Add certificate

This commit is contained in:
bom 2022-06-24 10:31:22 +02:00
parent f03ed9e7a1
commit 5da8acf0b5
4 changed files with 28 additions and 2 deletions

View file

@ -24,4 +24,5 @@
:postgres-size :2gb}) :postgres-size :2gb})
(postgres/generate-service) (postgres/generate-service)
(gitea/generate-appini-env config) (gitea/generate-appini-env config)
(gitea/generate-ingress config)])))) (gitea/generate-ingress config)
(gitea/generate-certificate config)]))))

View file

@ -28,6 +28,7 @@
"gitea/ingress.yaml" (rc/inline "gitea/ingress.yaml") "gitea/ingress.yaml" (rc/inline "gitea/ingress.yaml")
"gitea/services.yaml" (rc/inline "gitea/services.yaml") "gitea/services.yaml" (rc/inline "gitea/services.yaml")
"gitea/volumes.yaml" (rc/inline "gitea/volumes.yaml") "gitea/volumes.yaml" (rc/inline "gitea/volumes.yaml")
"gitea/certificate.yaml" (rc/inline "gitea/certificate.yaml")
(throw (js/Error. "Undefined Resource!"))))) (throw (js/Error. "Undefined Resource!")))))
#?(:cljs #?(:cljs
@ -55,3 +56,12 @@
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer) (assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn)))) (cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
(defn-spec generate-certificate pred/map-or-seq?
[config config?]
(let [{:keys [fqdn issuer]
:or {issuer "staging"}} config
letsencrypt-issuer (name issuer)]
(->
(yaml/load-as-edn "gitea/certificate.yaml")
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))

View file

@ -0,0 +1,15 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gitea-cert
namespace: default
spec:
secretName: gitea-secret
commonName: FQDN
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- FQDN
issuerRef:
name: staging
kind: ClusterIssuer

View file

@ -10,7 +10,7 @@ spec:
tls: tls:
- hosts: - hosts:
- FQDN - FQDN
secretName: gitea-ingress-cert secretName: gitea-cert
rules: rules:
- host: FQDN - host: FQDN
http: http: