v 0.8.0

charts/vkpr/CRDs.md

@@ -0,0 +1,8 @@
+# CRDs de subcharts
+
+Estes CRDs precisam ser instalados previamente *ou* automaticamente via pasta "crds".
+Em produção recomendamos *não* instalar automaticamente (usar "--skip-crds").
+
+## cert-manager
+
+* https://github.com/jetstack/cert-manager/releases/download/v1.0.3/cert-manager.crds.yaml

charts/vkpr/acme.yaml

@@ -0,0 +1,39 @@
+{{- if index .Values "cert-manager" "enabled" -}}
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # You must replace this email address with your own.
+    # Let's Encrypt will use this to contact you about expiring
+    # certificates, and issues related to your account.
+    email: {{ .Values.acme.email }}
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource used to store the account's private key.
+      name: acme-staging-issuer-account-key
+    {{- with .Values.acme.solvers }}
+    solvers:
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    # You must replace this email address with your own.
+    # Let's Encrypt will use this to contact you about expiring
+    # certificates, and issues related to your account.
+    email: {{ .Values.acme.email }}
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource used to store the account's private key.
+      name: acme-production-issuer-account-key
+    {{- with .Values.acme.solvers }}
+    solvers:
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+{{- end -}}

examples/local/acme.yaml

@@ -0,0 +1,41 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # You must replace this email address with your own.
+    # Let's Encrypt will use this to contact you about expiring
+    # certificates, and issues related to your account.
+    email: [email protected]
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource used to store the account's private key.
+      name: acme-staging-issuer-account-key
+    solvers:
+    - dns01:
+        digitalocean:
+          tokenSecretRef:
+            name: digitalocean-dns
+            key: access-token
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    # You must replace this email address with your own.
+    # Let's Encrypt will use this to contact you about expiring
+    # certificates, and issues related to your account.
+    email: [email protected]
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource used to store the account's private key.
+      name: acme-production-issuer-account-key
+    solvers:
+    - dns01:
+        digitalocean:
+          tokenSecretRef:
+            name: digitalocean-dns
+            key: access-token

examples/local/values-local-certs-dns.yaml

@@ -0,0 +1,94 @@
+#
+# Valores para testes locais com o k3d, mas com Cert-manager e External-DNS operando
+# via DigitalOcean.
+#
+# O que executa:
+# - Ingress controller (ingress-nginx)
+# - Aplicação "whoami" com nome DNS real
+# - Cert-Manager
+# - External-DNS
+#
+# kubectl create secret generic digitalocean-dns --from-literal=access-token=<TOKEN>
+# helm upgrade -i vkpr --skip-crds -f examples/local/values-local-certs-dns.yaml ./charts/vkpr \
+#   --set external-dns.digitalocean.apiToken=<TOKEN>
+# kubectl apply -f examples/local/acme.yaml
+#
+# Testar com:
+#
+# curl -k -H "Host: whoami.vkpr-dev.vertigo.com.br" https://<EXTERNAL-IP>
+# curl -k https://whoami.vkpr-dev.vertigo.com.br
+#
+
+#
+# INGRESS STACK
+#
+ingress-nginx:
+  enabled: true
+
+external-dns:
+  enabled: true
+  rbac:
+    create: true
+  sources:
+  - ingress
+  provider: digitalocean
+  # provide no value here, use --set in command line
+  # digitalocean:
+  #   apiToken: <API-TOKEN>
+  interval: "1m"
+  logLevel: debug
+
+cert-manager:
+  enabled: true
+  installCRDs: true # ok for testing
+  ingressShim:
+    defaultIssuerName: letsencrypt-staging
+    defaultIssuerKind: ClusterIssuer
+    defaultIssuerGroup: cert-manager.io
+  prometheus:
+    enabled: false
+
+# dados para o CRD do ACME
+# acme:
+#   email: [email protected]
+#   solvers:
+#   - dns01:
+#       digitalocean:
+#         tokenSecretRef:
+#           name: digitalocean-dns
+#           key: access-token
+
+# chart values
+ingress:
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    kubernetes.io/tls-acme: "true"
+  hosts:
+  - host: whoami.vkpr-dev.vertigo.com.br
+    paths: ["/"]
+  tls:
+  - hosts:
+    - whoami.vkpr-dev.vertigo.com.br
+    secretName: whoami-cert
+
+#
+# LOGGING STACK:
+#
+
+loki-stack:
+  enabled: false
+
+#
+# MONITORING STACK
+#
+kube-prometheus-stack:
+  enabled: false
+
+#
+# SECURITY STACK
+#
+vault:
+  enabled: false
+keycloak:
+  enabled: false

examples/local/values-local-minimal.yaml

@@ -0,0 +1,61 @@
+#
+# Valores para testes locais com o k3d.
+# 
+# O que executa:
+# - Ingress controller (ingress-nginx)
+# - Aplicação "whoami"
+#
+# helm upgrade -i vkpr -f examples/local/values-local-minimal.yaml ./charts/vkpr
+#
+# Coloque as seguintes entradas no /etc/hosts :
+# 127.0.0.1    whoami.localdomain
+#
+# Testar com:
+#
+# curl whoami.localdomain:8080
+#
+
+#
+# INGRESS STACK
+#
+ingress-nginx:
+  enabled: true
+    # service:
+    #   type: NodePort
+    #   nodePorts:
+    #     http: 32080
+
+external-dns:
+  enabled: false
+cert-manager:
+  enabled: false
+
+# chart values
+ingress:
+  enabled: true
+  annotations:
+    ingress.kubernetes.io/ssl-redirect: "false"
+  hosts:
+  - host: whoami.localdomain
+    paths: ["/"]
+
+#
+# LOGGING STACK:
+#
+
+loki-stack:
+  enabled: false
+
+#
+# MONITORING STACK
+#
+kube-prometheus-stack:
+  enabled: false
+
+#
+# SECURITY STACK
+#
+vault:
+  enabled: false
+keycloak:
+  enabled: false