Merge pull request #29 from ssciolla/asc-32-cert-routes

Add certificate, route annotations, and custom hosts to `k8s` variants (ASC-32)
mlibrary · Sep 25, 2023 · 56ae6c2 · 56ae6c2
2 parents dff1a04 + 5397973
commit 56ae6c2
Show file tree

Hide file tree

Showing 17 changed files with 78 additions and 10 deletions.
diff --git a/k8s/base-with-cert/app/cert.yaml b/k8s/base-with-cert/app/cert.yaml
@@ -0,0 +1,15 @@
+kind: Certificate
+apiVersion: cert-manager.io/v1
+metadata:
+  name: aspace
+  labels:
+    service: aspace
+spec:
+  secretName: cert-secret
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+  # The certificate will be valid for the following names (dnsNames will
+  # appear in the certificate's Subject Alternative Names field).
+  # Overlays will patch in the dnsNames
+  dnsNames:
diff --git a/k8s/base-with-cert/app/route-staff.yaml b/k8s/base-with-cert/app/route-staff.yaml
@@ -0,0 +1,4 @@
+- op: add
+  path: /metadata/annotations
+  value:
+    cert-utils-operator.redhat-cop.io/certs-from-secret: cert-secret
diff --git a/k8s/base-with-cert/kustomization.yaml b/k8s/base-with-cert/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../base
+- app/cert.yaml
+patches:
+- path: app/route-staff.yaml
+  target:
+    kind: Route
+    name: aspace-staff
+    version: v1
diff --git a/k8s/base/app/deployment.yml b/k8s/base/app/deployment.yml
@@ -19,7 +19,7 @@ spec:
       containers:
         - image: ghcr.io/mlibrary/aspace-containerization/aspace-app:v3.4.1
           name: app
-          imagePullPolicy: IfNotPresent
+          imagePullPolicy: Always
           envFrom:
             - secretRef:
                 name: app-secret

diff --git a/k8s/overlays/bentley/app/cert.yaml b/k8s/overlays/bentley/app/cert.yaml
@@ -0,0 +1,5 @@
+- op: replace
+  path: /spec/dnsNames
+  value:
+    - bentley.archivesspace.lib.umich.edu
+    - api.bentley.archivesspace.lib.umich.edu
diff --git a/k8s/overlays/bentley/app/route-api.yaml b/k8s/overlays/bentley/app/route-api.yaml
@@ -5,11 +5,12 @@ metadata:
     service: aspace
   name: aspace-api
   annotations:
+    cert-utils-operator.redhat-cop.io/certs-from-secret: cert-secret
     haproxy.router.openshift.io/ip_whitelist: >-
       35.1.0.0/16 35.2.0.0/16 35.3.0.0/16 35.4.0.0/16 35.5.0.0/16 35.7.0.0/18
       35.7.128.0/18 141.211.0.0/16 141.213.128.0/17
 spec:
-  host: archivesspace-bentley-api.apps.aws.web.umich.edu
+  host: api.bentley.archivesspace.lib.umich.edu
   port:
     targetPort: 8089
   tls:

diff --git a/k8s/overlays/bentley/app/route-staff.yaml b/k8s/overlays/bentley/app/route-staff.yaml
@@ -1,3 +1,3 @@
 - op: add
   path: /spec/host
-  value: archivesspace-bentley.apps.aws.web.umich.edu
+  value: bentley.archivesspace.lib.umich.edu
diff --git a/k8s/overlays/bentley/kustomization.yaml b/k8s/overlays/bentley/kustomization.yaml
@@ -3,7 +3,7 @@ kind: Kustomization
 commonLabels:
   variant: bentley
 resources:
-- ../../base
+- ../../base-with-cert
 - app/route-api.yaml
 patches:
 - path: app/deployment.yaml
@@ -16,6 +16,11 @@ patches:
     kind: Route
     name: aspace-staff
     version: v1
+- path: app/cert.yaml
+  target:
+    kind: Certificate
+    name: aspace
+    version: v1
 secretGenerator:
 - name: app-secret
   envs:

diff --git a/k8s/overlays/clements/app/cert.yaml b/k8s/overlays/clements/app/cert.yaml
@@ -0,0 +1,4 @@
+- op: replace
+  path: /spec/dnsNames
+  value:
+    - clements.archivesspace.lib.umich.edu
diff --git a/k8s/overlays/clements/app/route-staff.yaml b/k8s/overlays/clements/app/route-staff.yaml
@@ -1,3 +1,3 @@
 - op: add
   path: /spec/host
-  value: archivesspace-clements.apps.aws.web.umich.edu
+  value: clements.archivesspace.lib.umich.edu
diff --git a/k8s/overlays/clements/kustomization.yaml b/k8s/overlays/clements/kustomization.yaml
@@ -3,7 +3,7 @@ kind: Kustomization
 commonLabels:
   variant: clements
 resources:
-- ../../base
+- ../../base-with-cert
 patches:
 - path: app/deployment.yaml
   target:
@@ -15,6 +15,11 @@ patches:
     kind: Route
     name: aspace-staff
     version: v1
+- path: app/cert.yaml
+  target:
+    kind: Certificate
+    name: aspace
+    version: v1
 secretGenerator:
 - name: app-secret
   envs:

diff --git a/k8s/overlays/spcoll/app/cert.yaml b/k8s/overlays/spcoll/app/cert.yaml
@@ -0,0 +1,4 @@
+- op: replace
+  path: /spec/dnsNames
+  value:
+    - spcoll.archivesspace.lib.umich.edu
diff --git a/k8s/overlays/spcoll/app/route-staff.yaml b/k8s/overlays/spcoll/app/route-staff.yaml
@@ -1,3 +1,3 @@
 - op: add
   path: /spec/host
-  value: archivesspace-spcoll.apps.aws.web.umich.edu
+  value: spcoll.archivesspace.lib.umich.edu
diff --git a/k8s/overlays/spcoll/kustomization.yaml b/k8s/overlays/spcoll/kustomization.yaml
@@ -3,7 +3,7 @@ kind: Kustomization
 commonLabels:
   variant: spcoll
 resources:
-- ../../base
+- ../../base-with-cert
 patches:
 - path: app/deployment.yaml
   target:
@@ -15,6 +15,11 @@ patches:
     kind: Route
     name: aspace-staff
     version: v1
+- path: app/cert.yaml
+  target:
+    kind: Certificate
+    name: aspace
+    version: v1
 secretGenerator:
 - name: app-secret
   envs:

diff --git a/k8s/overlays/test/app/cert.yaml b/k8s/overlays/test/app/cert.yaml
@@ -0,0 +1,4 @@
+- op: replace
+  path: /spec/dnsNames
+  value:
+    - test.archivesspace.lib.umich.edu
diff --git a/k8s/overlays/test/app/route-staff.yaml b/k8s/overlays/test/app/route-staff.yaml
@@ -1,3 +1,3 @@
 - op: add
   path: /spec/host
-  value: archivesspace-test.apps.aws.web.umich.edu
+  value: test.archivesspace.lib.umich.edu
diff --git a/k8s/overlays/test/kustomization.yaml b/k8s/overlays/test/kustomization.yaml
@@ -3,13 +3,18 @@ kind: Kustomization
 commonLabels:
   variant: test
 resources:
-- ../../base
+- ../../base-with-cert
 patches:
 - path: app/route-staff.yaml
   target:
     kind: Route
     name: aspace-staff
     version: v1
+- path: app/cert.yaml
+  target:
+    kind: Certificate
+    name: aspace
+    version: v1
 secretGenerator:
 - name: app-secret
   envs: