From b0fb38798d519a738805c1bac25a047df4769c74 Mon Sep 17 00:00:00 2001 From: "Dr. Alwin Simon" <003alwin@gmail.com> Date: Thu, 2 Nov 2023 19:48:01 +0530 Subject: [PATCH 1/5] Added cert-manager config file. For configuring ssl for https in k8s cluster. --- infra/ingress-nginx/prod/cert-manager.yaml | 30 ++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 infra/ingress-nginx/prod/cert-manager.yaml diff --git a/infra/ingress-nginx/prod/cert-manager.yaml b/infra/ingress-nginx/prod/cert-manager.yaml new file mode 100644 index 0000000..f29fd56 --- /dev/null +++ b/infra/ingress-nginx/prod/cert-manager.yaml @@ -0,0 +1,30 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-ssl-cert-issuer-prod + namespace: cert-manager +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: connectalwin@gmail.com + # Name of a secret used to store the ACME account private key + # privateKeySecretRef will be automatically configured in cluster- no manual config required + privateKeySecretRef: + name: letsencrypt-ssl-cert-key + # Enable the HTTP-01 challenge provider + solvers: + - http01: + ingress: + class: nginx + + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Instructions: +# Reference for configuration: https://cert-manager.io/docs/installation/kubectl/ +# Apply following command in cluster to configure cert-manager: +# - kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml +# Check status of cert-manager pods by running the following command +# - kubectl get pods --namespace cert-manager +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file From cce09afd13e8f9509e9e7402b6f49f2a7185a037 Mon Sep 17 00:00:00 2001 From: "Dr. Alwin Simon" <003alwin@gmail.com> Date: Thu, 2 Nov 2023 19:49:19 +0530 Subject: [PATCH 2/5] Configured to accommodate cert-manager configuration. --- infra/ingress-nginx/prod/prod-ingress-srv.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/infra/ingress-nginx/prod/prod-ingress-srv.yaml b/infra/ingress-nginx/prod/prod-ingress-srv.yaml index 69d7ccc..b7156f3 100644 --- a/infra/ingress-nginx/prod/prod-ingress-srv.yaml +++ b/infra/ingress-nginx/prod/prod-ingress-srv.yaml @@ -5,7 +5,14 @@ metadata: annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/use-regex: "true" + cert-manager.io/cluster-issuer: letsencrypt-ssl-cert-issuer-prod spec: + tls: + - hosts: + - bms.alwinsimon.com + - www.bms.alwinsimon.com + # Below secretName will be automatically configured in cluster- no manual config required + secretName: ssl-cert-key rules: - host: bms.alwinsimon.com http: From 6b4cedfe7de0f737b2e953410dbc9c86bf32c9d5 Mon Sep 17 00:00:00 2001 From: "Dr. Alwin Simon" <003alwin@gmail.com> Date: Thu, 2 Nov 2023 20:00:23 +0530 Subject: [PATCH 3/5] Moved cert-manager config to a seperate directory. To make it easier to configure CD Pipeline in such a way that it's only triggered if necessary. --- infra/{ingress-nginx/prod => ssl}/cert-manager.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename infra/{ingress-nginx/prod => ssl}/cert-manager.yaml (100%) diff --git a/infra/ingress-nginx/prod/cert-manager.yaml b/infra/ssl/cert-manager.yaml similarity index 100% rename from infra/ingress-nginx/prod/cert-manager.yaml rename to infra/ssl/cert-manager.yaml From 5dae088bcbb2143da2ffcb457bf34a96a15a0d0f Mon Sep 17 00:00:00 2001 From: "Dr. Alwin Simon" <003alwin@gmail.com> Date: Thu, 2 Nov 2023 20:24:24 +0530 Subject: [PATCH 4/5] Added new CD file to manage cert-manager deployment. --- .../workflows/CD - Deploy - SSL config.yml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/CD - Deploy - SSL config.yml diff --git a/.github/workflows/CD - Deploy - SSL config.yml b/.github/workflows/CD - Deploy - SSL config.yml new file mode 100644 index 0000000..d19336d --- /dev/null +++ b/.github/workflows/CD - Deploy - SSL config.yml @@ -0,0 +1,24 @@ +# ========================================= CD - Deploy - SSL Config ========================================= + +name: CD - Deploy - SSL Config + +on: + push: + branches: + - production + paths: + - "infra/ingress-nginx/**" + - "infra/ssl/**" + +jobs: + Deploy-Manifests-CD-Pipeline: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: digitalocean/action-doctl@v2 + with: + token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} + - run: doctl kubernetes cluster kubeconfig save ${{ secrets.DIGITALOCEAN_CLUSTER_ID }} + - run: kubectl apply -f infra/ssl + - run: kubectl apply -f infra/ingress-nginx/prod From a009ae86f02541ff29924dbb2c816d7bf37f27a9 Mon Sep 17 00:00:00 2001 From: "Dr. Alwin Simon" <003alwin@gmail.com> Date: Thu, 2 Nov 2023 20:29:04 +0530 Subject: [PATCH 5/5] Modified order of command execution. --- .github/workflows/CD - Deploy - Manifests.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/CD - Deploy - Manifests.yml b/.github/workflows/CD - Deploy - Manifests.yml index 217db34..389d8f4 100644 --- a/.github/workflows/CD - Deploy - Manifests.yml +++ b/.github/workflows/CD - Deploy - Manifests.yml @@ -19,4 +19,6 @@ jobs: with: token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} - run: doctl kubernetes cluster kubeconfig save ${{ secrets.DIGITALOCEAN_CLUSTER_ID }} - - run: kubectl apply -f infra/ingress-nginx/prod && kubectl apply -f infra/statefull && kubectl apply -f infra/stateless + - run: kubectl apply -f infra/statefull + - run: kubectl apply -f infra/stateless + - run: kubectl apply -f infra/ingress-nginx/prod