From 09b5dacdda981cf6ae71a84f22da085ef39a6695 Mon Sep 17 00:00:00 2001 From: "P. Douglas Reeder" Date: Tue, 5 Nov 2024 09:43:54 -0500 Subject: [PATCH] uses spec.ingressClassName instead of annotation kubernetes.io/ingress.class --- community-edition/generate_script/hcce.yam | 14 ++++++++++---- .../services/certbotbot/entrypoint.sh | 11 +++++------ 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/community-edition/generate_script/hcce.yam b/community-edition/generate_script/hcce.yam index 0dcd3a6..cf94ed1 100644 --- a/community-edition/generate_script/hcce.yam +++ b/community-edition/generate_script/hcce.yam @@ -45,11 +45,11 @@ metadata: name: ret namespace: $Namespace annotations: - kubernetes.io/ingress.class: haproxy haproxy.org/response-set-header: | access-control-allow-origin "https://$HUB_DOMAIN" haproxy.org/path-rewrite: /api-internal(.*) /_drop_ spec: + ingressClassName: haproxy tls: - hosts: - $HUB_DOMAIN @@ -143,10 +143,10 @@ metadata: name: dialog namespace: $Namespace annotations: - kubernetes.io/ingress.class: haproxy haproxy.org/server-ssl: "true" haproxy.org/load-balance: "url_param roomId" spec: + ingressClassName: haproxy tls: - hosts: - stream.$HUB_DOMAIN @@ -169,9 +169,9 @@ metadata: name: nearspark namespace: $Namespace annotations: - kubernetes.io/ingress.class: haproxy haproxy.org/path-rewrite: /nearspark/(.*) /\1 spec: + ingressClassName: haproxy tls: - hosts: - cors.$HUB_DOMAIN @@ -1246,7 +1246,6 @@ spec: - --https-bind-port=4443 - --http-bind-port=8080 - --configmap-tcp-services=$Namespace/haproxy-tcp-config - - --ingress.class=haproxy - --log=warning #error warning info debug trace - --default-ssl-certificate=$Namespace/cert-hcce securityContext: @@ -1273,6 +1272,13 @@ spec: fieldRef: fieldPath: metadata.namespace --- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: haproxy +spec: + controller: haproxy.org/ingress-controller +--- apiVersion: v1 kind: Service metadata: diff --git a/community-edition/services/certbotbot/entrypoint.sh b/community-edition/services/certbotbot/entrypoint.sh index 00e9cd8..2aa7ff8 100644 --- a/community-edition/services/certbotbot/entrypoint.sh +++ b/community-edition/services/certbotbot/entrypoint.sh @@ -48,9 +48,8 @@ kind: Ingress metadata: name: certbotbot-http namespace: ${NAMESPACE} - annotations: - kubernetes.io/ingress.class: haproxy spec: + ingressClassName: haproxy rules: - host: ${DOMAIN} http: @@ -60,14 +59,14 @@ spec: backend: service: name: certbotbot-http - port: + port: number: 80 EOF ) echo "${CERTBOTING}"|kubectl apply -f - echo "start nginx and wait $INGRESS_WAIT sec for ingress to pick up the pod" && nginx && sleep $INGRESS_WAIT - + echo "requesting cert" retries=10 while (( retries > 0 )) && ! certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --preferred-challenges http --nginx -d $DOMAIN @@ -131,7 +130,7 @@ echo "CP_TO_NS=$CP_TO_NS" echo "LETSENCRYPT_ACCOUNT=$LETSENCRYPT_ACCOUNT" if [ -z $INGRESS_WAIT ]; then INGRESS_WAIT="30"; fi -if ! [ -z $LETSENCRYPT_ACCOUNT ]; then +if ! [ -z $LETSENCRYPT_ACCOUNT ]; then acctDir="/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/" mkdir -p $acctDir echo $LETSENCRYPT_ACCOUNT | base64 -d > acct.tar.gz && tar -xf acct.tar.gz -C $acctDir @@ -160,7 +159,7 @@ for ns in ${CP_TO_NS//,/ }; do save_cert $CERT_NAME $ns; done # if [ "$NAMESPACE" == "ingress" ]; then kubectl -n $NAMESPACE rollout restart deployment haproxy; fi -if [ -z $LETSENCRYPT_ACCOUNT ]; then +if [ -z $LETSENCRYPT_ACCOUNT ]; then cd /etc/letsencrypt/accounts/acme*/directory/ && tar -czvf acct.tar.gz . acct=$(cat acct.tar.gz|base64) echo "reporting new letsencrypt account to orch: $acct"