From 3bd9b3e8e7009277ba3852b5f85ee7672e4d434b Mon Sep 17 00:00:00 2001 From: Moritz Graf Date: Fri, 10 Apr 2020 00:45:20 +0200 Subject: [PATCH] Adding secrets for registry --- k8s/README.md | 24 +++++++-- k8s/development/gitlab.yaml | 76 +++++++++++++-------------- k8s/development/registry.secret.yaml | Bin 0 -> 211 bytes k8s/development/registry.yaml | 14 +++++ k8s/web/moritzgrafde.yaml | 67 +++++++++++++++++++++++ 5 files changed, 140 insertions(+), 41 deletions(-) create mode 100644 k8s/development/registry.secret.yaml create mode 100644 k8s/development/registry.yaml create mode 100644 k8s/web/moritzgrafde.yaml diff --git a/k8s/README.md b/k8s/README.md index 19ae93f..f0231d7 100644 --- a/k8s/README.md +++ b/k8s/README.md @@ -19,7 +19,7 @@ kubectl get pods | grep Error | cut -d' ' -f 1 | xargs kubectl delete pod ## namespaces ```sh -namespaces="flux cert-manager nginx-ingress infrapuzzle kuard auth nextcloud datalab" +namespaces="flux cert-manager nginx-ingress infrapuzzle kuard auth nextcloud datalab web development" for i in $( echo $NAMESPACES ) ; do k create ns $i done @@ -96,6 +96,19 @@ Backup *Current state:* Registry of hub.moritzgraf.de:5000 is used. +```sh +# create secret base64 encoded +USER="moritz" +PASSWORD="password" +docker run --entrypoint htpasswd --rm registry:2 -Bbn admin admin123 | base64 +# use the output and put it in development/registry.secret.yaml +kubectl apply -f development/registry.yaml + +``` + + +### after + Create credentials secret [according to docu](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line): ```sh @@ -118,6 +131,11 @@ done ## Add mopbot & corona & corona-api ```sh -kubectl apply -f datalab/mopbot.yaml -kubectl apply -f datalab/corona-api.yaml +kubectl apply -f datalab/ +``` + +## Web + +```sh +kubectl apply -f web/ ``` \ No newline at end of file diff --git a/k8s/development/gitlab.yaml b/k8s/development/gitlab.yaml index 34d7793..bb51766 100644 --- a/k8s/development/gitlab.yaml +++ b/k8s/development/gitlab.yaml @@ -1,41 +1,41 @@ -# status: began to implement, but did not complete -# note: psql seems not to be part of the chart itself +# # status: began to implement, but did not complete +# # note: psql seems not to be part of the chart itself -apiVersion: helm.fluxcd.io/v1 -kind: HelmRelease -metadata: - name: helm-gitlab - namespace: flux -spec: - releaseName: gitlab - targetNamespace: development - chart: - repository: https://charts.gitlab.io/ - version: xxx - name: gitlab - values: - global: - hosts: - domain: haumdaucher.de - ingress: - enabled: true - tls: - enabled: true - configureCertmanager: false - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-prod" - gitlab: - unicorn: - ingress: - tls: - secretName: gitlab-unicorn-ingress-tls - registry: - ingress: - tls: - secretName: registry-ingress-tls - minio: - ingress: - tls: - secretName: minio-ingress-tls +# apiVersion: helm.fluxcd.io/v1 +# kind: HelmRelease +# metadata: +# name: helm-gitlab +# namespace: flux +# spec: +# releaseName: gitlab +# targetNamespace: development +# chart: +# repository: https://charts.gitlab.io/ +# version: xxx +# name: gitlab +# values: +# global: +# hosts: +# domain: haumdaucher.de +# ingress: +# enabled: true +# tls: +# enabled: true +# configureCertmanager: false +# annotations: +# cert-manager.io/cluster-issuer: "letsencrypt-prod" +# gitlab: +# unicorn: +# ingress: +# tls: +# secretName: gitlab-unicorn-ingress-tls +# registry: +# ingress: +# tls: +# secretName: registry-ingress-tls +# minio: +# ingress: +# tls: +# secretName: minio-ingress-tls diff --git a/k8s/development/registry.secret.yaml b/k8s/development/registry.secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..43549df896bc00725527151c0e3ce4682e9fecc9 GIT binary patch literal 211 zcmV;^04)CiM@dveQdv+`0CNuctv{PJeS|~=mp6U}FajPIxEEy>_25eNB)zk@2RpbcMctH)_WmH$w{ z!u|;P7Jo#3fhzs+(`H(|?R>u#EP;&bm387~`>u N`I~mY+bZr=(YlxlZGQj& literal 0 HcmV?d00001 diff --git a/k8s/development/registry.yaml b/k8s/development/registry.yaml new file mode 100644 index 0000000..9ee1437 --- /dev/null +++ b/k8s/development/registry.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: registry + namespace: development +spec: + secretName: registry-haumdaucher-de + dnsNames: + - registry.haumdaucher.de + issuerRef: + name: letsencrypt-prod + kind: ClusterIssuer + group: cert-manager.io \ No newline at end of file diff --git a/k8s/web/moritzgrafde.yaml b/k8s/web/moritzgrafde.yaml new file mode 100644 index 0000000..08bb443 --- /dev/null +++ b/k8s/web/moritzgrafde.yaml @@ -0,0 +1,67 @@ +#### Migrate at last + + + +# --- +# apiVersion: apps/v1 +# kind: Deployment +# metadata: +# name: moritzgrafde +# labels: +# app: moritzgrafde +# namespace: web +# spec: +# selector: +# matchLabels: +# app: moritzgrafde +# replicas: 1 +# template: +# metadata: +# labels: +# app: moritzgrafde +# spec: +# imagePullSecrets: +# - name: "hub-moritzgraf-de" +# containers: +# - image: hub.moritzgraf.de:5000/moritzgrafde:latest +# imagePullPolicy: Always +# name: moritzgrafde +# ports: +# - containerPort: 80 + +# --- +# apiVersion: v1 +# kind: Service +# metadata: +# name: moritzgrafde +# namespace: web +# spec: +# ports: +# - port: 80 +# targetPort: 80 +# protocol: TCP +# selector: +# app: moritzgrafde +# --- +# apiVersion: extensions/v1beta1 +# kind: Ingress +# metadata: +# name: moritzgrafde +# namespace: web +# annotations: +# kubernetes.io/ingress.class: "nginx" +# nginx.ingress.kubernetes.io/force-ssl-redirect: "true" +# cert-manager.io/cluster-issuer: "letsencrypt-prod" +# spec: +# tls: +# - hosts: +# - "moritzgraf.de" +# secretName: corona-moritzgraf-de +# rules: +# - host: moritzgraf.de +# http: +# paths: +# - path: / +# backend: +# serviceName: moritzgrafde +# servicePort: 80