moritz
/
infrapuzzle
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding secrets for registry

This commit is contained in:
Moritz Graf 2020-04-10 00:45:20 +02:00
parent 881c05ca1f
commit 3bd9b3e8e7
5 changed files with 140 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
k8s/README.md
View File

@ -19,7 +19,7 @@ kubectl get pods | grep Error | cut -d' ' -f 1 | xargs kubectl delete pod
## namespaces ## namespaces
```sh ```sh
namespaces="flux cert-manager nginx-ingress infrapuzzle kuard auth nextcloud datalab" namespaces="flux cert-manager nginx-ingress infrapuzzle kuard auth nextcloud datalab web development"
for i in $( echo $NAMESPACES ) ; do for i in $( echo $NAMESPACES ) ; do
k create ns $i k create ns $i
done done
@ -96,6 +96,19 @@ Backup
*Current state:* Registry of hub.moritzgraf.de:5000 is used. *Current state:* Registry of hub.moritzgraf.de:5000 is used.
```sh
# create secret base64 encoded
USER="moritz"
PASSWORD="password"
docker run --entrypoint htpasswd --rm registry:2 -Bbn admin admin123 | base64
# use the output and put it in development/registry.secret.yaml
kubectl apply -f development/registry.yaml
```
### after
Create credentials secret [according to docu](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line): Create credentials secret [according to docu](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line):
```sh ```sh
@ -118,6 +131,11 @@ done
## Add mopbot & corona & corona-api ## Add mopbot & corona & corona-api
```sh ```sh
kubectl apply -f datalab/mopbot.yaml kubectl apply -f datalab/
kubectl apply -f datalab/corona-api.yaml ```
## Web
```sh
kubectl apply -f web/
``` ```

76
k8s/development/gitlab.yaml
View File

@ -1,41 +1,41 @@
# status: began to implement, but did not complete # # status: began to implement, but did not complete
# note: psql seems not to be part of the chart itself # # note: psql seems not to be part of the chart itself
apiVersion: helm.fluxcd.io/v1 # apiVersion: helm.fluxcd.io/v1
kind: HelmRelease # kind: HelmRelease
metadata: # metadata:
name: helm-gitlab # name: helm-gitlab
namespace: flux # namespace: flux
spec: # spec:
releaseName: gitlab # releaseName: gitlab
targetNamespace: development # targetNamespace: development
chart: # chart:
repository: https://charts.gitlab.io/ # repository: https://charts.gitlab.io/
version: xxx # version: xxx
name: gitlab # name: gitlab
values: # values:
global: # global:
hosts: # hosts:
domain: haumdaucher.de # domain: haumdaucher.de
ingress: # ingress:
enabled: true # enabled: true
tls: # tls:
enabled: true # enabled: true
configureCertmanager: false # configureCertmanager: false
annotations: # annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod" # cert-manager.io/cluster-issuer: "letsencrypt-prod"
gitlab: # gitlab:
unicorn: # unicorn:
ingress: # ingress:
tls: # tls:
secretName: gitlab-unicorn-ingress-tls # secretName: gitlab-unicorn-ingress-tls
registry: # registry:
ingress: # ingress:
tls: # tls:
secretName: registry-ingress-tls # secretName: registry-ingress-tls
minio: # minio:
ingress: # ingress:
tls: # tls:
secretName: minio-ingress-tls # secretName: minio-ingress-tls

BIN
k8s/development/registry.secret.yaml Normal file
View File

Binary file not shown.

14
k8s/development/registry.yaml Normal file
View File

@ -0,0 +1,14 @@
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: registry
namespace: development
spec:
secretName: registry-haumdaucher-de
dnsNames:
- registry.haumdaucher.de
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
group: cert-manager.io

67
k8s/web/moritzgrafde.yaml Normal file
View File

@ -0,0 +1,67 @@
#### Migrate at last
# ---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: moritzgrafde
# labels:
# app: moritzgrafde
# namespace: web
# spec:
# selector:
# matchLabels:
# app: moritzgrafde
# replicas: 1
# template:
# metadata:
# labels:
# app: moritzgrafde
# spec:
# imagePullSecrets:
# - name: "hub-moritzgraf-de"
# containers:
# - image: hub.moritzgraf.de:5000/moritzgrafde:latest
# imagePullPolicy: Always
# name: moritzgrafde
# ports:
# - containerPort: 80
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: moritzgrafde
# namespace: web
# spec:
# ports:
# - port: 80
# targetPort: 80
# protocol: TCP
# selector:
# app: moritzgrafde
# ---
# apiVersion: extensions/v1beta1
# kind: Ingress
# metadata:
# name: moritzgrafde
# namespace: web
# annotations:
# kubernetes.io/ingress.class: "nginx"
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-prod"
# spec:
# tls:
# - hosts:
# - "moritzgraf.de"
# secretName: corona-moritzgraf-de
# rules:
# - host: moritzgraf.de
# http:
# paths:
# - path: /
# backend:
# serviceName: moritzgrafde
# servicePort: 80