christianlight/tutor
6
0
Fork 0
mirror of https://github.com/ChristianLight/tutor.git synced 2025-01-27 06:58:24 +00:00
Code Issues Releases Activity

Upgrade cert-manager installation in k8s

Browse Source 
Note that the spec has changed for v1alpha2.
This commit is contained in:
Régis Behmo 2020-03-26 11:33:06 +01:00
parent d1f1a33f51
commit e4ca99b237
3 changed files with 10 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -4,6 +4,7 @@ Note: Breaking changes between versions are indicated by "💥".
## Unreleased ## Unreleased
- [Improvement] Upgrade k8s certificate issuer to cert-manager.io/v1alpha2
- [Feature] Add SCORM XBlock to default openedx docker image - [Feature] Add SCORM XBlock to default openedx docker image
## v3.11.12 (2020-04-16) ## v3.11.12 (2020-04-16)

4
docs/k8s.rst
View File

@ -50,9 +50,7 @@ cert-manager for TLS certificates
Tutor relies on `cert-manager <https://docs.cert-manager.io/>`_ to generate TLS certificates for HTTPS access. In order to activate HTTPS support, you will have to install cert-manager yourself. To do so, follow the `instructions from the official documentation <https://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html>`_. It might be as simple as running:: Tutor relies on `cert-manager <https://docs.cert-manager.io/>`_ to generate TLS certificates for HTTPS access. In order to activate HTTPS support, you will have to install cert-manager yourself. To do so, follow the `instructions from the official documentation <https://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html>`_. It might be as simple as running::
kubectl create namespace cert-manager kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.0/cert-manager.yaml
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.8.0/cert-manager.yaml
If you decide to enable HTTPS certificates, you will also have to set ``WEB_PROXY=true`` in the platform configuration, because the SSL/TLS termination will not occur in the Nginx container, but in the Ingress controller. To do so, run:: If you decide to enable HTTPS certificates, you will also have to set ``WEB_PROXY=true`` in the platform configuration, because the SSL/TLS termination will not occur in the Nginx container, but in the Ingress controller. To do so, run::

20
tutor/templates/k8s/ingress.yml
View File

@ -7,8 +7,8 @@ metadata:
app.kubernetes.io/name: web app.kubernetes.io/name: web
annotations: annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 1000m nginx.ingress.kubernetes.io/proxy-body-size: 1000m
{% if ACTIVATE_HTTPS%}certmanager.k8s.io/issuer: letsencrypt {% if ACTIVATE_HTTPS%}cert-manager.io/issuer: letsencrypt
certmanager.k8s.io/acme-challenge-type: http01{% endif %} cert-manager.io/acme-challenge-type: http01{% endif %}
spec: spec:
rules: rules:
{% for host in hosts %} {% for host in hosts %}
@ -29,7 +29,7 @@ spec:
{%endif%} {%endif%}
{% if ACTIVATE_HTTPS %} {% if ACTIVATE_HTTPS %}
--- ---
apiVersion: certmanager.k8s.io/v1alpha1 apiVersion: cert-manager.io/v1alpha2
kind: Issuer kind: Issuer
metadata: metadata:
name: letsencrypt name: letsencrypt
@ -41,9 +41,12 @@ spec:
email: {{ CONTACT_EMAIL }} email: {{ CONTACT_EMAIL }}
privateKeySecretRef: privateKeySecretRef:
name: letsencrypt-privatekey name: letsencrypt-privatekey
http01: {} solvers:
- http01:
ingress:
class: nginx
--- ---
apiVersion: certmanager.k8s.io/v1alpha1 apiVersion: cert-manager.io/v1alpha2
kind: Certificate kind: Certificate
metadata: metadata:
name: {{ LMS_HOST|replace(".", "-") }} name: {{ LMS_HOST|replace(".", "-") }}
@ -55,12 +58,5 @@ spec:
dnsNames: dnsNames:
- {{ LMS_HOST }} - {{ LMS_HOST }}
- {{ CMS_HOST }} - {{ CMS_HOST }}
acme:
config:
- http01:
ingress: web
domains:
- {{ LMS_HOST }}
- {{ CMS_HOST }}
{{ patch("k8s-ingress-certificates") }} {{ patch("k8s-ingress-certificates") }}
{% endif %} {% endif %}