From 996be25250d573162fd69b170ef86bb75e74f938 Mon Sep 17 00:00:00 2001 From: Chris Date: Thu, 20 Jan 2022 11:23:15 +0100 Subject: [PATCH 1/2] Add TLS spec to Ingress --- component/cluster.libsonnet | 8 ++++++++ docs/modules/ROOT/pages/references/parameters.adoc | 2 ++ tests/golden/oidc/oidc/oidc/10_cluster.yaml | 4 ++++ 3 files changed, 14 insertions(+) diff --git a/component/cluster.libsonnet b/component/cluster.libsonnet index 06fff3c..5dd604a 100644 --- a/component/cluster.libsonnet +++ b/component/cluster.libsonnet @@ -341,6 +341,14 @@ local cluster = function(name, options) }, }, ], + tls: [ + { + hosts: [ + options.ingress.host, + ], + secretName: name + '-tls', + }, + ], }, }; diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 53549a8..0b97fb8 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -110,6 +110,7 @@ type:: string default:: `null` If set, an ingress with the defined host is created. +The ingress is created with TLS spec for the same host. == `ingress.annotations` @@ -127,6 +128,7 @@ ingress: nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" + cert-manager.io/cluster-issuer: letsencrypt-production ---- Additional annotations for the ingress object. diff --git a/tests/golden/oidc/oidc/oidc/10_cluster.yaml b/tests/golden/oidc/oidc/oidc/10_cluster.yaml index 8095ed0..231b5fd 100644 --- a/tests/golden/oidc/oidc/oidc/10_cluster.yaml +++ b/tests/golden/oidc/oidc/oidc/10_cluster.yaml @@ -248,6 +248,10 @@ spec: name: https path: / pathType: Prefix + tls: + - hosts: + - testcluster.local + secretName: oidc-tls --- apiVersion: batch/v1 kind: Job From 453a73cdd81e918cb16ded7e8b71a75f38877a2e Mon Sep 17 00:00:00 2001 From: Chris Date: Thu, 20 Jan 2022 14:43:33 +0100 Subject: [PATCH 2/2] Assume that cert-manager is installed --- class/defaults.yml | 3 ++- docs/modules/ROOT/pages/references/parameters.adoc | 5 +++-- tests/golden/oidc/oidc/oidc/10_cluster.yaml | 3 ++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/class/defaults.yml b/class/defaults.yml index 715292e..f6563e8 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -28,7 +28,8 @@ parameters: ingress: host: null labels: {} - annotations: {} + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production ocp_route: host: null diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 0b97fb8..03e6879 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -112,12 +112,14 @@ default:: `null` If set, an ingress with the defined host is created. The ingress is created with TLS spec for the same host. +NOTE: It's assumed that `cert-manager` is running on the cluster to provision Let's Encrypt certificates. + == `ingress.annotations` [horizontal] type:: dict -default:: `{}` +default:: `{cert-manager.io/cluster-issuer: letsencrypt-production}` example:: + [source,yaml] @@ -128,7 +130,6 @@ ingress: nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" - cert-manager.io/cluster-issuer: letsencrypt-production ---- Additional annotations for the ingress object. diff --git a/tests/golden/oidc/oidc/oidc/10_cluster.yaml b/tests/golden/oidc/oidc/oidc/10_cluster.yaml index 231b5fd..0973948 100644 --- a/tests/golden/oidc/oidc/oidc/10_cluster.yaml +++ b/tests/golden/oidc/oidc/oidc/10_cluster.yaml @@ -231,7 +231,8 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - annotations: {} + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production labels: name: oidc name: oidc