[nginx/app/tls] ++update

2021-06-18 21:08:53 +02:00 · 2021-06-18 21:08:53 +02:00 · cda1990935
commit cda1990935
parent 0a565c9e99
6 changed files with 66 additions and 22 deletions
--- a/apps/nginx-certbot/README.md
+++ b/apps/nginx-certbot/README.md
@ -0,0 +1,5 @@
+## nginx service for getting letsencrypt certificates
+
+### Architecture
+
+* nginx/port 80 serves only the root for letsencrypt
--- a/apps/nginx-certbot/base/deployment.yaml
+++ b/apps/nginx-certbot/base/deployment.yaml
@ -1,40 +1,50 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: etherpadlite
+  name: tls1
 spec:
  selector:
    matchLabels:
-      app: etherpadsooooolite
+      app: tls1
  replicas: 1
  template:
    metadata:
      labels:
-        app: etherpadsooooolite
+        app: tls1
    spec:
      containers:
-        - name: etherpad
-          image: etherpad/etherpad:1.8.13
+        - name: nginx-80
+          image: nginx:1.20.0-alpine
          ports:
-            - containerPort: 9001
+            - containerPort: 80
          volumeMounts:
-            - name: etherpadconfig
-              mountPath: "/opt/etherpad-lite/settings.json"
-              subPath: settings.json
+            - name: nginx-config-80
+              mountPath: "/etc/nginx/conf.d/"
+        - name: nginx-443
+          image: nginx:1.20.0-alpine
+          ports:
+            - containerPort: 443
+          volumeMounts:
+            - name: nginx-config-443
+              mountPath: "/etc/nginx/conf.d/"
      volumes:
-        - name: etherpadconfig
+        - name: nginx-config-80
          configMap:
-            name: etherpadliteconfig
+            name: nginx-80-config
+        - name: nginx-config-443
+          configMap:
+            name: nginx-443-config
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: etherpad
+  name: tls1
  labels:
-    app: etherpadsooooolite
+    app: tls1
 spec:
  type: ClusterIP
  ports:
-   - port: 9001
+   - port: 80
+   - port: 443
  selector:
-   app: etherpadsooooolite
+   app: tls1-nginx
--- a/apps/nginx-certbot/base/kustomization.yaml
+++ b/apps/nginx-certbot/base/kustomization.yaml
@ -1,10 +1,9 @@
 configMapGenerator:
- name:
+- name: nginx-80-config
  files:
-  - settings.json=settings.json
-
-commonLabels:
-  app: etherpadlite
-  customer: xyz
+  - default.conf=nginx-80
+- name: nginx-443-config
+  files:
+  - default.conf=nginx-443
 resources:
 - deployment.yaml
--- a/apps/nginx-certbot/base/nginx-443
+++ b/apps/nginx-certbot/base/nginx-443
@ -0,0 +1,15 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name tls1.svc.c2.k8s.ooo;
+
+    ssl_certificate      /etc/letsencrypt/live/tls1.svc.c2.k8s.ooo/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/tls1.svc.c2.k8s.ooo/privkey.pem;
+
+    client_max_body_size 256m;
+
+    root /usr/share/nginx/html;
+
+    autoindex on;
+}
--- a/apps/nginx-certbot/base/nginx-80
+++ b/apps/nginx-certbot/base/nginx-80
@ -0,0 +1,16 @@
+server {
+    listen *:80;
+    listen [::]:80;
+
+    server_name _;
+
+    # Forward for certbot
+    location /.well-known/acme-challenge/ {
+        root /usr/share/nginx/html;
+    }
+
+    # Everything else -> ssl
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
--- a/generic/nginx-deployment-url
+++ b/generic/nginx-deployment-url
@ -1 +0,0 @@
-kubectl apply -f https://k8s.io/examples/application/deployment.yaml
				`@ -1 +0,0 @@`
				`kubectl apply -f https://k8s.io/examples/application/deployment.yaml`