diff --git a/.github/workflows/CD - Deploy - Manifests.yml b/.github/workflows/CD - Deploy - Manifests.yml index 217db34..389d8f4 100644 --- a/.github/workflows/CD - Deploy - Manifests.yml +++ b/.github/workflows/CD - Deploy - Manifests.yml @@ -19,4 +19,6 @@ jobs: with: token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} - run: doctl kubernetes cluster kubeconfig save ${{ secrets.DIGITALOCEAN_CLUSTER_ID }} - - run: kubectl apply -f infra/ingress-nginx/prod && kubectl apply -f infra/statefull && kubectl apply -f infra/stateless + - run: kubectl apply -f infra/statefull + - run: kubectl apply -f infra/stateless + - run: kubectl apply -f infra/ingress-nginx/prod diff --git a/.github/workflows/CD - Deploy - SSL config.yml b/.github/workflows/CD - Deploy - SSL config.yml new file mode 100644 index 0000000..d19336d --- /dev/null +++ b/.github/workflows/CD - Deploy - SSL config.yml @@ -0,0 +1,24 @@ +# ========================================= CD - Deploy - SSL Config ========================================= + +name: CD - Deploy - SSL Config + +on: + push: + branches: + - production + paths: + - "infra/ingress-nginx/**" + - "infra/ssl/**" + +jobs: + Deploy-Manifests-CD-Pipeline: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: digitalocean/action-doctl@v2 + with: + token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} + - run: doctl kubernetes cluster kubeconfig save ${{ secrets.DIGITALOCEAN_CLUSTER_ID }} + - run: kubectl apply -f infra/ssl + - run: kubectl apply -f infra/ingress-nginx/prod diff --git a/infra/ingress-nginx/prod/prod-ingress-srv.yaml b/infra/ingress-nginx/prod/prod-ingress-srv.yaml index 69d7ccc..b7156f3 100644 --- a/infra/ingress-nginx/prod/prod-ingress-srv.yaml +++ b/infra/ingress-nginx/prod/prod-ingress-srv.yaml @@ -5,7 +5,14 @@ metadata: annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/use-regex: "true" + cert-manager.io/cluster-issuer: letsencrypt-ssl-cert-issuer-prod spec: + tls: + - hosts: + - bms.alwinsimon.com + - www.bms.alwinsimon.com + # Below secretName will be automatically configured in cluster- no manual config required + secretName: ssl-cert-key rules: - host: bms.alwinsimon.com http: diff --git a/infra/ssl/cert-manager.yaml b/infra/ssl/cert-manager.yaml new file mode 100644 index 0000000..f29fd56 --- /dev/null +++ b/infra/ssl/cert-manager.yaml @@ -0,0 +1,30 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-ssl-cert-issuer-prod + namespace: cert-manager +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: connectalwin@gmail.com + # Name of a secret used to store the ACME account private key + # privateKeySecretRef will be automatically configured in cluster- no manual config required + privateKeySecretRef: + name: letsencrypt-ssl-cert-key + # Enable the HTTP-01 challenge provider + solvers: + - http01: + ingress: + class: nginx + + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Instructions: +# Reference for configuration: https://cert-manager.io/docs/installation/kubectl/ +# Apply following command in cluster to configure cert-manager: +# - kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml +# Check status of cert-manager pods by running the following command +# - kubectl get pods --namespace cert-manager +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file