diff --git a/iac/src/main/k8s/add_ons/cert_manager.cljs b/iac/src/main/k8s/add_ons/cert_manager.cljs new file mode 100644 index 0000000..dcedf8b --- /dev/null +++ b/iac/src/main/k8s/add_ons/cert_manager.cljs @@ -0,0 +1,18 @@ +(ns k8s.add-ons.cert-manager) + +(def config + {:stack [:vault:prepare [:k8s :secret :chart :cluster-issuer]] + :app-namespace "cert-manager" + :app-name "cert-manager" + :is-prod? true + :k8s:chart-opts {:fetchOpts {:repo "https://charts.jetstack.io"} + :chart "cert-manager" + :version "v1.15.0" + :namespace "cert-manager" + :values {:installCRDs true}} + :k8s:secret-opts {:metadata {:name "api-token-secret"} + :stringData {:apiToken 'token}} + :k8s:cluster-issuer-opts {:spec {:acme {:email 'email + :solvers [{:dns01 {:cloudflare {:apiTokenSecretRef {:name "api-token-secret" :key "apiToken"}}} + :selector {:dnsZones '(parse domains)}}]}}} + }) diff --git a/iac/src/main/k8s/add_ons/gateway/traefik.cljs b/iac/src/main/k8s/add_ons/gateway/traefik.cljs new file mode 100644 index 0000000..b8ed77b --- /dev/null +++ b/iac/src/main/k8s/add_ons/gateway/traefik.cljs @@ -0,0 +1,20 @@ +(ns k8s.add-ons.gateway.traefik) + +(def config + {:stack [:vault:prepare [:k8s :secret :chart :gateway :certificates]] + :app-namespace "traefik" + :app-name "traefik" + :is-prod? true + :vault-load-yaml false + :k8s:chart-opts {:fetchOpts {:repo 'repo} + :chart 'chart + :version "37.3.0" + :namespace "traefik" + :values {:providers {:kubernetesGateway {:enabled true}} + :gatewayClass {:enabled true + :name "traefik"}}} + :k8s:gateway-opts + {:metadata {:name "main-gateway" + :namespace "traefik"} + :spec {:gatewayClassName "traefik" + :listeners '(make-listeners domains)}}})