Skip to content

Commit

Permalink
Add optional kustomize letsencrypt overlay
Browse files Browse the repository at this point in the history 
When using letsencrypt, you must annotate the named ingress with the
letsencrypt cluster-issuer as well as any other desired
acme.cert-manager.io annotations [1]. As most services have multiple
ingresses (external vs internal), we must only annotate the ingress that
will be accessed externally, else the ACME solver will not work
correctly.

Using this optional overlay will help ensure the expected ingress is
annotated. So that the challenge url is accessible externally.

 1. https://cert-manager.io/docs/usage/ingress/#supported-annotations
  • Loading branch information
@LukeRepko
LukeRepko committed Apr 20, 2024
1 parent cd5de9a commit 3ea29bd
Show file tree
Hide file tree
Showing 10 changed files with 176 additions and 0 deletions.
13 changes: 13 additions & 0 deletions kustomize/cinder/letsencrypt/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
bases:
- ../base

patches:
- target:
kind: Ingress
name: cinder-namespace-fqdn
patch: |-
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"
13 changes: 13 additions & 0 deletions kustomize/glance/letsencrypt/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
bases:
- ../base

patches:
- target:
kind: Ingress
name: glance-namespace-fqdn
patch: |-
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"
22 changes: 22 additions & 0 deletions kustomize/heat/letsencrypt/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
bases:
- ../base

patches:
- target:
kind: Ingress
name: heat-namespace-fqdn
patch: |-
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"
- target:
kind: Ingress
name: cloudformation-namespace-fqdn
patch: |-
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"
13 changes: 13 additions & 0 deletions kustomize/horizon/letsencrypt/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
bases:
- ../base

patches:
- target:
kind: Ingress
name: horizon-namespace-fqdn
patch: |-
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"
13 changes: 13 additions & 0 deletions kustomize/keystone/letsencrypt/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
bases:
- ../base

patches:
- target:
kind: Ingress
name: keystone-namespace-fqdn
patch: |-
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"
13 changes: 13 additions & 0 deletions kustomize/neutron/letsencrypt/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
bases:
- ../base

patches:
- target:
kind: Ingress
name: neutron-namespace-fqdn
patch: |-
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"
31 changes: 31 additions & 0 deletions kustomize/nova/letsencrypt/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
bases:
- ../base

patches:
- target:
kind: Ingress
name: nova-namespace-fqdn
patch: |-
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"
- target:
kind: Ingress
name: metadata-namespace-fqdn
patch: |-
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"
- target:
kind: Ingress
name: novncproxy-namespace-fqdn
patch: |-
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"
13 changes: 13 additions & 0 deletions kustomize/octavia/letsencrypt/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
bases:
- ../base

patches:
- target:
kind: Ingress
name: octavia-namespace-fqdn
patch: |-
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"
13 changes: 13 additions & 0 deletions kustomize/placement/letsencrypt/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
bases:
- ../base

patches:
- target:
kind: Ingress
name: placement-namespace-fqdn
patch: |-
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"
32 changes: 32 additions & 0 deletions kustomize/skyline/letsencrypt/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
bases:
- ../base

patches:
- target:
kind: Ingress
name: skyline
patch: |-
- op: add
path: /spec/rules
value:
- host: skyline.dfw-ospcv2-staging.ohthree.com
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: skyline-apiserver
port:
name: "s-apiserver"
- op: add
path: /spec/tls
value:
- hosts:
- skyline.dfw-ospcv2-staging.ohthree.com
secretName: skyline-tls-public
- op: add
path: /metadata/annotations
value:
cert-manager.io/cluster-issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"

0 comments on commit 3ea29bd

Please sign in to comment.