certificate + namespace: test +spec: + secretName: nginx-certificate-secret + issuerRef: + name: cloudflare-cluster-issuer + kind: ClusterIssuer + dnsNames: + - nginx.k8s.internal.schnrbs.work \ No newline at end of file diff --git a/traefik_lempa/nginx-ingress.yaml b/traefik_lempa/nginx-ingress.yaml index 8ab08bf..9360aca 100644 --- a/traefik_lempa/nginx-ingress.yaml +++ b/traefik_lempa/nginx-ingress.yaml @@ -17,3 +17,7 @@ spec: name: nginx port: number: 80 + tls: + - hosts: + - nginx.k8s.internal.schnrbs.work + secretName: nginx-certificate-secret diff --git a/traefik_lempa/traefik-values.yaml b/traefik_lempa/traefik-values.yaml index e691287..027a739 100644 --- a/traefik_lempa/traefik-values.yaml +++ b/traefik_lempa/traefik-values.yaml @@ -2,4 +2,9 @@ ports: web: redirectTo: port: websecure +ingressRoute: + dashboard: + enabled: true + entryPoints: [web, websecure] + matchRule: Host(`traefik-dashboard.k8s.internal.schnrbs.work`) \ No newline at end of file