Add traefik and cert manager

2025-11-22 17:03:03 -06:00
parent 0af945f1b9
commit f746cc7a13
2 changed files with 38 additions and 0 deletions
--- a/iac/src/main/k8s/add_ons/cert_manager.cljs
+++ b/iac/src/main/k8s/add_ons/cert_manager.cljs
@@ -0,0 +1,18 @@
+(ns k8s.add-ons.cert-manager)
+
+(def config
+  {:stack [:vault:prepare [:k8s :secret :chart :cluster-issuer]]
+   :app-namespace "cert-manager"
+   :app-name "cert-manager"
+   :is-prod? true
+   :k8s:chart-opts {:fetchOpts {:repo "https://charts.jetstack.io"}
+                    :chart "cert-manager"
+                    :version "v1.15.0"
+                    :namespace "cert-manager"
+                    :values {:installCRDs true}}
+   :k8s:secret-opts {:metadata {:name "api-token-secret"}
+                     :stringData {:apiToken 'token}}
+   :k8s:cluster-issuer-opts {:spec {:acme {:email 'email
+                                      :solvers [{:dns01 {:cloudflare {:apiTokenSecretRef {:name "api-token-secret" :key "apiToken"}}}
+                                                 :selector {:dnsZones '(parse domains)}}]}}}
+   })
--- a/iac/src/main/k8s/add_ons/gateway/traefik.cljs
+++ b/iac/src/main/k8s/add_ons/gateway/traefik.cljs
@@ -0,0 +1,20 @@
+(ns k8s.add-ons.gateway.traefik)
+
+(def config
+  {:stack [:vault:prepare [:k8s :secret :chart :gateway :certificates]]
+   :app-namespace "traefik"
+   :app-name "traefik"
+   :is-prod? true
+   :vault-load-yaml false
+   :k8s:chart-opts {:fetchOpts {:repo 'repo}
+                    :chart 'chart
+                    :version "37.3.0"
+                    :namespace "traefik"
+                    :values {:providers {:kubernetesGateway {:enabled true}}
+                             :gatewayClass {:enabled true
+                                            :name "traefik"}}}
+   :k8s:gateway-opts
+   {:metadata {:name "main-gateway"
+               :namespace "traefik"}
+    :spec {:gatewayClassName "traefik"
+           :listeners '(make-listeners domains)}}})