Merge pull request #8 from Benjyhy/certificate-ssl

disable certificate ssl

README.md

@@ -41,5 +41,5 @@ Minikube cluster (don't forget to remove the dependency)
 
 ## Start T-CLO-902 Project
 
-    helm install <RELEASE-NAME> waffle-man/t-clo-902
+    helm install <RELEASE-NAME> waffle-man/t-clo-902 -f values.yml
 

charts/t-clo-902/Chart.yaml

@@ -3,23 +3,23 @@ name: t-clo-902
 description: A Helm chart to sell cats on Kubernetes
 type: application
 
-version: 0.70.0
+version: 0.71.0
 
 appVersion: "1.1.0"
 
 dependencies:
-  - name: ingress-nginx
-    version: 4.7.0
-    repository: https://kubernetes.github.io/ingress-nginx
+  # - name: ingress-nginx
+  #   version: 4.7.0
+  #   repository: https://kubernetes.github.io/ingress-nginx
   - name: mysql
     version: 9.10.2
     repository: https://charts.bitnami.com/bitnami
   - name: rabbitmq
     version: 12.0.0
     repository: https://charts.bitnami.com/bitnami
-  - name: cert-manager
-    version: 0.11.5
-    repository: https://charts.bitnami.com/bitnami
+  # - name: cert-manager
+  #   version: 1.12.1
+  #   repository: https://charts.jetstack.io
   - name: eck-operator
     version: 2.8.0
     repository: https://helm.elastic.co

charts/t-clo-902/templates/NOTES.txt

@@ -1,6 +1,5 @@
-You've deployed the T-CLO-902 Project !
 
-Get Mysql pass
+You've deployed the T-CLO-902 Project !
 
 Mysql user password :
     kubectl get secret --namespace default {{ .Release.Name }}-mysql -o jsonpath="{.data.mysql-password}" | base64 -d

charts/t-clo-902/templates/certificate.yaml

@@ -1,13 +1,13 @@
-{{- $releaseName := (printf .Release.Name) }}
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: {{ .Release.Name }}-cert  #name of this object
-  namespace: default #same namespace as 
-spec:
-  dnsNames:
-    - psdc.tech ###NEED A VALID DOMAIN NAME
-  secretName: kubi-tls-cert
-  issuerRef:
-    name: {{ .Release.Name }}letsencrypt-cluster-issuer
-    kind: ClusterIssuer
+# {{- $releaseName := (printf .Release.Name) }}
+# apiVersion: cert-manager.io/v1
+# kind: Certificate
+# metadata:
+#   name: {{ .Release.Name }}-cert 
+#   namespace: default
+# spec:
+#   dnsNames:
+#     - psdc.tech 
+#   secretName: kubi-tls
+#   issuerRef:
+#     name: {{ .Release.Name }}-letsencrypt-prod
+#     kind: ClusterIssuer

charts/t-clo-902/templates/ingress-monitor.yaml

@@ -11,7 +11,7 @@ spec:
   rules:
   - http:
       paths:
-        {{- with .Values.GrafanaIngress }}
+        {{- with .Values.monitorIngress }}
         - path: {{ .path }}(/|$)(.*)
           pathType: Prefix
           backend:

charts/t-clo-902/templates/ingress.yaml

@@ -4,13 +4,17 @@ kind: Ingress
 metadata:
   annotations:
     kubernetes.io/ingress.class: nginx
+    # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    # nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
+    # cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod
+    # certmanager.k8s.io/acme-challenge-type: http01
   name: {{ .Release.Name }}-ingress
   namespace: default
 spec:
-  tls:
-    - hosts:
-      - psdc.tech  ##NEED A VALID DOMAIN NAME
-      secretName: kubi-tls
+  # tls:
+  #   - hosts:
+  #     - psdc.tech  
+  #     secretName: kubi-tls
   rules:
   - http:
       paths:

charts/t-clo-902/templates/issuer.yaml

@@ -1,17 +1,36 @@
-{{- $releaseName := (printf .Release.Name) }}
-apiVersion: cert-manager.io/v1                             
-kind: ClusterIssuer                             
-metadata:                               
-  name: {{ .Release.Name }}-letsencrypt-cluster-issuer
-  annotations:
-    kubernetes.io/ingress.class: nginx
-spec:                            
-  acme:                                 
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: [email protected]
-    privateKeySecretRef:                                                                   
-      name: letsencrypt-cluster-issuer-key
-    solvers:
-    - http01:
-        ingress:
-          class: nginx
+# {{- $releaseName := (printf .Release.Name) }}
+# apiVersion: cert-manager.io/v1
+# kind: ClusterIssuer
+# metadata:
+#   name: {{ .Release.Name }}-letsencrypt-staging
+#   annotations:
+#     kubernetes.io/ingress.class: nginx
+# spec:
+#   acme:
+#     server: https://acme-staging-v02.api.letsencrypt.org/directory
+#     email: [email protected]
+#     privateKeySecretRef:
+#       name: letsencrypt-staging-key
+#     solvers:
+#     - http01:
+#         ingress:
+#           class: nginx
+# ---
+# apiVersion: cert-manager.io/v1
+# kind: ClusterIssuer
+# metadata:
+#   name: {{ .Release.Name }}-letsencrypt-prod
+# spec:
+#   acme:
+#     # The ACME server URL
+#     server: https://acme-v02.api.letsencrypt.org/directory
+#     # Email address used for ACME registration
+#     email: [email protected]
+#     # Name of a secret used to store the ACME account private key
+#     privateKeySecretRef:
+#       name: letsencrypt-prod-issuer
+#     # Enable the HTTP-01 challenge provider
+#     solvers:
+#       - http01:
+#           ingress:
+#             class: nginx

charts/t-clo-902/values.yaml

@@ -15,7 +15,7 @@ global:
     auth:
       username: kubi
       password: password
-      rootPassword: tamer
+      rootPassword: rootpassword
       database: kubi
       connection: mysql
 
@@ -36,7 +36,7 @@ mysql:
     createDatabase: true
     username: kubi
     password: password
-    rootPassword: root
+    rootPassword: rootpassword
     database: kubi
     connection: mysql
 
@@ -56,16 +56,11 @@ ingressPaths:
     port: 6001
     svc: back-svc
 
-GrafanaIngress:
-  path: /grafana
+monitorIngress:
+  path: /monitor
   port: 3000
   svc: grafana
 
-KibanaIngress:
-  path: /kibana
-  port: 5601
-  svc: kibana
-
 dockerImageCredentials:
   registry: https://ghcr.io
   username: user
@@ -132,50 +127,3 @@ grafana:
   adminPassword: grafanapassword
   dashboardsConfigMaps:
     default: "grafana-dashboards"
-
-logstash:
-  logstash.conf: |
-    input {
-      beats {
-        port => 5044
-      }
-    }
-    output { elasticsearch { hosts => "{{ .Release.Name }}-es-http:9200" } }
-  service:
-    annotations: {}
-    type: ClusterIP
-    loadBalancerIP: ""
-    ports:
-      - name: beats
-        port: 5044
-        protocol: TCP
-        targetPort: 5044
-      - name: http
-        port: 8080
-        protocol: TCP
-        targetPort: 8080
-
-filebeat: 
-  filebeatConfig:
-    filebeat.yml: |
-      filebeat.inputs:
-      - type: container
-        paths:
-          - /var/log/containers/*.log
-        processors:
-        - add_kubernetes_metadata:
-            host: ${NODE_NAME}
-            matchers:
-            - logs_path:
-                logs_path: "/var/log/containers/"
-
-      output.logstash:
-        hosts: ["kubi-logstash:5044"]
-
-kibana: 
-  elasticsearchHosts: http://kubi-es-http:9200
-  extraEnvs:
-    - name: ELASTICSEARCH_USERNAME
-      value: user
-    - name: ELASTICSEARCH_PASSWORD
-      value: password

terraform/main.tf

@@ -22,12 +22,12 @@ resource "ovh_cloud_project_kube" "my_kube_cluster" {
 }
 
 # Create a Node Pool for our Kubernetes cluster
-# resource "ovh_cloud_project_kube_nodepool" "node_pool" {
-#   service_name  = var.kube_service_name
-#   kube_id       = ovh_cloud_project_kube.my_kube_cluster.id
-#   name          = "my-pool" 
-#   flavor_name   = "b2-7"
-#   desired_nodes = 1
-#   max_nodes     = 1
-#   min_nodes     = 1
-# }
+resource "ovh_cloud_project_kube_nodepool" "node_pool" {
+  service_name  = var.kube_service_name
+  kube_id       = ovh_cloud_project_kube.my_kube_cluster.id
+  name          = "my-pool" 
+  flavor_name   = "b2-7"
+  desired_nodes = 1
+  max_nodes     = 1
+  min_nodes     = 1
+}