Upgrade to nginx ingress

Use new nginx ingress. Don't use .gitlab-ci for now until vault integration makes sense.
2021-05-20 15:00:17 -04:00
parent aef6a98f98
commit 31aef36ffd
3 changed files with 61 additions and 77 deletions
--- a/helm/templates/ingress.yaml
+++ b/helm/templates/ingress.yaml
@@ -1,53 +1,36 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
+apiVersion: networking.k8s.io/v1
+kind: Ingress
 metadata:
-  name: {{ .Release.Name }}-tls
  annotations:
-    kubernetes.io/ingress.class: traefik
-spec:
-  entryPoints:
-    - websecure
-  tls:
-    certResolver: duconet
-  routes:
-  - match: Host(`{{ .Release.Name }}.ducoterra.net`)
-    kind: Rule
-    services:
-    - name: {{ .Release.Name }}
-      port: {{ .Values.port }}
---
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    kubernetes.io/ingress.class: nginx
  name: {{ .Release.Name }}
-  annotations:
-    kubernetes.io/ingress.class: traefik
 spec:
-  entryPoints:
-    - web
-  routes:
-  - match: Host(`{{ .Release.Name }}.ducoterra.net`)
-    kind: Rule
-    services:
-    - name: {{ .Release.Name }}
-      port: {{ .Values.port }}
-    middlewares:
-      - name: httpsredirect-{{ .Release.Name }}
+  rules:
+  - host: {{ .Release.Name }}.ducoterra.net
+    http:
+      paths:
+      - backend:
+          service:
+            name: {{ .Release.Name }}
+            port:
+              number: {{ .Values.port }}
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - {{ .Release.Name }}.ducoterra.net
+    secretName: {{.Release.Name}}-tls-cert
 ---
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
+apiVersion: cert-manager.io/v1
+kind: Certificate
 metadata:
-  name: httpsredirect-{{ .Release.Name }}
+  name: {{.Release.Name}}.ducoterra.net
 spec:
-  redirectScheme:
-    scheme: https
-    permanent: true
---
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: basic-auth-{{ .Release.Name }}
-spec:
-  basicAuth:
-    secret: authsecret
-    removeHeader: true
+  secretName: {{.Release.Name}}-tls-cert
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  commonName: {{.Release.Name}}.ducoterra.net
+  dnsNames:
+  - {{.Release.Name}}.ducoterra.net