Skip to content

Commit 3fbc5b8

Browse files
mkol5222mkol5222
committed
integrated cluster issuer to appsec chart
1 parent 686e8d6 commit 3fbc5b8

File tree

5 files changed

+30
-10
lines changed

5 files changed

+30
-10
lines changed

CHANGELOG.md

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
* appsec 0.1.1 - 2024-03-07: integration of Lets encrypt cluster issuer

README.md

+2-8
Original file line numberDiff line numberDiff line change
@@ -25,18 +25,12 @@ newgrp microk8s
2525
# setup user profile
2626
. <(curl -s https://raw.githubusercontent.com/mkol5222/appsec-chart/main/setup-user.sh)
2727

28-
# ready to deploy certificate issuer with HTTP-01 solver - FOCUS ON EMAIL ADDRESS!!!
29-
#
30-
#
31-
#
32-
MY_EMAIL_ADDRESS="[email protected]" # REPLACE
33-
helm install letsencrypt https://github.com/mkol5222/appsec-chart/releases/download/certs-0.1.0/certs-0.1.0.tgz --set letsencrypt.email=$MY_EMAIL_ADDRESS
34-
3528

3629
# ready to deploy AppSec WAF - FOCUS ON INPUTS AND DNS RECORD!!!
3730
#
3831
#
3932
#
33+
MY_EMAIL_ADDRESS="[email protected]" # REPLACE
4034
APPSEC_TOKEN=cp-abc123... # REPLACE WITH REAL TOKEN from Infinity Portal
4135
APPSEC_HOSTNAME=appsec1492.klaud.online # REPLACE
4236

@@ -47,7 +41,7 @@ echo "Make sure DNS recort for $APPSEC_HOSTNAME points to $VMPUBLICIP"
4741
sudo resolvectl flush-caches
4842
dig +short $APPSEC_HOSTNAME
4943

50-
helm install appsec https://github.com/mkol5222/appsec-chart/releases/download/appsec-0.1.0/appsec-0.1.0.tgz --set cptoken=$APPSEC_TOKEN --set hostname=$APPSEC_HOSTNAME
44+
helm install appsec https://github.com/mkol5222/appsec-chart/releases/download/appsec-0.1.1/appsec-0.1.1.tgz --set cptoken=$APPSEC_TOKEN --set hostname=$APPSEC_HOSTNAME --set letsencrypt.email=$MY_EMAIL_ADDRESS
5145

5246
# monitor appsec and http-01 solver
5347
k get po --watch

charts/appsec/Chart.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -2,5 +2,5 @@ apiVersion: v2
22
name: appsec
33
description: Simple deployment of CloudGuard WAF with HTTPS and certs
44
type: application
5-
version: 0.1.0
5+
version: 0.1.1
66
appVersion: "1.0.1"

charts/appsec/templates/issuer.yaml

+17
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
---
2+
apiVersion: cert-manager.io/v1
3+
kind: ClusterIssuer
4+
metadata:
5+
name: lets-encrypt
6+
spec:
7+
acme:
8+
email: {{ .Values.letsencrypt.email }}
9+
server: https://acme-v02.api.letsencrypt.org/directory
10+
privateKeySecretRef:
11+
# Secret resource that will be used to store the account's private key.
12+
name: {{ default "lets-encrypt-priviate-key" .Values.letsencrypt.secret }}
13+
# Add a single challenge solver, HTTP01 using nginx
14+
solvers:
15+
- http01:
16+
ingress:
17+
class: public

charts/appsec/values.yaml

+9-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,12 @@
11

22
# hostname to publish to
33
hostname: "web1492.klaud.online"
4-
cptoken:
4+
cptoken:
5+
6+
# Lets encrypt cluster issuer
7+
8+
letsencrypt:
9+
# Lets encrypt certificate issuer user
10+
email: "[email protected]"
11+
# secret used to store Lets encrypt account's private key
12+
secret: lets-encrypt-priviate-key

0 commit comments

Comments
 (0)