Adding secrets for registry
This commit is contained in:
Moritz Graf
parent
881c05ca1f
commit
3bd9b3e8e7
|
|
@ -19,7 +19,7 @@ kubectl get pods | grep Error | cut -d' ' -f 1 | xargs kubectl delete pod
|
|||
## namespaces
|
||||
|
||||
```sh
|
||||
namespaces="flux cert-manager nginx-ingress infrapuzzle kuard auth nextcloud datalab"
|
||||
namespaces="flux cert-manager nginx-ingress infrapuzzle kuard auth nextcloud datalab web development"
|
||||
for i in $( echo $NAMESPACES ) ; do
|
||||
k create ns $i
|
||||
done
|
||||
|
|
@ -96,6 +96,19 @@ Backup
|
|||
|
||||
*Current state:* Registry of hub.moritzgraf.de:5000 is used.
|
||||
|
||||
```sh
|
||||
# create secret base64 encoded
|
||||
USER="moritz"
|
||||
PASSWORD="password"
|
||||
docker run --entrypoint htpasswd --rm registry:2 -Bbn admin admin123 | base64
|
||||
# use the output and put it in development/registry.secret.yaml
|
||||
kubectl apply -f development/registry.yaml
|
||||
|
||||
```
|
||||
|
||||
|
||||
### after
|
||||
|
||||
Create credentials secret [according to docu](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line):
|
||||
|
||||
```sh
|
||||
|
|
@ -118,6 +131,11 @@ done
|
|||
## Add mopbot & corona & corona-api
|
||||
|
||||
```sh
|
||||
kubectl apply -f datalab/mopbot.yaml
|
||||
kubectl apply -f datalab/corona-api.yaml
|
||||
kubectl apply -f datalab/
|
||||
```
|
||||
|
||||
## Web
|
||||
|
||||
```sh
|
||||
kubectl apply -f web/
|
||||
```
|
||||
|
|
@ -1,41 +1,41 @@
|
|||
# status: began to implement, but did not complete
|
||||
# note: psql seems not to be part of the chart itself
|
||||
# # status: began to implement, but did not complete
|
||||
# # note: psql seems not to be part of the chart itself
|
||||
|
||||
apiVersion: helm.fluxcd.io/v1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: helm-gitlab
|
||||
namespace: flux
|
||||
spec:
|
||||
releaseName: gitlab
|
||||
targetNamespace: development
|
||||
chart:
|
||||
repository: https://charts.gitlab.io/
|
||||
version: xxx
|
||||
name: gitlab
|
||||
values:
|
||||
global:
|
||||
hosts:
|
||||
domain: haumdaucher.de
|
||||
ingress:
|
||||
enabled: true
|
||||
tls:
|
||||
enabled: true
|
||||
configureCertmanager: false
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
gitlab:
|
||||
unicorn:
|
||||
ingress:
|
||||
tls:
|
||||
secretName: gitlab-unicorn-ingress-tls
|
||||
registry:
|
||||
ingress:
|
||||
tls:
|
||||
secretName: registry-ingress-tls
|
||||
minio:
|
||||
ingress:
|
||||
tls:
|
||||
secretName: minio-ingress-tls
|
||||
# apiVersion: helm.fluxcd.io/v1
|
||||
# kind: HelmRelease
|
||||
# metadata:
|
||||
# name: helm-gitlab
|
||||
# namespace: flux
|
||||
# spec:
|
||||
# releaseName: gitlab
|
||||
# targetNamespace: development
|
||||
# chart:
|
||||
# repository: https://charts.gitlab.io/
|
||||
# version: xxx
|
||||
# name: gitlab
|
||||
# values:
|
||||
# global:
|
||||
# hosts:
|
||||
# domain: haumdaucher.de
|
||||
# ingress:
|
||||
# enabled: true
|
||||
# tls:
|
||||
# enabled: true
|
||||
# configureCertmanager: false
|
||||
# annotations:
|
||||
# cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
# gitlab:
|
||||
# unicorn:
|
||||
# ingress:
|
||||
# tls:
|
||||
# secretName: gitlab-unicorn-ingress-tls
|
||||
# registry:
|
||||
# ingress:
|
||||
# tls:
|
||||
# secretName: registry-ingress-tls
|
||||
# minio:
|
||||
# ingress:
|
||||
# tls:
|
||||
# secretName: minio-ingress-tls
|
||||
|
||||
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: registry
|
||||
namespace: development
|
||||
spec:
|
||||
secretName: registry-haumdaucher-de
|
||||
dnsNames:
|
||||
- registry.haumdaucher.de
|
||||
issuerRef:
|
||||
name: letsencrypt-prod
|
||||
kind: ClusterIssuer
|
||||
group: cert-manager.io
|
||||
|
|
@ -0,0 +1,67 @@
|
|||
#### Migrate at last
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# apiVersion: apps/v1
|
||||
# kind: Deployment
|
||||
# metadata:
|
||||
# name: moritzgrafde
|
||||
# labels:
|
||||
# app: moritzgrafde
|
||||
# namespace: web
|
||||
# spec:
|
||||
# selector:
|
||||
# matchLabels:
|
||||
# app: moritzgrafde
|
||||
# replicas: 1
|
||||
# template:
|
||||
# metadata:
|
||||
# labels:
|
||||
# app: moritzgrafde
|
||||
# spec:
|
||||
# imagePullSecrets:
|
||||
# - name: "hub-moritzgraf-de"
|
||||
# containers:
|
||||
# - image: hub.moritzgraf.de:5000/moritzgrafde:latest
|
||||
# imagePullPolicy: Always
|
||||
# name: moritzgrafde
|
||||
# ports:
|
||||
# - containerPort: 80
|
||||
|
||||
# ---
|
||||
# apiVersion: v1
|
||||
# kind: Service
|
||||
# metadata:
|
||||
# name: moritzgrafde
|
||||
# namespace: web
|
||||
# spec:
|
||||
# ports:
|
||||
# - port: 80
|
||||
# targetPort: 80
|
||||
# protocol: TCP
|
||||
# selector:
|
||||
# app: moritzgrafde
|
||||
# ---
|
||||
# apiVersion: extensions/v1beta1
|
||||
# kind: Ingress
|
||||
# metadata:
|
||||
# name: moritzgrafde
|
||||
# namespace: web
|
||||
# annotations:
|
||||
# kubernetes.io/ingress.class: "nginx"
|
||||
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
# cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
# spec:
|
||||
# tls:
|
||||
# - hosts:
|
||||
# - "moritzgraf.de"
|
||||
# secretName: corona-moritzgraf-de
|
||||
# rules:
|
||||
# - host: moritzgraf.de
|
||||
# http:
|
||||
# paths:
|
||||
# - path: /
|
||||
# backend:
|
||||
# serviceName: moritzgrafde
|
||||
# servicePort: 80
|
||||
Loading…
Reference in New Issue