Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / ee86f33ea992e53fd2db6e654879bce77733a1a2 / . / scripts / homelab / root-ca-server.yaml
blob: e1f16642cd75c0cd6647f84f5b2c889966958da5 [file] [log] [blame]
giolekvaeb3b6a82021-07-31 17:49:24 +0400[diff] [blame]1# TODO(giolekva): move to ingerss-nginx-private namespace
2---
3apiVersion: apps/v1
4kind: Deployment
5metadata:
6 name: selfsigned-root-ca
7 namespace: cert-manager
8spec:
9 selector:
10 matchLabels:
11 app: selfsigned-root-ca
12 replicas: 1
13 template:
14 metadata:
15 labels:
16 app: selfsigned-root-ca
17 spec:
18 volumes:
19 - name: root-ca-secret
20 secret:
21 secretName: selfsigned-ca-root
22 items:
23 - key: ca.crt
24 path: selfsigned-root-ca.crt
25 containers:
26 - name: maddy
27 image: giolekva/static-file-server:latest
28 imagePullPolicy: Always
29 ports:
30 - name: http
31 containerPort: 80
32 command: ["static-file-server"]
33 args: ["-port=80", "-dir=/etc/static-file-server/data"]
34 volumeMounts:
35 - name: root-ca-secret
36 mountPath: /etc/static-file-server/data/
37 readOnly: true
38---
39apiVersion: v1
40kind: Service
41metadata:
42 name: selfsigned-root-ca
43 namespace: cert-manager
44spec:
45 type: ClusterIP
46 selector:
47 app: selfsigned-root-ca
48 ports:
49 - name: http
50 port: 80
51 targetPort: http
52 protocol: TCP
53---
54apiVersion: networking.k8s.io/v1
55kind: Ingress
56metadata:
57 name: selfsigned-root-ca
58 namespace: cert-manager
59 annotations:
60 nginx.ingress.kubernetes.io/ssl-redirect: "false"
61spec:
62 ingressClassName: nginx-private
63 rules:
64 - host: root-ca.pcloud
65 http:
66 paths:
67 - pathType: Prefix
68 path: "/"
69 backend:
70 service:
71 name: selfsigned-root-ca
72 port:
73 name: http