Aktualisiere Installationsanweisungen und entferne nicht benötigte TLS-Zertifikatdefinitionen für Gateways
This commit is contained in:
Matthias Hinrichs
@@ -1,28 +1,28 @@
|
|||||||
# Basic requirements
|
# Phase-Secrets-Operator
|
||||||
|
|
||||||
In diesem Schritt installieren wir
|
|
||||||
- phase-secrets-operator
|
|
||||||
- cert-manager
|
|
||||||
- external-DNS mit Webhook Provider für Unifi
|
|
||||||
|
|
||||||
## Phase-Secrets-Operator
|
|
||||||
|
|
||||||
helm repo add phase https://helm.phase.dev && helm repo update
|
helm repo add phase https://helm.phase.dev && helm repo update
|
||||||
|
|
||||||
helm install phase-secrets-operator phase/phase-kubernetes-operator --set image.tag=v1.3.0
|
helm install phase-secrets-operator phase/phase-kubernetes-operator --set image.tag=v1.3.0
|
||||||
|
|
||||||
kubectl create secret generic phase-service-token \
|
kubectl create secret generic phase-service-token \
|
||||||
--from-literal=token=pss_service:v2:XXXXXXXXXXXXXXXXXXXXX \
|
--from-literal=token=<TOKEN> \
|
||||||
--type=Opaque \
|
--type=Opaque \
|
||||||
--namespace=default
|
--namespace=default
|
||||||
|
|
||||||
## Cert-Manager und Cluster-Issuer
|
# Cert-Manager installieren
|
||||||
|
# 1. Repository hinzufügen und updaten
|
||||||
|
helm repo add jetstack https://charts.jetstack.io && helm repo update
|
||||||
|
|
||||||
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.19.2/cert-manager.yaml
|
# 2. Installation mit Gateway API Support
|
||||||
|
helm install cert-manager jetstack/cert-manager \
|
||||||
|
--namespace cert-manager \
|
||||||
|
--create-namespace \
|
||||||
|
--set installCRDs=true \
|
||||||
|
--set "config.enableGatewayAPI=true"
|
||||||
|
|
||||||
k apply -f manifests
|
kubectl apply -f manifests
|
||||||
|
|
||||||
## External-DNS
|
# External DNS installieren
|
||||||
|
|
||||||
helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/
|
helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/
|
||||||
|
|
||||||
|
|||||||
@@ -39,16 +39,3 @@ spec:
|
|||||||
- kind: GRPCRoute
|
- kind: GRPCRoute
|
||||||
namespaces:
|
namespaces:
|
||||||
from: All
|
from: All
|
||||||
---
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: argocd-gateway-tls
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
secretName: argocd-gateway-tls
|
|
||||||
dnsNames:
|
|
||||||
- argocd.k8s.hnrx.net
|
|
||||||
issuerRef:
|
|
||||||
name: cloudflare-cluster-issuer
|
|
||||||
kind: ClusterIssuer
|
|
||||||
|
|||||||
@@ -24,17 +24,3 @@ spec:
|
|||||||
mode: Terminate
|
mode: Terminate
|
||||||
certificateRefs:
|
certificateRefs:
|
||||||
- name: shared-gateway-tls
|
- name: shared-gateway-tls
|
||||||
|
|
||||||
---
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: shared-gateway-tls
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
secretName: shared-gateway-tls
|
|
||||||
dnsNames:
|
|
||||||
- '*.k8s.hnrx.net'
|
|
||||||
issuerRef:
|
|
||||||
name: cloudflare-cluster-issuer
|
|
||||||
kind: ClusterIssuer
|
|
||||||
Reference in New Issue
Block a user