apply cert Manager and configure https

4a7a9f01 · ludo8147 · e8f1f19e · 4a7a9f01 · 4a7a9f01 · 4a7a9f01
Commit 4a7a9f01 authored 7 months ago by ludo8147
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -8,6 +8,7 @@ variables:
  AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
  AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
  AWS_DEFAULT_REGION: ${AWS_DEFAULT_REGION}
+  CERT_MANAGER_VERSION: v1.13.0
 stages:
  - 'build'
@@ -164,11 +165,15 @@ deploy_to_staging:
      kubectl apply -f bundle.yaml --server-side
      kubectl wait --for=condition=Established --all crd --timeout=300s
+      kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml
+      kubectl wait --for=condition=Available --timeout=300s deployment/cert-manager-webhook -n cert-manager
      echo "Validating and applying Kubernetes manifests..."
-      for file in deployment.yaml service.yaml ingress.yaml redis.yaml prometheus.yaml network-policy.yaml redis-pv-pvc.yaml; do
+      for file in deployment.yaml service.yaml ingress.yaml redis.yaml prometheus.yaml network-policy.yaml redis-pv-pvc.yaml cluster-issuer.yaml; do
        echo "Applying $file"
        envsubst < $file | kubectl apply -f -
      done
+      kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
      echo "All manifests applied successfully."
  rules:

--- a/cluster-issuer.yaml
+++ b/cluster-issuer.yaml
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: ludo8147@bht-berlin.de
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
\ No newline at end of file
--- a/ingress.yaml
+++ b/ingress.yaml
@@ -5,9 +5,15 @@ metadata:
  namespace: ${KUBE_NAMESPACE}
  annotations:
    kubernetes.io/ingress.class: nginx
+    nginx-ingress.kubernetes.io/ssl-redirect: "true"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
 spec:
+  tls:
+  - hosts:
+    - "webdevops.ddns.net"
+    secretName: webdevops-tls
  rules:
-  - host: my-domain.com
+  - host: "webdevops.ddns.net"
    http:
      paths:
      - path: /