cluster/kube: ceph dashboard tls certificates
diff --git a/cluster/kube/cluster.jsonnet b/cluster/kube/cluster.jsonnet
index b49f01a..4ee3d8f 100644
--- a/cluster/kube/cluster.jsonnet
+++ b/cluster/kube/cluster.jsonnet
@@ -63,6 +63,18 @@
// Main nginx Ingress Controller
nginx: nginx.Environment {},
certmanager: certmanager.Environment {},
+ issuer: certmanager.ClusterIssuer("letsencrypt-prod") {
+ spec: {
+ acme: {
+ server: "https://acme-v02.api.letsencrypt.org/directory",
+ email: "bofh@hackerspace.pl",
+ privateKeySecretRef: {
+ name: "letsencrypt-prod"
+ },
+ http01: {},
+ },
+ },
+ },
// Rook Ceph storage
rook: rook.Operator {},
diff --git a/cluster/kube/lib/rook.libsonnet b/cluster/kube/lib/rook.libsonnet
index 9c7b1e9..b553ca4 100644
--- a/cluster/kube/lib/rook.libsonnet
+++ b/cluster/kube/lib/rook.libsonnet
@@ -439,8 +439,19 @@
},
dashboardIngress: kube.Ingress(cluster.name("dashboard")) {
- metadata+: cluster.metadata,
+ metadata+: cluster.metadata {
+ annotations+: {
+ "kubernetes.io/tls-acme": "true",
+ "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
+ },
+ },
spec+: {
+ tls: [
+ {
+ hosts: ["%s.hswaw.net" % name],
+ secretName: cluster.name("dashboard"),
+ },
+ ],
rules: [
{
host: "%s.hswaw.net" % name,