diff --git a/artifacts/apiservice.yaml b/artifacts/apiservice.yaml index 48abdb4b..b99c833e 100644 --- a/artifacts/apiservice.yaml +++ b/artifacts/apiservice.yaml @@ -2,8 +2,9 @@ apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: name: v1alpha1.config.sdcio.dev + annotations: + cert-manager.io/inject-ca-from: network-system/config-apiservice spec: - insecureSkipTLSVerify: true group: config.sdcio.dev groupPriorityMinimum: 1000 versionPriority: 15 @@ -12,4 +13,3 @@ spec: namespace: network-system port: 6443 version: v1alpha1 - #caBundle: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZekNDQWt1Z0F3SUJBZ0lKQUtKY0FOZ3htSG1TTUEwR0NTcUdTSWIzRFFFQkN3VUFNR1V4Q3pBSkJnTlYKQkFZVEFuVnVNUXN3Q1FZRFZRUUlEQUp6ZERFS01BZ0dBMVVFQnd3QmJERUtNQWdHQTFVRUNnd0JiekVMTUFrRwpBMVVFQ3d3Q2IzVXhKREFpQmdOVkJBTU1HMkpoYzJsakxXTmxjblJwWm1sallYUmxMV0YxZEdodmNtbDBlVEFlCkZ3MHlNakF6TXpFd09URTNOVE5hRncweU16QXpNekV3T1RFM05UTmFNR1V4Q3pBSkJnTlZCQVlUQW5WdU1Rc3cKQ1FZRFZRUUlEQUp6ZERFS01BZ0dBMVVFQnd3QmJERUtNQWdHQTFVRUNnd0JiekVMTUFrR0ExVUVDd3dDYjNVeApKREFpQmdOVkJBTU1HMkpoYzJsakxXTmxjblJwWm1sallYUmxMV0YxZEdodmNtbDBlVENDQVNJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTUJwMHRhNU92Vy9VcVlsR1RMZnVsam9HYkFwVnB4MW1CbUwKR0dHOUhOZmJkVWxoQ1FtMVNYK3V6dllyQ05EZEJRMWdBYWVEa1lxOWNMbnN4YU92R25peHJ1WllUV1gyaU9maQpjRTZxRUVRTm05MmxRRnBvbnBneXI2dFc3dDhkMGRNcEVVNTlYUlQzdXRGZGhHRVJUYi94clR0c1RpaUp4Vk1jCmxFSzh3ajZjLytONitHNHZEcVBydkF5cFBJaUJtbkhwVE9tbmhOdjhSeXVXc3VXVEJwb0JTMUVjbTg1VlY3MEUKUGFpYSs3bDczLzArWmFzcTBHeklCdkx4S0ZiVHVYZHh2a0REY1M5c0FuTytVcHg1YUxhbjgrR25UTWd6NzR6Vgp3WDRuSFU1blFxYkZSSC9TQzVXeGNYczJXL0JNZllBRUk2ckhnUTBKNjJiMTBSZk0vQmNDQXdFQUFhTVdNQlF3CkVnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFxUXM5eUdsalBFcUgKVHF6REpEa29DbXlTWmQ0S3VVSEpPcjY1QmhmYmppKzBsSC9Rbk9mdHdpd1FvajhwSFlnejVmZGZJa3JMTFU1KwpwMzh0cSs5QllsOFNudXd6U2EzQ2VpYUlncHUvL05xaCtieDRad1liNFJmVnZmSU5NdUZJaUhLUFBJUm1QRmlECjZJQjl0WFNrSmNmanhHd1NLRmhLSGszYU9EbmsxNUlyTDA0U040S0ZER1dncnI0WkJoL1RYT25XVmRpMHRBN3kKT2lmRkpRdWt1anhNVDRUU3ZtcmtjZW5Ubk84VEZTMk03SGVPZDRLYm14QUJFR3ZzaGZ0V2tXUGh0ZW1IYVJXYwpVOEh2SG8xS1M4cGdyYVdxMU5jMjErdHJoQS9uaGRtaWRDbW1DOHZSQ1MwU1cxZE90Q3ZJRzhpVUpIeDVKMklGCnhjUGt3aHYrN1E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" diff --git a/artifacts/cert-manager_ca-issuer.yaml b/artifacts/cert-manager_ca-issuer.yaml new file mode 100644 index 00000000..f87e3db5 --- /dev/null +++ b/artifacts/cert-manager_ca-issuer.yaml @@ -0,0 +1,8 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: my-ca-issuer + namespace: network-system +spec: + ca: + secretName: my-selfsigned-ca-secret diff --git a/artifacts/cert-manager_certificate-api-service.yaml b/artifacts/cert-manager_certificate-api-service.yaml new file mode 100644 index 00000000..4478f335 --- /dev/null +++ b/artifacts/cert-manager_certificate-api-service.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: config-apiservice + namespace: network-system +spec: + secretName: config-server-cert + secretTemplate: + labels: + sdcio.dev/config-server: "true" + dnsNames: + - config-server.network-system.svc + issuerRef: + name: my-ca-issuer \ No newline at end of file diff --git a/artifacts/cert-manager_clusterIssuer.yaml b/artifacts/cert-manager_clusterIssuer.yaml new file mode 100644 index 00000000..6cdd9f19 --- /dev/null +++ b/artifacts/cert-manager_clusterIssuer.yaml @@ -0,0 +1,9 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: selfsigned-issuer +spec: + selfSigned: {} + + + diff --git a/artifacts/cert-manager_selfsigned-ca.yaml b/artifacts/cert-manager_selfsigned-ca.yaml new file mode 100644 index 00000000..f0ed4e1b --- /dev/null +++ b/artifacts/cert-manager_selfsigned-ca.yaml @@ -0,0 +1,16 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: my-selfsigned-ca + namespace: network-system +spec: + isCA: true + commonName: my-selfsigned-ca + secretName: my-selfsigned-ca-secret + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: selfsigned-issuer + kind: ClusterIssuer + group: cert-manager.io \ No newline at end of file diff --git a/artifacts/deployment.yaml b/artifacts/deployment.yaml index 90af4c31..4179d5c6 100644 --- a/artifacts/deployment.yaml +++ b/artifacts/deployment.yaml @@ -96,7 +96,7 @@ spec: name: data-server - name: apiserver-certs secret: - secretName: config-server + secretName: config-server-cert - name: cache emptyDir: sizeLimit: 10Gi diff --git a/artifacts/secret.yaml b/artifacts/secret.yaml deleted file mode 100644 index bccbe155..00000000 --- a/artifacts/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: config-server - namespace: network-system - labels: - sdcio.dev/config-server: "true" -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZekNDQWt1Z0F3SUJBZ0lJSC9mSFZHenZ3cnN3RFFZSktvWklodmNOQVFFTEJRQXdaVEVMTUFrR0ExVUUKQmhNQ2RXNHhDekFKQmdOVkJBZ01Bbk4wTVFvd0NBWURWUVFIREFGc01Rb3dDQVlEVlFRS0RBRnZNUXN3Q1FZRApWUVFMREFKdmRURWtNQ0lHQTFVRUF3d2JZbUZ6YVdNdFkyVnlkR2xtYVdOaGRHVXRZWFYwYUc5eWFYUjVNQjRYCkRUSXlNRE16TVRBNU1UYzFNMW9YRFRNeU1ETXlPREE1TVRjMU5Gb3dIREVhTUJnR0ExVUVBeE1SWW1GemFXTXUKWkdWbVlYVnNkQzV6ZG1Nd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUN0TUt0eApjc3Rjdk8rdDVMazZRQkRBZ3g1akZCL2F1dStVb3BDR2Z6VitaRW5obldpaC8xMVZ2ek44cjhmdGZuUkZGTVZ6CmJqYlVhSXNDOFc1eGJDNXNpc2VrdnVBWDlpanUzMlFybEU0RTR1UzNYREdVZkhGSFhMcWxBRU9RclUvRzQ0RGgKa0I3ajJOcDRzbk9IckF0aDA3TStvbXBmVklhSTlkQmdYY3hsUE5QRkNNamlOb1VweVM4eXNha3RQRXFjZTBpawpmNDBYVERmN1YwekFFelI0QkE4Yzh0b05UMVNnSXFIV0xueERKcnZRempDaTVFN2NMNkpmTmhlZDQ5MUVNWlEwCmVnbkV5bXd6d1Jya3BYTkZ4RHJzSXpOZmhHelB6RGJLdmFIUHh5NUwvM3h3clZ3VHllbklaOVExK0tjemtCSksKRXZIaVVKL1BML0VYZkloakFnTUJBQUdqWURCZU1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlZIU1VFRmpBVQpCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3TFFZRFZSMFJCQ1l3SklJSmJHOWpZV3hvYjNOMGdoRmlZWE5wCll5NWtaV1poZFd4MExuTjJZNGNFZndBQUFUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFEa1hsbGZMTlpzWDEKYmp1b0h4RXVUWitaODlMWUxPUDBMM0dHMFgwdVdkZzJFcXY1bmZNRHVRVmJIRmt5dVo3ZDlDY01QYk12MTdDWgoxZGwwQk1GQTJkTkJzK3V1UXFIUFh3RkI4SFdPSDhBc1pMMnYvbG91T3g2dU1QQk9uWUhuQ3pFY21FQXZoR2dLCkpXMDNkd2QwNlJPeUdLT29qSklFTlRnd0xnQ1dZSytPWmIzQklyMUJqS012Q2dHN3pJVDFUUVNna3hGN1NGNzUKYk5BaEdOa0NWMGVrSnNXQWk1UGhzVS9IdWthdGVHUGNMS3hia0RGdHpSV2tRNmdKUXhkZmVuOVBKTjVJVCt4RQpFci8wYUkrOFM5Y1FPUnk0VTNDSFRodmlnOGFyZ3FucmFWMU92OXZNTWxzZ3pnYXc3SjdaeGtkWWwrSkMyWUcvCjJrUThVd1IzQnc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBclRDcmNYTExYTHp2cmVTNU9rQVF3SU1lWXhRZjJycnZsS0tRaG44MWZtUko0WjFvCm9mOWRWYjh6ZksvSDdYNTBSUlRGYzI0MjFHaUxBdkZ1Y1d3dWJJckhwTDdnRi9Zbzd0OWtLNVJPQk9Ma3Qxd3gKbEh4eFIxeTZwUUJEa0sxUHh1T0E0WkFlNDlqYWVMSnpoNndMWWRPelBxSnFYMVNHaVBYUVlGM01aVHpUeFFqSQo0amFGS2Nrdk1yR3BMVHhLbkh0SXBIK05GMHczKzFkTXdCTTBlQVFQSFBMYURVOVVvQ0toMWk1OFF5YTcwTTR3Cm91Uk8zQytpWHpZWG5lUGRSREdVTkhvSnhNcHNNOEVhNUtWelJjUTY3Q016WDRSc3o4dzJ5cjJoejhjdVMvOTgKY0sxY0U4bnB5R2ZVTmZpbk01QVNTaEx4NGxDZnp5L3hGM3lJWXdJREFRQUJBb0lCQUJWWU16ajNLZU1URWdMLwpkbWljYnJRYk5NcUhOMm5Rc2loQ1pNZCt0QXdRdGg1Tk5SRUtGT20xZDlYOUlBbkFGUHBTbGdjazVUTUdjMk40CmQrRVlzUndGZXBkdVF0WVJLM2hOSmQ1TkY5UjRWakhXOWZGVDZPNGZtbzB0WENaZmhiNkFXV2p6Unl0VGxaRmMKaE9xS3BKaDQ2OVZqVlBMTXl3dmtKN3RJdENFaHl4b0t0VVhwcm45SXBLNnNUa051OTFmMVA4czJNbDd1RlVqYwpJdGhMb3JnMEYyU3RaeEJmVDJGaFRYaFZxRlRJS1pmazFGbnRpbUwyWlQrRXZzQlpnZHYwa2Z1Q2hFdE5jRW1PCnRZc2dKT3ExTWF5M2d0dlk3VDB6WkRtTTIrOVpKQ0JLcm8yV2IxdGw0RHNnaWNkR0I2SlhnTi81aklSMTNmbDUKMTRJd1hza0NnWUVBemtQb1MrTko0QkJkR3RYem5tZWVhRFFQVVU0dkF1R3YyU2VtajR3RG1KRXB6aDdoMWlQZAprVWxmYjcxZ1VMbmk0SDVkVFlyVFpwOElUaXZvM3A1bUNrV3lFV09wMmx4VUZoM3JnVWN6NWt0RUhkejl1bjNoCnFYNVJpTWlkM0Y3dWRIODdqYTdJVi9mUEFGSnlremQrWHNaZGFuT0tPK1UvV0t2ek0rSFEzUThDZ1lFQTF2TWoKdml3dnFxM0FBa0VpN2RlOUxLUE1uS1N5VE9BdHQzS2dqV1RLNU5aQUdqeWpoSGxEbjRCempSS25DWk8xY0lJZwo0Wnl1VzQrUlB5aGQreEFubzVoMVh0Ny9LYzNFaW1ucjBLU0ZmRWVza2NORFIyVHNTdCtjYTl6aFFPTFJ0TWRCCnE5OWZDeFprK1pmcEhpSzJCK0pHVExNdVJRY0tDYU43RldKTkIyMENnWUJhc2k5bGx3WjMySm9uMzZYa3BDbGEKSm5JSnpUZ01xMUlZU1VBSzVJVDhRL0ErNndOZ2xwcXBkTHJiTmtrd2xkdjEzSHFJU3gvVGd1QXpCMG01QWF0YQpudlRDZ3JGQUM5TUplcFNBWHQrcVJyUW44WEU3M0hncWdCbTM3SWJGVEpUTGN0cXIzUXZJNm5VQjdqN2xEc1NwClJjM3pyZVE5bS9yenNZQVo4eFJVN3dLQmdRQ0JYTjg4Q3JlOVRzaHFFdTJFbXZ4ZEswOXZUcWVJSUxzaTFyZk4Kb01XREozWjQwOW5OVm5YZVBwNU1YdGRzcWhyZVZWS1l0WVV4MFp1bW1STEdrSmhxbXN5NGhoaW0vaEcxQTc1SwpXVm1FekZZTmU2aTRCUU00cEk4dFUwZTFsMHlDTWhGUjhTTHdOMUFaN3RUN3NBUkJobXFzcW9IRVJWSkRMc0phCndraDltUUtCZ0NYR2xoZzY4aVMzMldmSWVtYUFRMTJpNFRUUk1FNWppTFl0ZlkyREJTMDBWV3NxY0l1OEFUWm0KVHVoZHBRVG9mKzE3LzFyU0cyYnFaWFA2L0h3ak14OTVIdWlXbjVKSjA3RTduOUVCUDlkQTY0K0lHdWlvd0h5RAo2a3g3VVhuTUtTYXdiV2JxZ1JGZTFOZEdLbkh0ZE5GOGxndEdjdytxUTk3YkIreXFreXMxCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==