From 5e7d8505209ab363ac3961fe3a6c74519022e2a9 Mon Sep 17 00:00:00 2001 From: Victor Timofei Date: Wed, 29 Dec 2021 15:27:14 +0200 Subject: [PATCH] Various changes - Updated logger API. - Fixed file sourcing. - Fixed argocd ingress and ACME cert. --- cert-manager/argocd_cert.yaml | 12 +++++++++ cert-manager/argocd_ingress.yaml | 27 +++++++++++++++++++ .../cluster_issuer.yaml | 6 ++--- env | 9 +++++-- install-cert-manager.sh | 22 +++++++++++---- install.sh | 4 +-- logger.sh | 2 +- 7 files changed, 69 insertions(+), 13 deletions(-) create mode 100644 cert-manager/argocd_cert.yaml create mode 100644 cert-manager/argocd_ingress.yaml rename cluster_issuer.yaml => cert-manager/cluster_issuer.yaml (56%) diff --git a/cert-manager/argocd_cert.yaml b/cert-manager/argocd_cert.yaml new file mode 100644 index 0000000..a0820cc --- /dev/null +++ b/cert-manager/argocd_cert.yaml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: argocd-app + namespace: argocd +spec: + dnsNames: + - argocd.DOMAIN + secretName: argocd-app-tls + issuerRef: + name: letsencrypt-cluster-issuer + kind: ClusterIssuer diff --git a/cert-manager/argocd_ingress.yaml b/cert-manager/argocd_ingress.yaml new file mode 100644 index 0000000..a690caf --- /dev/null +++ b/cert-manager/argocd_ingress.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: argocd-server-ingress + namespace: argocd + annotations: + cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" +spec: + rules: + - host: argocd.DOMAIN + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: argocd-server + port: + name: https + tls: + - hosts: + - argocd.DOMAIN + secretName: argocd-app-tls diff --git a/cluster_issuer.yaml b/cert-manager/cluster_issuer.yaml similarity index 56% rename from cluster_issuer.yaml rename to cert-manager/cluster_issuer.yaml index 0f429c7..a763808 100644 --- a/cluster_issuer.yaml +++ b/cert-manager/cluster_issuer.yaml @@ -1,13 +1,13 @@ apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: - name: letsencrypt-prod + name: letsencrypt-cluster-issuer spec: acme: email: EMAIL_ADDRESS - server: https://acme-v02.api.letsencrypt.org/directory + server: https://acme-staging-v02.api.letsencrypt.org/directory privateKeySecretRef: - name: letsencrypt-prod-private-key + name: letsencrypt-cluster-issuer-key solvers: - http01: ingress: diff --git a/env b/env index 3f77faf..202d99a 100644 --- a/env +++ b/env @@ -1,14 +1,19 @@ -PATH=${PWD}/bin/:$PATH +DOMAIN="${DOMAIN:-example.org}" EMAIL_ADDRESS="${EMAIL_ADDRESS:-kubernetesadmin@example.org}" + +PATH=${PWD}/bin/:$PATH KUBECTL_BIN="${KUBECTL_BIN:-kubectl}" INSTALL_DIR="${INSTALL_DIR:-$(pwd)/bin}" HELM_BIN="${INSTALL_DIR}/helm" ARGOCD_BIN="${INSTALL_DIR}/argocd" +CERT_MANAGER_VERSION="1.6.1" export PATH \ EMAIL_ADDRESS \ + DOMAIN \ KUBECTL_BIN \ INSTALL_DIR \ HELM_BIN \ - ARGOCD_BIN + ARGOCD_BIN \ + CERT_MANAGER_VERSION diff --git a/install-cert-manager.sh b/install-cert-manager.sh index c282c89..5d8b02f 100755 --- a/install-cert-manager.sh +++ b/install-cert-manager.sh @@ -1,7 +1,7 @@ #!/usr/bin/bash -source env -source logger.sh +source ./env +source ./logger.sh function install_cert_manager { ${KUBECTL_BIN} create namespace cert-manager @@ -9,16 +9,28 @@ function install_cert_manager { ${HELM_BIN} repo update ${HELM_BIN} install cert-manager jetstack/cert-manager \ --namespace cert-manager \ - --version v1.6.1 \ + --version "v${CERT_MANAGER_VERSION}" \ --set installCRDs=true + ${KUBECTL_BIN} apply \ + -f "https://github.com/jetstack/cert-manager/releases/download/v${CERT_MANAGER_VERSION}/cert-manager.crds.yaml" } function create_cluster_issuer { - sed "s/EMAIL_ADDRESS/${EMAIL_ADDRESS}/" cluster_issuer.yaml | ${KUBECTL_BIN} apply -f - + sed "s/EMAIL_ADDRESS/${EMAIL_ADDRESS}/g" ./cert-manager/cluster_issuer.yaml | ${KUBECTL_BIN} apply -f - +} + +function create_certificates { + sed "s/DOMAIN/${DOMAIN}/g" ./cert-manager/argocd_cert.yaml | ${KUBECTL_BIN} apply -f - +} + +function create_argocd_ingress { + sed "s/DOMAIN/${DOMAIN}/g" ./cert-manager/argocd_ingress.yaml | ${KUBECTL_BIN} apply -f - } log_info "Installing cert manager..." install_cert_manager create_cluster_issuer +create_certificates +create_argocd_ingress -log_info "Installation completed successfuly!" +log_info "Cert-manager installation completed successfuly!" diff --git a/install.sh b/install.sh index 5284786..8f4e57c 100755 --- a/install.sh +++ b/install.sh @@ -1,7 +1,7 @@ #!/usr/bin/bash -source env -source logger.sh +source ./env +source ./logger.sh function install_helm { curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 \ diff --git a/logger.sh b/logger.sh index 8719f1f..8fcc888 100644 --- a/logger.sh +++ b/logger.sh @@ -2,5 +2,5 @@ blue_color="\e[34m" reset_color="\e[0m" function log_info { - printf "%b%s%b\n" "${blue_color}" "${1}" "${reset_color}" + printf "%b%s%b%s\n" "${blue_color}" "INFO: " "${reset_color}" "${1}" }