issue #1: Added vault to manage secrets

ai-cfia · Jan 3, 2024 · 2c8d565 · 2c8d565
1 parent 6fc5018
commit 2c8d565
Show file tree

Hide file tree

Showing 20 changed files with 1,525 additions and 15 deletions.
diff --git a/kubernetes/apps/demo/nginx-deployment.yml b/kubernetes/apps/demo/nginx-deployment.yml
@@ -29,7 +29,7 @@ spec:
 
 ---
 apiVersion: v1
-kind: Service
+kind: Service 
 metadata:
   name: nginx
   namespace: nginx
@@ -48,15 +48,15 @@ metadata:
   name: nginx-ingress
   namespace: nginx
   annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-prod
+    cert-manager.io/cluster-issuer: letsencrypt-http
     ingress.kubernetes.io/force-ssl-redirect: "true"
     kubernetes.io/tls-acme: "true"
 spec:
   ingressClassName: nginx
   tls:
   - hosts:
     - nginx.ninebasetwo.xyz
-    secretName: nginx-tls
+    secretName: aciacfia-tls
   rules:
   - host: nginx.ninebasetwo.xyz
     http:
@@ -67,4 +67,22 @@ spec:
           service:
             name: nginx
             port:
-              number: 80
+              number: 80
+
+# ---
+# apiVersion: gateway.networking.k8s.io/v1beta1
+# kind: HTTPRoute
+# metadata:
+#   name: nginx-http-route
+#   namespace: nginx
+# spec:
+#   parentRefs:
+#   - name: gateway-gke-l7-rilb
+#   rules:
+#   - matches:
+#     - path:
+#         type: PathPrefix
+#         value: "/"
+#     backendRefs:
+#     - name: nginx
+#       port: 80
diff --git a/kubernetes/apps/nachet/nachet-deployment.yml b/kubernetes/apps/nachet/nachet-deployment.yml
@@ -0,0 +1,70 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nachet
+  labels:
+    name: nachet
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nachet-deployment
+  namespace: nachet
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80
+
+---
+apiVersion: v1
+kind: Service 
+metadata:
+  name: nachet
+  namespace: nachet
+spec:
+  clusterIP: None
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      port: 80
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nachet-ingress
+  namespace: nachet
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-http
+    ingress.kubernetes.io/force-ssl-redirect: "true"
+    kubernetes.io/tls-acme: "true"
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - nachet.ninebasetwo.xyz
+    secretName: aciacfia-tls
+  rules:
+  - host: nachet.ninebasetwo.xyz
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx
+            port:
+              number: 80
diff --git a/kubernetes/system/cert-manager/issuer.yml b/kubernetes/system/cert-manager/issuer.yml
@@ -1,11 +1,11 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-prod
+  name: letsencrypt-http
 spec:
   acme:
     server: https://acme-v02.api.letsencrypt.org/directory
-    email: [email protected]
+    email: [email protected]
     privateKeySecretRef:
       name: letsencrypt-private-key
     solvers:

diff --git a/kubernetes/system/vault/namespace.yml b/kubernetes/system/vault/namespace.yml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: vault
+  labels:
+    name: vault
+