imfreedom/k8s-cluster

Add some default TLSOption's for all of our IngressRoute's and update all of them to use it.

2020-05-07, Gary Kramlich
4fcb01e61de0
Parents b40beb2f5a3e
Children 40090e27f8de
Add some default TLSOption's for all of our IngressRoute's and update all of them to use it.
16 files changed, 61 insertions(+), 0 deletions(-)
  • +13 -0
    20-ingress.yaml
  • +3 -0
    50-carrier.pidgin.im.yaml
  • +3 -0
    50-ci.imfreedom.org.yaml
  • +3 -0
    50-data.imfreedom.org.yaml
  • +3 -0
    50-docs.pidgin.im.yaml
  • +3 -0
    50-gaim.pidgin.im.yaml
  • +3 -0
    50-hub.imfreedom.org.yaml
  • +3 -0
    50-imfreedom.org.yaml
  • +3 -0
    50-issues.imfreedom.org.yaml
  • +3 -0
    50-keep.imfreedom.org.yaml
  • +3 -0
    50-monitoring.imfreedom.org.yaml
  • +6 -0
    50-nest.pidgin.im.yaml
  • +3 -0
    50-planet.pidgin.im.yaml
  • +3 -0
    50-reaperworld.com.yaml
  • +3 -0
    50-reviews.imfreedom.org.yaml
  • +3 -0
    50-xmpp.imfreedom.org.yaml
    • --- a/20-ingress.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/20-ingress.yaml Thu May 07 04:27:13 2020 -0500
    @@ -143,6 +143,19 @@
    name: traefik-service-account
    namespace: kube-public
    ---
    +apiVersion: traefik.containo.us/v1alpha1
    +kind: TLSOption
    +metadata:
    + name: default
    + namespace: kube-public
    +spec:
    + minVersion: VersionTLS12
    + maxVersion: VersionTLS13
    + cipherSuites:
    + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    + sniStrict: true
    +---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    --- a/50-carrier.pidgin.im.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-carrier.pidgin.im.yaml Thu May 07 04:27:13 2020 -0500
    @@ -35,6 +35,9 @@
    - name: common-headers
    tls:
    secretName: carrier-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    --- a/50-ci.imfreedom.org.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-ci.imfreedom.org.yaml Thu May 07 04:27:13 2020 -0500
    @@ -162,6 +162,9 @@
    - name: common-headers
    tls:
    secretName: ci-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    --- a/50-data.imfreedom.org.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-data.imfreedom.org.yaml Thu May 07 04:27:13 2020 -0500
    @@ -45,6 +45,9 @@
    - name: common-headers
    tls:
    secretName: data-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    --- a/50-docs.pidgin.im.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-docs.pidgin.im.yaml Thu May 07 04:27:13 2020 -0500
    @@ -76,6 +76,9 @@
    - name: common-headers
    tls:
    secretName: docs-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    --- a/50-gaim.pidgin.im.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-gaim.pidgin.im.yaml Thu May 07 04:27:13 2020 -0500
    @@ -34,6 +34,9 @@
    - name: common-headers
    tls:
    secretName: gaim-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    --- a/50-hub.imfreedom.org.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-hub.imfreedom.org.yaml Thu May 07 04:27:13 2020 -0500
    @@ -36,6 +36,9 @@
    - name: common-headers
    tls:
    secretName: hub-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    --- a/50-imfreedom.org.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-imfreedom.org.yaml Thu May 07 04:27:13 2020 -0500
    @@ -34,6 +34,9 @@
    - name: common-headers
    tls:
    secretName: imfreedom-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    --- a/50-issues.imfreedom.org.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-issues.imfreedom.org.yaml Thu May 07 04:27:13 2020 -0500
    @@ -47,6 +47,9 @@
    - name: common-headers
    tls:
    secretName: issues-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    --- a/50-keep.imfreedom.org.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-keep.imfreedom.org.yaml Thu May 07 04:27:13 2020 -0500
    @@ -49,6 +49,9 @@
    - name: common-headers
    tls:
    secretName: keep-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    --- a/50-monitoring.imfreedom.org.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-monitoring.imfreedom.org.yaml Thu May 07 04:27:13 2020 -0500
    @@ -92,6 +92,9 @@
    - name: common
    tls:
    secretName: monitoring-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    --- a/50-nest.pidgin.im.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-nest.pidgin.im.yaml Thu May 07 04:27:13 2020 -0500
    @@ -28,6 +28,9 @@
    - name: nest-redirects
    tls:
    secretName: nest-redirects-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    @@ -133,6 +136,9 @@
    - name: common-headers
    tls:
    secretName: nest-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    --- a/50-planet.pidgin.im.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-planet.pidgin.im.yaml Thu May 07 04:27:13 2020 -0500
    @@ -46,6 +46,9 @@
    - name: planet-pidgin-redirect
    tls:
    secretName: planet-pidgin-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    --- a/50-reaperworld.com.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-reaperworld.com.yaml Thu May 07 04:27:13 2020 -0500
    @@ -54,6 +54,9 @@
    - name: common-headers
    tls:
    secretName: www-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    --- a/50-reviews.imfreedom.org.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-reviews.imfreedom.org.yaml Thu May 07 04:27:13 2020 -0500
    @@ -35,6 +35,9 @@
    - name: common-headers
    tls:
    secretName: reviews-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    --- a/50-xmpp.imfreedom.org.yaml Sun May 03 19:02:19 2020 -0500
    +++ b/50-xmpp.imfreedom.org.yaml Thu May 07 04:27:13 2020 -0500
    @@ -34,6 +34,9 @@
    port: 5280
    tls:
    secretName: imfreedom-tls
    + options:
    + name: default
    + namespace: kube-public
    ---
    apiVersion: traefik.containo.us/v1alpha1
    kind: IngressRoute