8157b39ea4
Some checks failed
CI / build (push) Failing after 12s
GitOrigin-RevId: 6370f6ea785709295b6abcf9c60717cacf3ac432
147 lines
No EOL
5.5 KiB
Jsonnet
147 lines
No EOL
5.5 KiB
Jsonnet
local base = import "k8s/configs/base.libsonnet";
|
|
local secrets = import "k8s/configs/environments/network/secrets.json";
|
|
local ddclient = import "k8s/configs/templates/core/network/ddclient.libsonnet";
|
|
local oauth2Proxy = import "k8s/configs/templates/core/security/oauth2-proxy.libsonnet";
|
|
local nginx = import "k8s/configs/templates/core/network/nginx-ingress.libsonnet";
|
|
|
|
local namespace = "network";
|
|
local ctx = base.NewContext(base.helm);
|
|
|
|
|
|
{
|
|
namespace: {
|
|
apiVersion: "v1",
|
|
kind: "Namespace",
|
|
metadata: {
|
|
name: namespace,
|
|
},
|
|
},
|
|
secrets: {
|
|
oauth2ProxyKubeDomain: oauth2Proxy.Secret(oauth2Proxy.SecretParams {
|
|
namespace: "network",
|
|
name: "oauth2-proxy-kube-domain",
|
|
cookieSecret: secrets.oauth2_kube_cookie_secret,
|
|
clientSecret: secrets.oauth2_kube_client_secret,
|
|
clientId: secrets.oauth2_kube_client_id,
|
|
}),
|
|
oauth2ProxyDominionDomain: oauth2Proxy.Secret(oauth2Proxy.SecretParams {
|
|
namespace: "network",
|
|
name: "oauth2-proxy-dominion-domain",
|
|
cookieSecret: secrets.oauth2_dominion_cookie_secret,
|
|
clientSecret: secrets.oauth2_dominion_client_secret,
|
|
clientId: secrets.oauth2_dominion_client_id,
|
|
})
|
|
},
|
|
apps: {
|
|
acmeStagingIssuer: base.ClusterIssuer(namespace, "letsencrypt-production") {
|
|
spec+: {
|
|
acme+: {
|
|
email: "acmcarther+web@gmail.com",
|
|
server: "https://acme-v02.api.letsencrypt.org/directory",
|
|
privateKeySecretRef: {
|
|
name: "letsencrypt-production",
|
|
},
|
|
solvers: [
|
|
{
|
|
http01: {
|
|
ingress: {
|
|
class: "nginx",
|
|
},
|
|
},
|
|
},
|
|
],
|
|
},
|
|
},
|
|
},
|
|
acmeProdIssuer: base.ClusterIssuer(namespace, "letsencrypt-staging") {
|
|
spec+: {
|
|
acme+: {
|
|
email: "acmcarther+web@gmail.com",
|
|
server: "https://acme-staging-v02.api.letsencrypt.org/directory",
|
|
privateKeySecretRef: {
|
|
name: "letsencrypt-staging",
|
|
},
|
|
solvers: [
|
|
{
|
|
http01: {
|
|
ingress: {
|
|
class: "nginx",
|
|
},
|
|
},
|
|
},
|
|
],
|
|
},
|
|
},
|
|
},
|
|
app: nginx.App(nginx.Params {
|
|
namespace: namespace,
|
|
name: "nginx-ingress",
|
|
}),
|
|
|
|
ddclientCheapassbox: ddclient.App(ddclient.Params {
|
|
namespace: namespace,
|
|
name: "ddclient",
|
|
filePath: std.thisFile,
|
|
configClaimName: "ddclient-config",
|
|
login: "cheapassbox.com",
|
|
password: secrets.ddclient_cheapassbox_password,
|
|
}),
|
|
ddclientCsbx: ddclient.App(ddclient.Params {
|
|
namespace: namespace,
|
|
name: "ddclient-csbx",
|
|
filePath: std.thisFile,
|
|
configClaimName: "ddclient-csbx-config",
|
|
login: "csbx.dev",
|
|
password: secrets.ddclient_csbx_password,
|
|
}),
|
|
/*
|
|
ddclientCsbx: ddclient.App(ddclient.Params {
|
|
namespace: namespace,
|
|
name: "ddclient-cheapassusercontent",
|
|
filePath: std.thisFile,
|
|
configClaimName: "ddclient-cheapassusercontent-config",
|
|
login: "cheapassusercontent.com",
|
|
password: "3c02309b5b794823b1dce8343a300566",
|
|
}),
|
|
*/
|
|
oauth2ProxyCheapassboxCom: oauth2Proxy.App(oauth2Proxy.Params {
|
|
namespace: namespace,
|
|
name: "oauth2-proxy-default-cheapassbox-com",
|
|
filePath: std.thisFile,
|
|
ingressHost: "oauth.cheapassbox.com",
|
|
domains: ["cheapassbox.com"],
|
|
oicdIssuerURL: "https://authentication.cheapassbox.com/realms/kube",
|
|
secretName: "oauth2-proxy-kube-domain"
|
|
}),
|
|
oauth2ProxyCsbxDev: oauth2Proxy.App(oauth2Proxy.Params {
|
|
namespace: namespace,
|
|
name: "oauth2-proxy-default-csbx-dev",
|
|
filePath: std.thisFile,
|
|
ingressHost: "oauth.csbx.dev",
|
|
domains: ["csbx.dev"],
|
|
oicdIssuerURL: "https://auth.csbx.dev/realms/kube",
|
|
secretName: "oauth2-proxy-kube-domain"
|
|
}),
|
|
oauth2ProxyDominionCheapassboxCom: oauth2Proxy.App(oauth2Proxy.Params {
|
|
namespace: namespace,
|
|
name: "oauth2-proxy-dominion-cheapassbox-com",
|
|
filePath: std.thisFile,
|
|
ingressHost: "oauth-dominion.cheapassbox.com",
|
|
domains: ["cheapassbox.com"],
|
|
oicdIssuerURL: "https://authentication.cheapassbox.com/realms/dominion",
|
|
secretName: "oauth2-proxy-dominion-domain"
|
|
}),
|
|
oauth2ProxyDominionCsbxDev: oauth2Proxy.App(oauth2Proxy.Params {
|
|
namespace: namespace,
|
|
name: "oauth2-proxy-dominion-csbx-dev",
|
|
filePath: std.thisFile,
|
|
ingressHost: "oauth-dominion.csbx.dev",
|
|
domains: ["csbx.dev"],
|
|
oicdIssuerURL: "https://auth.csbx.dev/realms/dominion",
|
|
secretName: "oauth2-proxy-dominion-domain"
|
|
}),
|
|
|
|
// TODO: Oauth2 proxy
|
|
// TODO: nginx ingress
|
|
},
|
|
} |