Add SysEleven TLS config

Author: jawebada

k8s/environments/syseleven/95-cert-issuer.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: jan.weil@web.de
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - http01:
+        ingress:
+          class: nginx

k8s/environments/syseleven/add_tls.yaml

@@ -0,0 +1,52 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress
+  namespace: clair-berlin
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  tls:
+  - hosts:
+    - clair.jawebada.de
+    secretName: ingress-tls-secret
+  rules:
+  - host: clair.jawebada.de
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: static-frontend
+            port:
+              number: 80
+      - path: /admin
+        pathType: Prefix
+        backend:
+          service:
+            name: managair-server
+            port:
+              number: 8888
+      - path: /static
+        pathType: Prefix
+        backend:
+          service:
+            name: managair-server
+            port:
+              number: 8888
+      - path: /accounts
+        pathType: Prefix
+        backend:
+          service:
+            name: managair-server
+            port:
+              number: 8888
+      - path: /api
+        pathType: Prefix
+        backend:
+          service:
+            name: managair-server
+            port:
+              number: 8888
+

k8s/environments/syseleven/config.env

@@ -0,0 +1,24 @@
+CLAIR_DOMAIN=clair.jawebada.de
+
+DEBUG=0
+SENTRY=1
+DEBUG_TOOLBAR=0
+
+DJANGO_LOG_LEVEL=WARNING
+DJANGO_DB_LOG_LEVEL=WARNING
+LOG_LEVEL=WARNING
+
+MANAGAIR_DB_MIGRATE=true
+MANAGAIR_COLLECT_STATIC_FILES=true
+
+INGESTAIR_DB_MIGRATE=false
+
+SQL_DATABASE=managairdb_dev
+SQL_USER=managair_dev
+SQL_PASSWORD=postgres
+
+EMAIL_HOST=mx2ed5.netcup.net
+EMAIL_PORT=587
+EMAIL_HOST_USER=clair-sender@clair-berlin.de
+EMAIL_USE_TLS=True
+DEFAULT_FROM_EMAIL=kontakt@clair-berlin.de

k8s/environments/syseleven/kustomization.yaml

@@ -0,0 +1,55 @@
+resources:
+  - ../../base
+  - 95-cert-issuer.yaml
+
+patchesStrategicMerge:
+  - add_tls.yaml
+
+configMapGenerator:
+  - name: clair-config-map
+    namespace: clair-berlin
+    behavior: replace
+    envs:
+      - config.env
+
+secretGenerator:
+  - name: db-secret
+    namespace: clair-berlin
+    behavior: replace
+    files:
+      - secrets/sql-password.txt
+  - name: managair-secret
+    namespace: clair-berlin
+    behavior: replace
+    files:
+      - secrets/managair-secret-key.txt
+      - secrets/sql-password.txt
+      - secrets/sentry-url.txt
+      - secrets/smtp-password.txt
+  - name: ingestair-secret
+    namespace: clair-berlin
+    behavior: replace
+    files:
+      - secrets/ingestair-secret-key.txt
+      - secrets/sql-password.txt
+      - secrets/smtp-password.txt
+  - name: clairchen-forwarder-v2-secret
+    namespace: clair-berlin
+    behavior: replace
+    files:
+      - secrets/clairchen-forwarder-v2-access-key.txt
+  - name: ers-forwarder-v2-secret
+    namespace: clair-berlin
+    behavior: replace
+    files:
+      - secrets/ers-forwarder-v2-access-key.txt
+  - name: clairchen-forwarder-v3-secret
+    namespace: clair-berlin
+    behavior: replace
+    files:
+      - secrets/clairchen-forwarder-v3-access-key.txt
+  - name: ers-forwarder-v3-secret
+    namespace: clair-berlin
+    behavior: replace
+    files:
+      - secrets/ers-forwarder-v3-access-key.txt