local base = import "k8s/configs/base.libsonnet"; local secrets = import "k8s/configs/environments/network/secrets.json"; local ddclient = import "k8s/configs/templates/core/network/ddclient.libsonnet"; local oauth2Proxy = import "k8s/configs/templates/core/security/oauth2-proxy.libsonnet"; local nginx = import "k8s/configs/templates/core/network/nginx-ingress.libsonnet"; local namespace = "network"; local ctx = base.NewContext(base.helm); { namespace: { apiVersion: "v1", kind: "Namespace", metadata: { name: namespace, }, }, secrets: { oauth2ProxyKubeDomain: oauth2Proxy.Secret(oauth2Proxy.SecretParams { namespace: "network", name: "oauth2-proxy-kube-domain", cookieSecret: secrets.oauth2_kube_cookie_secret, clientSecret: secrets.oauth2_kube_client_secret, clientId: secrets.oauth2_kube_client_id, }), oauth2ProxyDominionDomain: oauth2Proxy.Secret(oauth2Proxy.SecretParams { namespace: "network", name: "oauth2-proxy-dominion-domain", cookieSecret: secrets.oauth2_dominion_cookie_secret, clientSecret: secrets.oauth2_dominion_client_secret, clientId: secrets.oauth2_dominion_client_id, }) }, apps: { acmeStagingIssuer: base.ClusterIssuer(namespace, "letsencrypt-production") { spec+: { acme+: { email: "acmcarther+web@gmail.com", server: "https://acme-v02.api.letsencrypt.org/directory", privateKeySecretRef: { name: "letsencrypt-production", }, solvers: [ { http01: { ingress: { class: "nginx", }, }, }, ], }, }, }, acmeProdIssuer: base.ClusterIssuer(namespace, "letsencrypt-staging") { spec+: { acme+: { email: "acmcarther+web@gmail.com", server: "https://acme-staging-v02.api.letsencrypt.org/directory", privateKeySecretRef: { name: "letsencrypt-staging", }, solvers: [ { http01: { ingress: { class: "nginx", }, }, }, ], }, }, }, app: nginx.App(nginx.Params { namespace: namespace, name: "nginx-ingress", }), ddclientCheapassbox: ddclient.App(ddclient.Params { namespace: namespace, name: "ddclient", filePath: std.thisFile, configClaimName: "ddclient-config", login: "cheapassbox.com", password: secrets.ddclient_cheapassbox_password, }), ddclientCsbx: ddclient.App(ddclient.Params { namespace: namespace, name: "ddclient-csbx", filePath: std.thisFile, configClaimName: "ddclient-csbx-config", login: "csbx.dev", password: secrets.ddclient_csbx_password, }), /* ddclientCsbx: ddclient.App(ddclient.Params { namespace: namespace, name: "ddclient-cheapassusercontent", filePath: std.thisFile, configClaimName: "ddclient-cheapassusercontent-config", login: "cheapassusercontent.com", password: "3c02309b5b794823b1dce8343a300566", }), */ oauth2ProxyCheapassboxCom: oauth2Proxy.App(oauth2Proxy.Params { namespace: namespace, name: "oauth2-proxy-default-cheapassbox-com", filePath: std.thisFile, ingressHost: "oauth.cheapassbox.com", domains: ["cheapassbox.com"], oicdIssuerURL: "https://authentication.cheapassbox.com/realms/kube", secretName: "oauth2-proxy-kube-domain" }), oauth2ProxyCsbxDev: oauth2Proxy.App(oauth2Proxy.Params { namespace: namespace, name: "oauth2-proxy-default-csbx-dev", filePath: std.thisFile, ingressHost: "oauth.csbx.dev", domains: ["csbx.dev"], oicdIssuerURL: "https://auth.csbx.dev/realms/kube", secretName: "oauth2-proxy-kube-domain" }), oauth2ProxyDominionCheapassboxCom: oauth2Proxy.App(oauth2Proxy.Params { namespace: namespace, name: "oauth2-proxy-dominion-cheapassbox-com", filePath: std.thisFile, ingressHost: "oauth-dominion.cheapassbox.com", domains: ["cheapassbox.com"], oicdIssuerURL: "https://authentication.cheapassbox.com/realms/dominion", secretName: "oauth2-proxy-dominion-domain" }), oauth2ProxyDominionCsbxDev: oauth2Proxy.App(oauth2Proxy.Params { namespace: namespace, name: "oauth2-proxy-dominion-csbx-dev", filePath: std.thisFile, ingressHost: "oauth-dominion.csbx.dev", domains: ["csbx.dev"], oicdIssuerURL: "https://auth.csbx.dev/realms/dominion", secretName: "oauth2-proxy-dominion-domain" }), // TODO: Oauth2 proxy // TODO: nginx ingress }, }