add letsencrypt issuer, ingress rule for web, service setup for web, refs #216

Author: batpad

osm-seed/templates/letsencrypt-issuer.yaml

@@ -0,0 +1,24 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+    name: letsencrypt-prod-issuer
+spec:
+    acme:
+        # You must replace this email address with your own.
+        # Let's Encrypt will use this to contact you about expiring
+        # certificates, and issues related to your account.
+        email: {{ .Values.adminEmail }}
+        # ACME server URL for Let’s Encrypt’s staging environment.
+        # Specify custom server here (https://acme-staging-v02.api.letsencrypt.org/directory)
+        # to hit staging LE
+        server: https://acme-v02.api.letsencrypt.org/directory
+        privateKeySecretRef:
+        # Secret resource used to store the account's private key.
+            name: letsencrypt-issuer-key
+        # Enable the HTTP-01 challenge provider
+        # you prove ownership of a domain by ensuring that a particular
+        # file is present at the domain
+        solvers:
+        - http01:
+            ingress:
+                class: nginx

osm-seed/templates/web/web-ingress.yaml

@@ -0,0 +1,26 @@
+{{- if .Values.web.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ template "osm-seed.fullname" . }}-ingress-web
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
+spec:
+  tls:
+    - hosts:
+      - web.{{ .Values.domain }}
+      secretName: {{ template "osm-seed.fullname" . }}-secret-web
+
+  rules:
+  - host: web.{{ .Values.domain }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ template "osm-seed.fullname" . }}-web
+            port:
+              number: 80
+{{- end }}

osm-seed/values.yaml

@@ -36,25 +36,46 @@ AWS_SSL_ARN: false
 # ====================================================================================================
 # Ingress variables
 # ====================================================================================================
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  path: /
-  hosts:
-    - chart-example.local
-  tls: []
+# ingress:
+#   enabled: false
+#   annotations: {}
+#     # kubernetes.io/ingress.class: nginx
+#     # kubernetes.io/tls-acme: "true"
+#   path: /
+#   hosts:
+#     - chart-example.local
+#   tls: []
+
+# # ====================================================================================================
+# # Domain app configuration
+# # ====================================================================================================
+# domain:
+#   #enabled, If you set  enabled=true, you should uncomment the following configurations
+#   enabled: false
+#   # domainName, Add here your domain or the fixed IP  where the server is running
+#   domainName: example.com
+#   protocolo: http
+
+# Domain that is pointed to the clusterIP
+# You will need to create an A record like *.osmseed.example.com pointed to the ClusterIP
+# Then, the cluster configuration will setup services at their respective subdomains:
+# - web.osmseed.example.com
+# - overpass.osmseed.example.com
+# - nominatim.osmseed.example.com
+# - etc.
+domain: osmseed.example.com
 
 # ====================================================================================================
-# Domain app configuration
+# Configuration for Lets Encrypt setup
 # ====================================================================================================
-domain:
-  #enabled, If you set  enabled=true, you should uncomment the following configurations
-  enabled: false
-  # domainName, Add here your domain or the fixed IP  where the server is running
-  domainName: example.com
-  protocolo: http
+
+# Admin Email address used when generating Lets Encrypt certificates.
+# You will be notified of expirations, etc. on this email address.
+adminEmail: [email protected]
+
+# Sets the installCRDs to true for the lets-encrypt subchart.
+lets-encrypt:
+  installCRDs: true
 
 # ====================================================================================================
 # ====================================================================================================