Remove v1 of nginx/certbot (superseeded)
This commit is contained in:
Nico Schottelius
parent
4bd0620897
commit
8b594f17ba
4 changed files with 0 additions and 201 deletions
|
|
@ -1,161 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: tls1-letsencrypt-certs
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 50Mi
|
||||
storageClassName: rook-cephfs
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: tls1-webroot
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 100Mi
|
||||
storageClassName: rook-cephfs
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: tls1-http
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: tls1-nginx
|
||||
ssl: no
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: tls1-nginx
|
||||
ssl: no
|
||||
spec:
|
||||
containers:
|
||||
- name: nginx-80
|
||||
image: nginx:1.20.0-alpine
|
||||
ports:
|
||||
- containerPort: 80
|
||||
volumeMounts:
|
||||
- name: nginx-config-80
|
||||
mountPath: "/etc/nginx/conf.d/"
|
||||
- name: etcletsencrypt
|
||||
mountPath: "/etc/letsencrypt"
|
||||
- name: webroot
|
||||
mountPath: "/usr/share/nginx/html"
|
||||
volumes:
|
||||
- name: nginx-config-80
|
||||
configMap:
|
||||
name: nginx-80-config
|
||||
- name: etcletsencrypt
|
||||
persistentVolumeClaim:
|
||||
claimName: tls1-letsencrypt-certs
|
||||
- name: webroot
|
||||
persistentVolumeClaim:
|
||||
claimName: tls1-webroot
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: tls1-https
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: tls1-nginx
|
||||
ssl: yes
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: tls1-nginx
|
||||
ssl: yes
|
||||
spec:
|
||||
containers:
|
||||
- name: nginx-443
|
||||
image: nginx:1.20.0-alpine
|
||||
ports:
|
||||
- containerPort: 443
|
||||
volumeMounts:
|
||||
- name: nginx-config-443
|
||||
mountPath: "/etc/nginx/conf.d/"
|
||||
- name: etcletsencrypt
|
||||
mountPath: "/etc/letsencrypt"
|
||||
- name: webroot
|
||||
mountPath: "/usr/share/nginx/html"
|
||||
volumes:
|
||||
- name: nginx-config-443
|
||||
configMap:
|
||||
name: nginx-443-config
|
||||
- name: etcletsencrypt
|
||||
persistentVolumeClaim:
|
||||
claimName: tls1-letsencrypt-certs
|
||||
- name: webroot
|
||||
persistentVolumeClaim:
|
||||
claimName: tls1-webroot
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: tls1
|
||||
labels:
|
||||
app: tls1
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
name: http
|
||||
- port: 443
|
||||
name: https
|
||||
selector:
|
||||
app: tls1-nginx
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: tls1-getcert
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: certbot
|
||||
image: ungleich/ungleich-certbot
|
||||
command:
|
||||
- certbot
|
||||
- certonly
|
||||
- --agree-tos
|
||||
- --cert-name
|
||||
- 'tls1.default.svc.c2.k8s.ooo'
|
||||
- --email
|
||||
- sre@ungleich.ch
|
||||
- --expand
|
||||
- --non-interactive
|
||||
- --webroot
|
||||
- --webroot-path
|
||||
- /usr/share/nginx/html
|
||||
- --domain
|
||||
- 'tls1.default.svc.c2.k8s.ooo'
|
||||
# - --staging
|
||||
volumeMounts:
|
||||
- name: etcletsencrypt
|
||||
mountPath: "/etc/letsencrypt"
|
||||
- name: webroot
|
||||
mountPath: "/usr/share/nginx/html"
|
||||
volumes:
|
||||
- name: etcletsencrypt
|
||||
persistentVolumeClaim:
|
||||
claimName: tls1-letsencrypt-certs
|
||||
- name: webroot
|
||||
persistentVolumeClaim:
|
||||
claimName: tls1-webroot
|
||||
backoffLimit: 3
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
configMapGenerator:
|
||||
- name: nginx-80-config
|
||||
files:
|
||||
- default.conf=nginx-80
|
||||
- name: nginx-443-config
|
||||
files:
|
||||
- default.conf=nginx-443
|
||||
resources:
|
||||
- deployment.yaml
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
server_name tls1.default.svc.c2.k8s.ooo;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/tls1.default.svc.c2.k8s.ooo/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/tls1.default.svc.c2.k8s.ooo/privkey.pem;
|
||||
|
||||
client_max_body_size 256m;
|
||||
|
||||
root /usr/share/nginx/html;
|
||||
|
||||
autoindex on;
|
||||
}
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
server {
|
||||
listen *:80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name _;
|
||||
|
||||
# Forward for certbot
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
# Everything else -> ssl
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue