openpgp-ca: Initial Commit

drGrove · drGrove · commit fd22a144529e · 2021-04-22T09:11:41.000-07:00
diff --git a/openpgp-ca/add-domain-deployment.patch.yaml b/openpgp-ca/add-domain-deployment.patch.yaml
@@ -0,0 +1,12 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: openpgp-ca
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: init
+          env:
+            - name: DOMAIN
+              value: "hashbang.sh"
diff --git a/openpgp-ca/ingress.yaml b/openpgp-ca/ingress.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: openpgp-ca
+  labels:
+    app.kubernetes.io/name: openpgp-ca
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+    nginx.ingress.kubernetes.io/auth-tls-secret: "mtls/mtls-certs"
+    nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
+    nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "false"
+spec:
+  tls:
+    - hosts:
+      - openpgp-ca.hashbang.sh
+      secretName: opepgp-ca-tls
+  rules:
+    - host: openpgp-ca.hashbang.sh
+      http:
+        paths:
+          - path: "/"
+            backend:
+              serviceName: openpgp-ca
+              servicePort: http
diff --git a/openpgp-ca/kustomization.yaml b/openpgp-ca/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: openpgp-ca
+resources:
+  - https://gitlab.com/openpgp-ca/openpgp-ca/kustomize/restd/?ref=master
+  - ingress.yaml
+patches:
+  - path: add-domain-deployment.patch.yaml
