Upgrade to nginx ingress
Use new nginx ingress. Don't use .gitlab-ci for now until vault integration makes sense.
This commit is contained in:
ducoterra
@@ -1,34 +1,34 @@
|
|||||||
variables:
|
# variables:
|
||||||
CI_PROJECT_DIR: "."
|
# CI_PROJECT_DIR: "."
|
||||||
CI_REGISTRY_IMAGE: hub.ducoterra.net/ducoterra/python-docs-2020
|
# CI_REGISTRY_IMAGE: hub.ducoterra.net/ducoterra/python-docs-2020
|
||||||
DEPLOY: pythondocs2020
|
# DEPLOY: pythondocs2020
|
||||||
|
|
||||||
stages:
|
# stages:
|
||||||
- build
|
# - build
|
||||||
- deploy
|
# - deploy
|
||||||
|
|
||||||
build:
|
# build:
|
||||||
only:
|
# only:
|
||||||
variables:
|
# variables:
|
||||||
- $CI_COMMIT_TAG
|
# - $CI_COMMIT_TAG
|
||||||
stage: build
|
# stage: build
|
||||||
image:
|
# image:
|
||||||
name: gcr.io/kaniko-project/executor:debug
|
# name: gcr.io/kaniko-project/executor:debug
|
||||||
entrypoint: [""]
|
# entrypoint: [""]
|
||||||
script:
|
# script:
|
||||||
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
|
# - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
|
||||||
|
|
||||||
deploy:
|
# deploy:
|
||||||
stage: deploy
|
# stage: deploy
|
||||||
only:
|
# only:
|
||||||
variables:
|
# variables:
|
||||||
- $CI_COMMIT_TAG
|
# - $CI_COMMIT_TAG
|
||||||
image:
|
# image:
|
||||||
name: debian:10
|
# name: debian:10
|
||||||
entrypoint: [""]
|
# entrypoint: [""]
|
||||||
script:
|
# script:
|
||||||
- apt -qq update >> /dev/null && apt -qq install -y curl gettext >> /dev/null
|
# - apt -qq update >> /dev/null && apt -qq install -y curl gettext >> /dev/null
|
||||||
- curl -o /usr/bin/kubectl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
|
# - curl -o /usr/bin/kubectl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
|
||||||
- chmod +x /usr/bin/kubectl
|
# - chmod +x /usr/bin/kubectl
|
||||||
- curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
|
# - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
|
||||||
- helm upgrade --install $DEPLOY ./helm --set image=$CI_REGISTRY_IMAGE --set tag=$CI_COMMIT_TAG
|
# - helm upgrade --install $DEPLOY ./helm --set image=$CI_REGISTRY_IMAGE --set tag=$CI_COMMIT_TAG
|
||||||
|
|||||||
@@ -1,53 +1,36 @@
|
|||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: IngressRoute
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ .Release.Name }}-tls
|
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: traefik
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||||
spec:
|
kubernetes.io/ingress.class: nginx
|
||||||
entryPoints:
|
|
||||||
- websecure
|
|
||||||
tls:
|
|
||||||
certResolver: duconet
|
|
||||||
routes:
|
|
||||||
- match: Host(`{{ .Release.Name }}.ducoterra.net`)
|
|
||||||
kind: Rule
|
|
||||||
services:
|
|
||||||
- name: {{ .Release.Name }}
|
|
||||||
port: {{ .Values.port }}
|
|
||||||
---
|
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
|
||||||
kind: IngressRoute
|
|
||||||
metadata:
|
|
||||||
name: {{ .Release.Name }}
|
name: {{ .Release.Name }}
|
||||||
annotations:
|
|
||||||
kubernetes.io/ingress.class: traefik
|
|
||||||
spec:
|
spec:
|
||||||
entryPoints:
|
rules:
|
||||||
- web
|
- host: {{ .Release.Name }}.ducoterra.net
|
||||||
routes:
|
http:
|
||||||
- match: Host(`{{ .Release.Name }}.ducoterra.net`)
|
paths:
|
||||||
kind: Rule
|
- backend:
|
||||||
services:
|
service:
|
||||||
- name: {{ .Release.Name }}
|
name: {{ .Release.Name }}
|
||||||
port: {{ .Values.port }}
|
port:
|
||||||
middlewares:
|
number: {{ .Values.port }}
|
||||||
- name: httpsredirect-{{ .Release.Name }}
|
path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- {{ .Release.Name }}.ducoterra.net
|
||||||
|
secretName: {{.Release.Name}}-tls-cert
|
||||||
---
|
---
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: Middleware
|
kind: Certificate
|
||||||
metadata:
|
metadata:
|
||||||
name: httpsredirect-{{ .Release.Name }}
|
name: {{.Release.Name}}.ducoterra.net
|
||||||
spec:
|
spec:
|
||||||
redirectScheme:
|
secretName: {{.Release.Name}}-tls-cert
|
||||||
scheme: https
|
issuerRef:
|
||||||
permanent: true
|
name: letsencrypt-prod
|
||||||
---
|
kind: ClusterIssuer
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
commonName: {{.Release.Name}}.ducoterra.net
|
||||||
kind: Middleware
|
dnsNames:
|
||||||
metadata:
|
- {{.Release.Name}}.ducoterra.net
|
||||||
name: basic-auth-{{ .Release.Name }}
|
|
||||||
spec:
|
|
||||||
basicAuth:
|
|
||||||
secret: authsecret
|
|
||||||
removeHeader: true
|
|
||||||
|
|||||||
Reference in New Issue
Block a user