End of AppendixC

TryCatchLearn · Aug 22, 2024 · 2e3a194 · 2e3a194
1 parent ac1502b
commit 2e3a194
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 6 deletions.
diff --git a/infra/K8S/config.yml b/infra/K8S/config.yml
@@ -44,7 +44,7 @@ metadata:
   name: gateway-svc-config
 data:
   ASPNETCORE_URLS: http://+:80
-  ClientApp: https://app.carsties.local
+  ClientApp: https://app.carsties.autos
   IdentityServiceUrl: http://identity-clusterip
 ---
 apiVersion: v1
@@ -53,17 +53,17 @@ metadata:
   name: identity-svc-config
 data:
   ASPNETCORE_URLS: http://+:80
-  IssuerUri: https://id.carsties.local
-  ClientApp: https://app.carsties.local
+  IssuerUri: https://id.carsties.autos
+  ClientApp: https://app.carsties.autos
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: webapp-svc-config
 data:
-  AUTH_URL: https://app.carsties.local
+  AUTH_URL: https://app.carsties.autos
   AUTH_URL_INTERNAL: http://webapp-clusterip:3000
   API_URL: http://gateway-clusterip/
-  ID_URL: https://id.carsties.local
+  ID_URL: https://id.carsties.autos
   ID_URL_INTERNAL: http://identity-clusterip
-  NOTIFY_URL: https://api.carsties.local/notifications
+  NOTIFY_URL: https://api.carsties.autos/notifications
diff --git a/infra/ingress/ingress-do-depl.yml b/infra/ingress/ingress-do-depl.yml
@@ -339,6 +339,7 @@ kind: Service
 metadata:
   annotations:
     service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
+    service.beta.kubernetes.io/do-loadbalancer-hostname: "workaround.carsties.autos"
   labels:
     app.kubernetes.io/component: controller
     app.kubernetes.io/instance: ingress-nginx

diff --git a/infra/prod-k8s/ingress-svc.yml b/infra/prod-k8s/ingress-svc.yml
@@ -2,10 +2,19 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: ingress-svc
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+
   labels:
     name: ingress-svc
 spec:
   ingressClassName: nginx
+  tls:
+  - hosts:
+    - app.carsties.autos
+    - api.carsties.autos
+    - id.carsties.autos
+    secretName: carsties-tls
   rules:
   - host: app.carsties.autos
     http:

diff --git a/infra/prod-k8s/prod-le.yml b/infra/prod-k8s/prod-le.yml
@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: [email protected]
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx
diff --git a/infra/prod-k8s/staging-le.yml b/infra/prod-k8s/staging-le.yml
@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: [email protected]
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    # Enable the HTTP-01 challenge provider
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx