diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-03-03 04:04:38 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-03-03 04:04:38 +0100 |
| commit | 60569568d1196462fec768d4bc6e23e4afe52cc5 (patch) | |
| tree | 58cae4e1a86d333dee02d204a5c3d0b61cac80e3 /contrib/k8s-emc/acme-hack | |
| parent | updated stream-site to 2019 (diff) | |
matomo/graphite/grafana work now
Diffstat (limited to 'contrib/k8s-emc/acme-hack')
| -rwxr-xr-x | contrib/k8s-emc/acme-hack/do.sh | 33 | ||||
| -rw-r--r-- | contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml | 10 | ||||
| -rw-r--r-- | contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml | 2 | ||||
| -rw-r--r-- | contrib/k8s-emc/acme-hack/nginx-acme-svc.yml | 6 |
4 files changed, 26 insertions, 25 deletions
diff --git a/contrib/k8s-emc/acme-hack/do.sh b/contrib/k8s-emc/acme-hack/do.sh index beaae3a..3c2b5e3 100755 --- a/contrib/k8s-emc/acme-hack/do.sh +++ b/contrib/k8s-emc/acme-hack/do.sh @@ -1,22 +1,23 @@ #!/bin/bash -if [ -z "$1" ]; then - echo "usage: $0 (create|replace)" - exit 1 -fi +declare -A domains +domains[emc-live]="emc-live.elev8.at" +domains[emc-stats]="emc-stats.elev8.at" +domains[stream-elev8]="stream.elev8.at" +domains[stream-elevate]="stream.elevate.at" -#HOSTS="emc-00 emc-01 emc-02 emc-03 emc-04 emc-05 emc-06 helene" -HOSTS="emc-00" - -kubectl "$1" -f nginx-acme-cm.yml -for node in $HOSTS; do - cat nginx-acme-deploy.yml | sed "s/<<node>>/$node/g" | kubectl "$1" -f - - cat nginx-acme-svc.yml | sed "s/<<node>>/$node/g" | kubectl "$1" -f - - cat nginx-acme-ingress.yml | sed "s/<<name>>/$node/g" | sed "s/<<node>>/$node/g" | sed "s/<<hostname>>/$node.spreadspace.org/g" | kubectl "$1" -f - +kubectl apply -f nginx-acme-cm.yml +kubectl apply -f nginx-acme-deploy.yml +kubectl apply -f nginx-acme-svc.yml +for name in "${!domains[@]}"; do + cat nginx-acme-ingress.yml | sed "s/<<name>>/$name/g" | sed "s/<<hostname>>/${domains[$name]}/g" | kubectl apply -f - done -cat nginx-acme-ingress.yml | sed "s/<<name>>/elevate-live/g" | sed "s/<<node>>/emc-00/g" | sed "s/<<hostname>>/elevate-live.spreadspace.org/g" | kubectl "$1" -f - -cat nginx-acme-ingress.yml | sed "s/<<name>>/elevate-stats/g" | sed "s/<<node>>/emc-00/g" | sed "s/<<hostname>>/elevate-stats.spreadspace.org/g" | kubectl "$1" -f - -cat nginx-acme-ingress.yml | sed "s/<<name>>/elevate-stream/g" | sed "s/<<node>>/emc-00/g" | sed "s/<<hostname>>/stream.elevate.at/g" | kubectl "$1" -f - +### TODO: wait for all pods and then contiune the script +#exit 0 + +ssh emc-00 systemctl start acmetool -cat nginx-acme-ingress.yml | sed "s/<<name>>/elevate-feed/g" | sed "s/<<node>>/helene/g" | sed "s/<<hostname>>/elevate-feed.spreadspace.org/g" | kubectl "$1" -f - +for name in "${!domains[@]}"; do + ssh emc-00 kubectl -n emc create secret tls "$name\-tls" "--cert=/var/lib/acme/live/${domains[$name]}/fullchain" "--key=/var/lib/acme/live/${domains[$name]}/privkey" --dry-run -o json | kubectl apply -f - +done diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml b/contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml index 7800b32..3549f0d 100644 --- a/contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml +++ b/contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml @@ -2,12 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: namespace: emc - name: nginx-acme-hack-<<node>> + name: nginx-acme-hack-emc-00 labels: app: nginx type: acme-challenge tier: hack - worker: <<node>> + worker: emc-00 spec: replicas: 1 selector: @@ -15,7 +15,7 @@ spec: app: nginx type: acme-challenge tier: hack - worker: <<node>> + worker: emc-00 strategy: type: Recreate revisionHistoryLimit: 5 @@ -25,9 +25,9 @@ spec: app: nginx type: acme-challenge tier: hack - worker: <<node>> + worker: emc-00 spec: - nodeName: <<node>> + nodeName: emc-00 securityContext: runAsUser: 998 fsGroup: 998 diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml b/contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml index 4e47cf2..c6c2b0b 100644 --- a/contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml +++ b/contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml @@ -15,5 +15,5 @@ spec: paths: - path: /.well-known/acme-challenge/ backend: - serviceName: nginx-acme-hack-<<node>> + serviceName: nginx-acme-hack-emc-00 servicePort: 8080 diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-svc.yml b/contrib/k8s-emc/acme-hack/nginx-acme-svc.yml index 318d1ca..7bc3540 100644 --- a/contrib/k8s-emc/acme-hack/nginx-acme-svc.yml +++ b/contrib/k8s-emc/acme-hack/nginx-acme-svc.yml @@ -2,18 +2,18 @@ apiVersion: v1 kind: Service metadata: namespace: emc - name: nginx-acme-hack-<<node>> + name: nginx-acme-hack-emc-00 labels: app: nginx type: acme-challenge tier: hack - worker: <<node>> + worker: emc-00 spec: selector: app: nginx type: acme-challenge tier: hack - worker: <<node>> + worker: emc-00 clusterIP: None ports: - name: http |