unboundsoftware/local-k8s
6
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Activity

feat(ingress): add TLS configuration for staging hosts

Browse Source 
Add TLS configuration for staging-shiny and staging-shiny-api 
hosts in the ingress resources. Create a new namespace for 
ingress-nginx to better organize resources. Update kustomization 
files to include new certificates and secrets. Streamline setup 
process with improved wait commands for pod readiness.
This commit is contained in:
Joakim Olsson
2025-12-10 08:16:27 +01:00
parent 7dd42187fe
commit 58b04fe47e
12 changed files with 68 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
setup
+36 -8
View File
@@ -12,14 +12,42 @@ kubectl create secret docker-registry gitlab \
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "gitlab"}]}'
kustomized="$(mktemp --suffix .unboundkind.yaml --tmpdir=/tmp/)"
kustomized="$(mktemp -t unboundnginx.yaml.XXXXXX)"
kubectl kustomize --enable-helm ./kind > "${kustomized}"
kubectl kustomize --enable-helm "k8s/nginx" >> "${kustomized}"
kubectl apply -f "${kustomized}" --server-side || true
kubectl wait --for=condition=Ready pods -n cert-manager -l app=cert-manager --timeout 5m
kubectl wait --for=condition=Ready pods -n cert-manager -l app=cainjector --timeout 5m
kubectl wait --for=condition=Ready pods -n cert-manager -l app=webhook --timeout 5m
kubectl wait --for=condition=Ready pods --all -n external-secrets --timeout=5m
kubectl apply -f "${kustomized}" --server-side
kubectl wait --for=condition=Ready pods --all --timeout=5m
printf "\nWait for pod app.kubernetes.io/component=controller to be created."
while :; do
sleep 2
[ -n "$(kubectl -n ingress-nginx get pod --selector=app.kubernetes.io/component=controller 2>/dev/null)" ] && printf "\n\n" && break
printf "."
done
echo "Wait for nginx to be available."
until [[ $(kubectl -n ingress-nginx get endpointslices -l 'kubernetes.io/service-name=ingress-nginx-controller' -o=jsonpath='{.items[*].endpoints[*].addresses[*]}') ]]; do sleep 5; done
kustomized="$(mktemp -t unboundinfra.yaml.XXXXXX)"
kubectl kustomize --enable-helm "k8s/infra" >> "${kustomized}"
kubectl apply -f "${kustomized}" --server-side || true
printf "\nWait for pod app.kubernetes.io/instance=cert-manager to be created."
while :; do
sleep 2
[ -n "$(kubectl -n cert-manager get pod --selector=app.kubernetes.io/instance=cert-manager 2>/dev/null)" ] && printf "\n\n" && break
printf "."
done
kubectl wait --for=condition=Ready pods -n cert-manager -l app=cert-manager --timeout 4m
kubectl wait --for=condition=Ready pods -n cert-manager -l app=cainjector --timeout 4m
kubectl wait --for=condition=Ready pods -n cert-manager -l app=webhook --timeout 4m
kubectl wait --for=condition=Ready pods --all -n external-secrets --timeout=5m
# Apply again to get any CRD's that wasn't applied earlier since the definitions wasn't available
kubectl apply -f "${kustomized}" --server-side || true
kubectl apply -k k8s/app --server-side
kubectl wait --for=condition=Ready pods -n cert-manager -l app=cert-manager --timeout 4m
kubectl wait --for=condition=Ready pods -n cert-manager -l app=cainjector --timeout 4m
kubectl wait --for=condition=Ready pods -n cert-manager -l app=webhook --timeout 4m
kubectl wait --for=condition=Ready pods --all -n external-secrets --timeout=5m
kubectl wait --for=condition=Ready pods --all -n default --timeout 3m