Don't autogenerate certificate
This commit is contained in:
James Polley
parent
f0d14754a7
commit
36d079f56b
2 changed files with 36 additions and 3 deletions
|
|
@ -51,6 +51,7 @@ build_review_deployment:
|
||||||
paths:
|
paths:
|
||||||
- k8s/deployment.json
|
- k8s/deployment.json
|
||||||
- k8s/ingress.json
|
- k8s/ingress.json
|
||||||
|
- k8s/certificate.json
|
||||||
|
|
||||||
build_2019_image:
|
build_2019_image:
|
||||||
image: docker:git
|
image: docker:git
|
||||||
|
|
@ -112,6 +113,7 @@ build_2019_image:
|
||||||
- kubectl config use-context cluster
|
- kubectl config use-context cluster
|
||||||
- kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/deployment.json
|
- kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/deployment.json
|
||||||
- kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/ingress.json
|
- kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/ingress.json
|
||||||
|
- kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/certificate.json
|
||||||
|
|
||||||
only:
|
only:
|
||||||
- /^dev\/.*$/
|
- /^dev\/.*$/
|
||||||
|
|
@ -130,6 +132,7 @@ build_2019_image:
|
||||||
- kubectl config use-context cluster
|
- kubectl config use-context cluster
|
||||||
- kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/deployment.json
|
- kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/deployment.json
|
||||||
- kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/ingress.json
|
- kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/ingress.json
|
||||||
|
- kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/certificate.json
|
||||||
only:
|
only:
|
||||||
- /^dev\/.*$/
|
- /^dev\/.*$/
|
||||||
when: manual
|
when: manual
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@ function (slug, sha) {
|
||||||
local app = "symposion-app-" + slug,
|
local app = "symposion-app-" + slug,
|
||||||
local namespace = "rego-review",
|
local namespace = "rego-review",
|
||||||
local domain = slug + ".dev.lca2019.org",
|
local domain = slug + ".dev.lca2019.org",
|
||||||
local tls_secret = domain + "-tls",
|
local tls_secret = slug + "-tls",
|
||||||
|
|
||||||
"deployment.json":
|
"deployment.json":
|
||||||
{
|
{
|
||||||
|
|
@ -157,9 +157,7 @@ function (slug, sha) {
|
||||||
"name": app,
|
"name": app,
|
||||||
"namespace": namespace,
|
"namespace": namespace,
|
||||||
"annotations": {
|
"annotations": {
|
||||||
"certmanager.k8s.io/acme-http01-edit-in-place": "true",
|
|
||||||
"kubernetes.io/ingress.class": "nginx-review",
|
"kubernetes.io/ingress.class": "nginx-review",
|
||||||
"kubernetes.io/tls-acme": "true"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"spec": {
|
"spec": {
|
||||||
|
|
@ -192,5 +190,37 @@ function (slug, sha) {
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"certificate.json":
|
||||||
|
{
|
||||||
|
"apiVersion": "certmanager.k8s.io/v1alpha1",
|
||||||
|
"kind": "Certificate",
|
||||||
|
"metadata": {
|
||||||
|
"name": slug,
|
||||||
|
"namespace": "rego-review",
|
||||||
|
},
|
||||||
|
"spec": {
|
||||||
|
"acme": {
|
||||||
|
"config": [
|
||||||
|
{
|
||||||
|
"domains": [
|
||||||
|
domain
|
||||||
|
],
|
||||||
|
"http01": {
|
||||||
|
"ingressClass": "nginx-review"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"commonName": "",
|
||||||
|
"dnsNames": [
|
||||||
|
domain
|
||||||
|
],
|
||||||
|
"issuerRef": {
|
||||||
|
"kind": "ClusterIssuer",
|
||||||
|
"name": "letsencrypt-prod"
|
||||||
|
},
|
||||||
|
"secretName": tls_secret
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue