Skip to content

Commit 7b02dd1

Browse files
3scale-robot3scale-robot
authored
Merge pull request #300 from 3scale-ops/feat/local-setup/tls
Add TLS for all endpoints in local-setup
2 parents 606ce77 + 2322ee4 commit 7b02dd1

File tree

4 files changed

+99
-2
lines changed

4 files changed

+99
-2
lines changed

config/local-setup/workloads/apicast.yaml

Lines changed: 38 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,27 @@
1+
apiVersion: cert-manager.io/v1
2+
kind: Certificate
3+
metadata:
4+
name: apicast-staging-wildcard-cert
5+
spec:
6+
dnsNames: ["*.REPLACE"]
7+
issuerRef:
8+
kind: ClusterIssuer
9+
name: selfsigned-cluster-issuer
10+
secretName: apicast-staging-wildcard-cert
11+
12+
---
13+
apiVersion: cert-manager.io/v1
14+
kind: Certificate
15+
metadata:
16+
name: apicast-production-wildcard-cert
17+
spec:
18+
dnsNames: ["*.REPLACE"]
19+
issuerRef:
20+
kind: ClusterIssuer
21+
name: selfsigned-cluster-issuer
22+
secretName: apicast-production-wildcard-cert
23+
24+
---
125
apiVersion: saas.3scale.net/v1alpha1
226
kind: Apicast
327
metadata:
@@ -12,7 +36,7 @@ spec:
1236
config:
1337
configurationCache: 300
1438
threescalePortalEndpoint: "http://mapping-service/config"
15-
endpoint: {dns: ['*.REPLACE']}
39+
endpoint: {dns: ["*.REPLACE"]}
1640
hpa: {}
1741
loadBalancer:
1842
proxyProtocol: false
@@ -27,6 +51,12 @@ spec:
2751
proxyProtocol: false
2852
port: 38080
2953
routeConfigName: router
54+
https:
55+
listenerHttp:
56+
proxyProtocol: false
57+
certificateSecretName: apicast-production-wildcard-cert
58+
port: 38443
59+
routeConfigName: router
3060
router:
3161
routeConfiguration:
3262
virtualHosts:
@@ -62,7 +92,7 @@ spec:
6292
config:
6393
configurationCache: 60
6494
threescalePortalEndpoint: "http://mapping-service/config"
65-
endpoint: {dns: ['*.REPLACE']}
95+
endpoint: {dns: ["*.REPLACE"]}
6696
hpa: {}
6797
loadBalancer:
6898
proxyProtocol: false
@@ -77,6 +107,12 @@ spec:
77107
proxyProtocol: false
78108
port: 38080
79109
routeConfigName: router
110+
https:
111+
listenerHttp:
112+
proxyProtocol: false
113+
certificateSecretName: apicast-staging-wildcard-cert
114+
port: 38443
115+
routeConfigName: router
80116
mgmt_cluster:
81117
cluster:
82118
host: 127.0.0.1

config/local-setup/workloads/backend.yaml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,14 @@
1+
apiVersion: cert-manager.io/v1
2+
kind: Certificate
3+
metadata:
4+
name: backend-cert
5+
spec:
6+
dnsNames: ["REPLACE"]
7+
issuerRef:
8+
kind: ClusterIssuer
9+
name: selfsigned-cluster-issuer
10+
secretName: backend-cert
11+
112
---
213
apiVersion: saas.3scale.net/v1alpha1
314
kind: Backend
@@ -42,6 +53,12 @@ spec:
4253
port: 38081
4354
proxyProtocol: false
4455
routeConfigName: router_internal
56+
https:
57+
listenerHttp:
58+
proxyProtocol: false
59+
certificateSecretName: backend-cert
60+
port: 38443
61+
routeConfigName: router_external
4562
router_external:
4663
routeConfiguration:
4764
virtualHosts:

config/local-setup/workloads/echoapi.yaml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,15 @@
1+
apiVersion: cert-manager.io/v1
2+
kind: Certificate
3+
metadata:
4+
name: echoapi-cert
5+
spec:
6+
dnsNames: ["REPLACE"]
7+
issuerRef:
8+
kind: ClusterIssuer
9+
name: selfsigned-cluster-issuer
10+
secretName: echoapi-cert
11+
12+
---
113
apiVersion: saas.3scale.net/v1alpha1
214
kind: EchoAPI
315
metadata:
@@ -33,6 +45,12 @@ spec:
3345
proxyProtocol: false
3446
port: 38080
3547
routeConfigName: echo_api_route
48+
https:
49+
listenerHttp:
50+
proxyProtocol: false
51+
certificateSecretName: echoapi-cert
52+
port: 38443
53+
routeConfigName: echo_api_route
3654
envoyImage: REPLACE
3755
nodeID: echo-api
3856
ports:

config/local-setup/workloads/replacements/domains.yaml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,14 @@
1515
kind: System
1616
fieldPaths:
1717
- spec.config.apicast.stagingDomain
18+
- select:
19+
kind: Certificate
20+
name: apicast-staging-wildcard-cert
21+
fieldPaths:
22+
- spec.dnsNames.0
23+
options:
24+
delimiter: "."
25+
index: 1
1826
- source:
1927
kind: ConfigMap
2028
name: config
@@ -31,6 +39,14 @@
3139
kind: System
3240
fieldPaths:
3341
- spec.config.apicast.productionDomain
42+
- select:
43+
kind: Certificate
44+
name: apicast-production-wildcard-cert
45+
fieldPaths:
46+
- spec.dnsNames.0
47+
options:
48+
delimiter: "."
49+
index: 1
3450

3551
# CONFIGURE AUTOSSL ENDPOINT
3652
- source:
@@ -66,6 +82,11 @@
6682
kind: EchoAPI
6783
fieldPaths:
6884
- spec.endpoint.dns.0
85+
- select:
86+
kind: Certificate
87+
name: echoapi-cert
88+
fieldPaths:
89+
- spec.dnsNames.0
6990

7091
# CONFIGURE BACKEND ENDPOINT
7192
- source:
@@ -84,6 +105,11 @@
84105
options:
85106
delimiter: "/"
86107
index: 2
108+
- select:
109+
kind: Certificate
110+
name: backend-cert
111+
fieldPaths:
112+
- spec.dnsNames.0
87113

88114
# CONFIGURE SYSTEM ENDPOINT
89115
- source:

0 commit comments

Comments
 (0)