Welcome, Wild Cloud!
This commit is contained in:
@@ -2,13 +2,13 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: wildcard-internal-sovereign-cloud
|
||||
name: wildcard-internal-wild-cloud
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
secretName: wildcard-internal-sovereign-cloud-tls
|
||||
secretName: wildcard-internal-wild-cloud-tls
|
||||
dnsNames:
|
||||
- "*.internal.${DOMAIN}"
|
||||
- "internal.${DOMAIN}"
|
||||
- "*.internal.${DOMAIN}"
|
||||
- "internal.${DOMAIN}"
|
||||
issuerRef:
|
||||
name: letsencrypt-prod
|
||||
kind: ClusterIssuer
|
||||
@@ -16,4 +16,4 @@ spec:
|
||||
renewBefore: 360h # 15 days
|
||||
privateKey:
|
||||
algorithm: RSA
|
||||
size: 2048
|
||||
size: 2048
|
||||
|
||||
@@ -2,13 +2,13 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: wildcard-sovereign-cloud
|
||||
name: wildcard-wild-cloud
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
secretName: wildcard-sovereign-cloud-tls
|
||||
secretName: wildcard-wild-cloud-tls
|
||||
dnsNames:
|
||||
- "*.${DOMAIN}"
|
||||
- "${DOMAIN}"
|
||||
- "*.${DOMAIN}"
|
||||
- "${DOMAIN}"
|
||||
issuerRef:
|
||||
name: letsencrypt-prod
|
||||
kind: ClusterIssuer
|
||||
@@ -16,4 +16,4 @@ spec:
|
||||
renewBefore: 360h # 15 days
|
||||
privateKey:
|
||||
algorithm: RSA
|
||||
size: 2048
|
||||
size: 2048
|
||||
|
||||
@@ -17,4 +17,4 @@ spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- docker-registry.internal.${DOMAIN}
|
||||
secretName: wildcard-internal-sovereign-cloud-tls
|
||||
secretName: wildcard-internal-wild-cloud-tls
|
||||
|
||||
@@ -2,16 +2,16 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: docker-registry
|
||||
labels:
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app: docker-registry
|
||||
managedBy: sovereign-cloud
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app: docker-registry
|
||||
managedBy: wild-cloud
|
||||
resources:
|
||||
- deployment.yaml
|
||||
- ingress.yaml
|
||||
- service.yaml
|
||||
- namespace.yaml
|
||||
- pvc.yaml
|
||||
- deployment.yaml
|
||||
- ingress.yaml
|
||||
- service.yaml
|
||||
- namespace.yaml
|
||||
- pvc.yaml
|
||||
configMapGenerator:
|
||||
- name: docker-registry-config
|
||||
envs:
|
||||
|
||||
@@ -9,10 +9,10 @@ spec:
|
||||
ipWhiteList:
|
||||
# Restrict to local private network ranges
|
||||
sourceRange:
|
||||
- 127.0.0.1/32 # localhost
|
||||
- 10.0.0.0/8 # Private network
|
||||
- 172.16.0.0/12 # Private network
|
||||
- 192.168.0.0/16 # Private network
|
||||
- 127.0.0.1/32 # localhost
|
||||
- 10.0.0.0/8 # Private network
|
||||
- 172.16.0.0/12 # Private network
|
||||
- 192.168.0.0/16 # Private network
|
||||
|
||||
---
|
||||
# HTTPS redirect middleware
|
||||
@@ -47,7 +47,7 @@ spec:
|
||||
port: 443
|
||||
serversTransport: dashboard-transport
|
||||
tls:
|
||||
secretName: wildcard-internal-sovereign-cloud-tls
|
||||
secretName: wildcard-internal-wild-cloud-tls
|
||||
|
||||
---
|
||||
# HTTP to HTTPS redirect.
|
||||
@@ -82,4 +82,3 @@ metadata:
|
||||
spec:
|
||||
insecureSkipVerify: true
|
||||
serverName: dashboard.internal.${DOMAIN}
|
||||
|
||||
|
||||
@@ -20,8 +20,8 @@ echo "Installing Kubernetes Dashboard core components..."
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
|
||||
|
||||
# Copying cert-manager secrets to the dashboard namespace
|
||||
copy-secret cert-manager:wildcard-internal-sovereign-cloud-tls $NAMESPACE
|
||||
copy-secret cert-manager:wildcard-sovereign-cloud-tls $NAMESPACE
|
||||
copy-secret cert-manager:wildcard-internal-wild-cloud-tls $NAMESPACE
|
||||
copy-secret cert-manager:wildcard-wild-cloud-tls $NAMESPACE
|
||||
|
||||
# Create admin service account and token
|
||||
echo "Creating dashboard admin service account and token..."
|
||||
|
||||
Reference in New Issue
Block a user