From: Adam A.G. Shamblin <adam@vexingworkshop.com>
Date: Sun, 14 Feb 2021 08:14:23 +0000 (-0700)
Subject: Add cert manager, move to ingress, WIP, breaks
X-Git-Url: https://git.vexinglabs.com/?a=commitdiff_plain;h=3f703a4d7b9188f0b3b88702ee5cca67e61ada30;p=letters.git

Add cert manager, move to ingress, WIP, breaks
---

diff --git a/charts/letters/templates/.gitignore b/charts/letters/templates/.gitignore
new file mode 100644
index 0000000..4a424df
--- /dev/null
+++ b/charts/letters/templates/.gitignore
@@ -0,0 +1 @@
+secret.yaml
diff --git a/charts/letters/templates/acme-issuer.yaml b/charts/letters/templates/acme-issuer.yaml
new file mode 100644
index 0000000..78090d5
--- /dev/null
+++ b/charts/letters/templates/acme-issuer.yaml
@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: acme-prod
+spec:
+  acme:
+    email: adam.shamblin@zeroecks.com
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+      - dns01:
+          digitalocean:
+            tokenSecretRef:
+              name: digitalocean-dns
+              key: access-token
diff --git a/charts/letters/templates/ingress.yaml b/charts/letters/templates/ingress.yaml
new file mode 100644
index 0000000..247dbdf
--- /dev/null
+++ b/charts/letters/templates/ingress.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "letters.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "letters.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+          {{- end }}
+    {{- end }}
+  {{- end }}
diff --git a/charts/letters/templates/service.yaml b/charts/letters/templates/service.yaml
index 3565bb0..3e778ed 100644
--- a/charts/letters/templates/service.yaml
+++ b/charts/letters/templates/service.yaml
@@ -4,18 +4,12 @@ metadata:
   name: {{ include "letters.fullname" . }}
   labels:
     {{- include "letters.labels" . | nindent 4 }}
-  annotations:
-    {{- range $key, $val := .Values.service.annotations }}
-    {{ $key }}: {{ $val | quote }}
-    {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
-    {{- range .Values.service.ports }}
-    - name: {{ .name }}
-      protocol: {{ .protocol }}
-      port: {{ .port }}
-      targetPort: {{ .targetPort }}
-    {{- end }}
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
   selector:
     {{- include "letters.selectorLabels" . | nindent 4 }}
diff --git a/charts/letters/values.yaml b/charts/letters/values.yaml
index 142b4e1..52967fc 100644
--- a/charts/letters/values.yaml
+++ b/charts/letters/values.yaml
@@ -23,42 +23,24 @@ serviceAccount:
   name: ""
 
 service:
-  type: LoadBalancer
-  annotations:
-    service.beta.kubernetes.io/do-loadbalancer-algorithm: "least_connections"
-    service.beta.kubernetes.io/do-loadbalancer-healthcheck-protocol: "http"
-    service.beta.kubernetes.io/do-loadbalancer-healthcheck-path: "/"
-    service.beta.kubernetes.io/do-loadbalancer-healthcheck-check-interval-seconds: "3"
-    service.beta.kubernetes.io/do-loadbalancer-healthcheck-response-timeout-seconds: "5"
-    service.beta.kubernetes.io/do-loadbalancer-healthcheck-unhealthy-threshold: "3"
-    service.beta.kubernetes.io/do-loadbalancer-healthcheck-healthy-threshold: "5"
-    service.beta.kubernetes.io/do-loadbalancer-protocol: "http"
-    service.beta.kubernetes.io/do-loadbalancer-algorithm: "round_robin"
-    service.beta.kubernetes.io/do-loadbalancer-certificate-id: "28d85d51-a9dd-441b-8f23-299847e1eb85"
-    service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true"
-  ports:
-    - name: http
-      protocol: TCP
-      port: 80
-      targetPort: 80
-    - name: https
-      protocol: TCP
-      port: 443
-      targetPort: 80
+  type: ClusterIP
+  port: 80
 
 
 ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: "acme-prod"
   hosts:
-    - host: chart-example.local
-      paths: []
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
+    - host: letters.vexingworkshop.com
+      paths:
+        - path: /
+  tls:
+    - hosts:
+      - letters.vexingworkshop.com
+      secretName: vexing-tls
+
 
 resources: {}
 
@@ -67,7 +49,6 @@ autoscaling:
   minReplicas: 1
   maxReplicas: 100
   targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
 
 nodeSelector: {}