Add certificate
This commit is contained in:
parent
f03ed9e7a1
commit
5da8acf0b5
4 changed files with 28 additions and 2 deletions
|
@ -24,4 +24,5 @@
|
||||||
:postgres-size :2gb})
|
:postgres-size :2gb})
|
||||||
(postgres/generate-service)
|
(postgres/generate-service)
|
||||||
(gitea/generate-appini-env config)
|
(gitea/generate-appini-env config)
|
||||||
(gitea/generate-ingress config)]))))
|
(gitea/generate-ingress config)
|
||||||
|
(gitea/generate-certificate config)]))))
|
||||||
|
|
|
@ -28,6 +28,7 @@
|
||||||
"gitea/ingress.yaml" (rc/inline "gitea/ingress.yaml")
|
"gitea/ingress.yaml" (rc/inline "gitea/ingress.yaml")
|
||||||
"gitea/services.yaml" (rc/inline "gitea/services.yaml")
|
"gitea/services.yaml" (rc/inline "gitea/services.yaml")
|
||||||
"gitea/volumes.yaml" (rc/inline "gitea/volumes.yaml")
|
"gitea/volumes.yaml" (rc/inline "gitea/volumes.yaml")
|
||||||
|
"gitea/certificate.yaml" (rc/inline "gitea/certificate.yaml")
|
||||||
(throw (js/Error. "Undefined Resource!")))))
|
(throw (js/Error. "Undefined Resource!")))))
|
||||||
|
|
||||||
#?(:cljs
|
#?(:cljs
|
||||||
|
@ -55,3 +56,12 @@
|
||||||
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
|
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
|
||||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
||||||
|
|
||||||
|
(defn-spec generate-certificate pred/map-or-seq?
|
||||||
|
[config config?]
|
||||||
|
(let [{:keys [fqdn issuer]
|
||||||
|
:or {issuer "staging"}} config
|
||||||
|
letsencrypt-issuer (name issuer)]
|
||||||
|
(->
|
||||||
|
(yaml/load-as-edn "gitea/certificate.yaml")
|
||||||
|
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
|
||||||
|
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
15
src/main/resources/gitea/certificate.yaml
Normal file
15
src/main/resources/gitea/certificate.yaml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: gitea-cert
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
secretName: gitea-secret
|
||||||
|
commonName: FQDN
|
||||||
|
duration: 2160h # 90d
|
||||||
|
renewBefore: 360h # 15d
|
||||||
|
dnsNames:
|
||||||
|
- FQDN
|
||||||
|
issuerRef:
|
||||||
|
name: staging
|
||||||
|
kind: ClusterIssuer
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- FQDN
|
- FQDN
|
||||||
secretName: gitea-ingress-cert
|
secretName: gitea-cert
|
||||||
rules:
|
rules:
|
||||||
- host: FQDN
|
- host: FQDN
|
||||||
http:
|
http:
|
||||||
|
|
Loading…
Reference in a new issue