Remove v1 of nginx/certbot (superseeded)

This commit is contained in:
Nico Schottelius 2021-06-19 16:52:38 +02:00
parent 4bd0620897
commit 8b594f17ba
4 changed files with 0 additions and 201 deletions

View File

@ -1,161 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: tls1-letsencrypt-certs
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50Mi
storageClassName: rook-cephfs
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: tls1-webroot
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi
storageClassName: rook-cephfs
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tls1-http
spec:
selector:
matchLabels:
app: tls1-nginx
ssl: no
replicas: 1
template:
metadata:
labels:
app: tls1-nginx
ssl: no
spec:
containers:
- name: nginx-80
image: nginx:1.20.0-alpine
ports:
- containerPort: 80
volumeMounts:
- name: nginx-config-80
mountPath: "/etc/nginx/conf.d/"
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
- name: webroot
mountPath: "/usr/share/nginx/html"
volumes:
- name: nginx-config-80
configMap:
name: nginx-80-config
- name: etcletsencrypt
persistentVolumeClaim:
claimName: tls1-letsencrypt-certs
- name: webroot
persistentVolumeClaim:
claimName: tls1-webroot
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tls1-https
spec:
selector:
matchLabels:
app: tls1-nginx
ssl: yes
replicas: 1
template:
metadata:
labels:
app: tls1-nginx
ssl: yes
spec:
containers:
- name: nginx-443
image: nginx:1.20.0-alpine
ports:
- containerPort: 443
volumeMounts:
- name: nginx-config-443
mountPath: "/etc/nginx/conf.d/"
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
- name: webroot
mountPath: "/usr/share/nginx/html"
volumes:
- name: nginx-config-443
configMap:
name: nginx-443-config
- name: etcletsencrypt
persistentVolumeClaim:
claimName: tls1-letsencrypt-certs
- name: webroot
persistentVolumeClaim:
claimName: tls1-webroot
---
apiVersion: v1
kind: Service
metadata:
name: tls1
labels:
app: tls1
spec:
type: ClusterIP
ports:
- port: 80
name: http
- port: 443
name: https
selector:
app: tls1-nginx
---
apiVersion: batch/v1
kind: Job
metadata:
name: tls1-getcert
spec:
template:
spec:
restartPolicy: Never
containers:
- name: certbot
image: ungleich/ungleich-certbot
command:
- certbot
- certonly
- --agree-tos
- --cert-name
- 'tls1.default.svc.c2.k8s.ooo'
- --email
- sre@ungleich.ch
- --expand
- --non-interactive
- --webroot
- --webroot-path
- /usr/share/nginx/html
- --domain
- 'tls1.default.svc.c2.k8s.ooo'
# - --staging
volumeMounts:
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
- name: webroot
mountPath: "/usr/share/nginx/html"
volumes:
- name: etcletsencrypt
persistentVolumeClaim:
claimName: tls1-letsencrypt-certs
- name: webroot
persistentVolumeClaim:
claimName: tls1-webroot
backoffLimit: 3

View File

@ -1,9 +0,0 @@
configMapGenerator:
- name: nginx-80-config
files:
- default.conf=nginx-80
- name: nginx-443-config
files:
- default.conf=nginx-443
resources:
- deployment.yaml

View File

@ -1,15 +0,0 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name tls1.default.svc.c2.k8s.ooo;
ssl_certificate /etc/letsencrypt/live/tls1.default.svc.c2.k8s.ooo/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tls1.default.svc.c2.k8s.ooo/privkey.pem;
client_max_body_size 256m;
root /usr/share/nginx/html;
autoindex on;
}

View File

@ -1,16 +0,0 @@
server {
listen *:80;
listen [::]:80;
server_name _;
# Forward for certbot
location /.well-known/acme-challenge/ {
root /usr/share/nginx/html;
}
# Everything else -> ssl
location / {
return 301 https://$host$request_uri;
}
}