ingress for iks and route for roks

data-henrik · data-henrik · commit bcd216e59876 · 2024-01-10T15:43:01.000+01:00
diff --git a/app/generate_yaml.sh b/app/generate_yaml.sh
@@ -26,9 +26,15 @@ if [[ -z "$TARGET_NAMESPACE" ]]; then
   export TARGET_NAMESPACE=default
 fi
 
+cat secure-file-storage.template.yaml | \
+  envsubst '$IMAGE_PULL_SECRET $IMAGE_REPOSITORY $TARGET_NAMESPACE $BASENAME' > secure-file-storage.yaml
+
+
 if [[ -z "$PUBLIC_CERT_ID" ]] && [[ -z "$SECRETS_MANAGER_API_URL" ]] && [[ -z "$MYDOMAIN" ]]; then
-  cat secure-file-storage.template.yaml | \
-    envsubst '$IMAGE_NAME $INGRESS_SECRET $INGRESS_SUBDOMAIN $IMAGE_PULL_SECRET $IMAGE_REPOSITORY $TARGET_NAMESPACE $BASENAME' > secure-file-storage.yaml
+  cat secure-file-storage-ingress.template.yaml | \
+    envsubst '$INGRESS_SECRET $INGRESS_SUBDOMAIN $TARGET_NAMESPACE $BASENAME' > secure-file-storage-ingress.yaml
+  cat secure-file-storage-route.template.yaml | \
+    envsubst '$INGRESS_SECRET $INGRESS_SUBDOMAIN $TARGET_NAMESPACE $BASENAME' > secure-file-storage-route.yaml
   exit
 fi
 
@@ -47,6 +53,9 @@ if [[ -z "$MYDOMAIN" ]]; then
   exit 1
 fi
 
-cat secure-file-storage.template.yaml | \
+cat secure-file-storage-ingress.template.yaml | \
+  sed -e 's/^# //' |
+  envsubst '$PUBLIC_CERT_ID $SECRETS_MANAGER_API_URL $MYDOMAIN $INGRESS_SECRET $INGRESS_SUBDOMAIN $TARGET_NAMESPACE $BASENAME' > secure-file-storage-ingress.yaml
+cat secure-file-storage-route.template.yaml | \
   sed -e 's/^# //' |
-  envsubst '$PUBLIC_CERT_ID $SECRETS_MANAGER_API_URL $MYDOMAIN $IMAGE_NAME $INGRESS_SECRET $INGRESS_SUBDOMAIN $IMAGE_PULL_SECRET $IMAGE_REPOSITORY $TARGET_NAMESPACE $BASENAME' > secure-file-storage.yaml
+  envsubst '$PUBLIC_CERT_ID $SECRETS_MANAGER_API_URL $MYDOMAIN $INGRESS_SECRET $INGRESS_SUBDOMAIN $TARGET_NAMESPACE $BASENAME' > secure-file-storage-route.yaml  
diff --git a/app/secure-file-storage-ingress.template.yaml b/app/secure-file-storage-ingress.template.yaml
@@ -0,0 +1,79 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-for-secure-file-storage
+  namespace: $TARGET_NAMESPACE
+  annotations:
+    kubernetes.io/ingress.class: public-iks-k8s-nginx
+spec:
+  tls:
+  - hosts:
+    - secure-file-storage.$INGRESS_SUBDOMAIN
+    secretName: $INGRESS_SECRET
+## Uncomment below if you are using a custom domain. Remove '# '
+#   - hosts:
+#     - secure-file-storage.$MYDOMAIN
+#     secretName: secure-file-storage-certificate
+  rules:
+  - host: secure-file-storage.$INGRESS_SUBDOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: secure-file-storage-service
+            port: 
+              number: 8081
+## Uncomment below if you are using a custom domain. Remove '# '
+#   - host: secure-file-storage.$MYDOMAIN
+#     http:
+#       paths:
+#       - path: /
+#         pathType: Prefix
+#         backend:
+#           service:
+#             name: secure-file-storage-service
+#             port:
+#               number: 8081
+# ---
+# apiVersion: external-secrets.io/v1beta1
+# kind: SecretStore
+# metadata:
+#   name: secure-file-storage-secretstore
+# spec:
+#   provider:
+#     ibm:
+#       serviceUrl: $SECRETS_MANAGER_API_URL
+#       auth:
+#         secretRef:
+#           secretApiKeySecretRef:
+#             name: secure-file-storage-api-key
+#             key: apikey
+# ---
+# apiVersion: external-secrets.io/v1beta1
+# kind: ExternalSecret
+# metadata:
+#   name: secure-file-storage-external-secret
+# spec:
+#   refreshInterval: 1m
+#   secretStoreRef:
+#     name: secure-file-storage-secretstore
+#     kind: SecretStore
+#   target:
+#     name: secure-file-storage-certificate
+#     template:
+#       type: kubernetes.io/tls
+#       data:
+#         tls.crt: '{{ .sfscrt | toString }}'
+#         tls.key: '{{ .sfskey | toString }}'
+#     creationPolicy: Owner
+#   data:
+#   - secretKey: sfscrt
+#     remoteRef:
+#       key: public_cert/$PUBLIC_CERT_ID
+#       property: certificate
+#   - secretKey: sfskey
+#     remoteRef:
+#       key: public_cert/$PUBLIC_CERT_ID
+#       property: private_key
diff --git a/app/secure-file-storage-route.template.yaml b/app/secure-file-storage-route.template.yaml
@@ -0,0 +1,59 @@
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: secure-file-storage-route
+  namespace: $TARGET_NAMESPACE
+spec:
+  host: >-
+    secure-file-storage.$INGRESS_SUBDOMAIN
+  to:
+    kind: Service
+    name: secure-file-storage-service
+    weight: 100
+  port:
+    targetPort: 8081
+  tls:
+    termination: edge
+    insecureEdgeTerminationPolicy: Redirect
+  wildcardPolicy: None
+# ---
+# apiVersion: external-secrets.io/v1beta1
+# kind: SecretStore
+# metadata:
+#   name: secure-file-storage-secretstore
+# spec:
+#   provider:
+#     ibm:
+#       serviceUrl: $SECRETS_MANAGER_API_URL
+#       auth:
+#         secretRef:
+#           secretApiKeySecretRef:
+#             name: secure-file-storage-api-key
+#             key: apikey
+# ---
+# apiVersion: external-secrets.io/v1beta1
+# kind: ExternalSecret
+# metadata:
+#   name: secure-file-storage-external-secret
+# spec:
+#   refreshInterval: 1m
+#   secretStoreRef:
+#     name: secure-file-storage-secretstore
+#     kind: SecretStore
+#   target:
+#     name: secure-file-storage-certificate
+#     template:
+#       type: kubernetes.io/tls
+#       data:
+#         tls.crt: '{{ .sfscrt | toString }}'
+#         tls.key: '{{ .sfskey | toString }}'
+#     creationPolicy: Owner
+#   data:
+#   - secretKey: sfscrt
+#     remoteRef:
+#       key: public_cert/$PUBLIC_CERT_ID
+#       property: certificate
+#   - secretKey: sfskey
+#     remoteRef:
+#       key: public_cert/$PUBLIC_CERT_ID
+#       property: private_key
diff --git a/app/secure-file-storage.template.yaml b/app/secure-file-storage.template.yaml
@@ -27,10 +27,10 @@ spec:
       labels:
         app: secure-file-storage
     spec:
-## Uncomment only if you aren't deploying to the default namespace, remove ##
-## In this case, make sure to create a Docker registry secret
-##      imagePullSecrets:
-##        - name: $IMAGE_PULL_SECRET
+# Uncomment only if you aren't deploying to the default namespace, remove #
+# In this case, make sure to create a Docker registry secret
+#      imagePullSecrets:
+#        - name: $IMAGE_PULL_SECRET
       containers:
       - name: secure-file-storage-container
         image: $IMAGE_REPOSITORY:latest
@@ -39,84 +39,4 @@ spec:
         - containerPort: 8081
         envFrom:
          - secretRef:
-            name: $BASENAME-credentials
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: ingress-for-sfs
-  namespace: $TARGET_NAMESPACE
-  annotations:
-    kubernetes.io/ingress.class: public-iks-k8s-nginx
-spec:
-  tls:
-  - hosts:
-    - secure-file-storage.$INGRESS_SUBDOMAIN
-    secretName: $INGRESS_SECRET
-## Uncomment below if you are using a custom domain. Remove '# '
-#   - hosts:
-#     - secure-file-storage.$MYDOMAIN
-#     secretName: secure-file-storage-certificate
-  rules:
-  - host: secure-file-storage.$INGRESS_SUBDOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: secure-file-storage-service
-            port: 
-              number: 8081
-## Uncomment below if you are using a custom domain. Remove '# '
-#   - host: secure-file-storage.$MYDOMAIN
-#     http:
-#       paths:
-#       - path: /
-#         pathType: Prefix
-#         backend:
-#           service:
-#             name: secure-file-storage-service
-#             port:
-#               number: 8081
-# ---
-# apiVersion: external-secrets.io/v1beta1
-# kind: SecretStore
-# metadata:
-#   name: secure-file-storage-secretstore
-# spec:
-#   provider:
-#     ibm:
-#       serviceUrl: $SECRETS_MANAGER_API_URL
-#       auth:
-#         secretRef:
-#           secretApiKeySecretRef:
-#             name: secure-file-storage-api-key
-#             key: apikey
-# ---
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: secure-file-storage-external-secret
-# spec:
-#   refreshInterval: 1m
-#   secretStoreRef:
-#     name: secure-file-storage-secretstore
-#     kind: SecretStore
-#   target:
-#     name: secure-file-storage-certificate
-#     template:
-#       type: kubernetes.io/tls
-#       data:
-#         tls.crt: '{{ .sfscrt | toString }}'
-#         tls.key: '{{ .sfskey | toString }}'
-#     creationPolicy: Owner
-#   data:
-#   - secretKey: sfscrt
-#     remoteRef:
-#       key: public_cert/$PUBLIC_CERT_ID
-#       property: certificate
-#   - secretKey: sfskey
-#     remoteRef:
-#       key: public_cert/$PUBLIC_CERT_ID
-#       property: private_key
+            name: $BASENAME-credentials
