support for tls for streamer
diff --git a/setup/nuvolaris/streamer/nginx-template.yaml b/setup/nuvolaris/streamer/nginx-template.yaml
index 7202022..beb7bbc 100644
--- a/setup/nuvolaris/streamer/nginx-template.yaml
+++ b/setup/nuvolaris/streamer/nginx-template.yaml
@@ -21,10 +21,21 @@
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
+
+$T cert-manager.io/cluster-issuer: letsencrypt-prod
+$T nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+
name: nuvolaris-streamer-api-ingress
namespace: nuvolaris
+
spec:
ingressClassName: nginx
+
+$T tls:
+$T - hosts:
+$T - stream.${STREAMER_API_HOSTNAME:-localhost}
+$T secretName: streamer-api-tls
+
rules:
- host: stream.${STREAMER_API_HOSTNAME:-localhost}
http:
diff --git a/setup/nuvolaris/streamer/opsfile.yml b/setup/nuvolaris/streamer/opsfile.yml
index 97a7a8a..dff89ad 100644
--- a/setup/nuvolaris/streamer/opsfile.yml
+++ b/setup/nuvolaris/streamer/opsfile.yml
@@ -23,6 +23,7 @@
RETRY: 100
TIMEOUT: 15s
CONTEXT: ""
+ DRY: ""
env:
@@ -49,25 +50,28 @@
sh: ops util ingress-type
tasks:
-
- boh:
- desc: echo a message
- silent: true
- cmds:
- - echo "$host.Name"
deploy:
silent: true
ignore_error: false
desc: deploy the streamer
+ vars:
+ T:
+ sh: |
+ if kubectl -n nuvolaris get wsk/controller -ojsonpath='{.status.whisk_create.tls}' | rg on >/dev/null
+ then echo ""
+ else echo "#"
+ fi
cmds:
- test -e ${INGRESS_TYPE}-template.yaml || die "No avalable template for ingress type ${INGRESS_TYPE}."
- test -n "$IMAGES_STREAMER" || die "IMAGES_STREAMER is not set. Please set it to the desired image version."
- envsubst -i streamer-template.yaml -o _streamer.yaml > /dev/null 2>&1
- - envsubst -i "${INGRESS_TYPE}-template.yaml" -o _ingress.yaml > /dev/null 2>&1
- - kubectl -n nuvolaris apply -f _streamer.yaml
+ - |
+ export T="{{.T}}"
+ envsubst -i "${INGRESS_TYPE}-template.yaml" -o _ingress.yaml > /dev/null 2>&1
+ - "{{.DRY}} kubectl -n nuvolaris apply -f _streamer.yaml"
#- cat _ingress.yaml
- - kubectl -n nuvolaris apply -f _ingress.yaml
+ - "{{.DRY}} kubectl -n nuvolaris apply -f _ingress.yaml"
- |
echo "Streamer API deployed with HOSTNAME: stream.${STREAMER_API_HOSTNAME} and OW_APIHOST: ${OW_APIHOST}"
diff --git a/setup/nuvolaris/streamer/traefik-template.yaml b/setup/nuvolaris/streamer/traefik-template.yaml
index bf85cd1..24c7cb0 100644
--- a/setup/nuvolaris/streamer/traefik-template.yaml
+++ b/setup/nuvolaris/streamer/traefik-template.yaml
@@ -17,14 +17,26 @@
kind: Ingress
metadata:
annotations:
- ingressClassName: traefik
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
traefik.ingress.kubernetes.io/transport.respondingTimeouts.idleTimeout: "600"
traefik.ingress.kubernetes.io/transport.respondingTimeouts.readTimeout: "600"
traefik.ingress.kubernetes.io/transport.respondingTimeouts.writeTimeout: "600"
+
+$T cert-manager.io/cluster-issuer: letsencrypt-prod
+$T traefik.ingress.kubernetes.io/router.tls: "true"
+$T traefik.ingress.kubernetes.io/router.entrypoints: websecure,web
+
name: nuvolaris-streamer-api-ingress
namespace: nuvolaris
+
spec:
+ ingressClassName: traefik
+
+$T tls:
+$T - hosts:
+$T - stream.${STREAMER_API_HOSTNAME:-localhost}
+$T secretName: streamer-api-tls
+
rules:
- host: stream.${STREAMER_API_HOSTNAME:-localhost}
http:
@@ -35,4 +47,4 @@
port:
number: 8080
path: /
- pathType: Prefix
\ No newline at end of file
+ pathType: Prefix
