testing local tls

k8s/helmfile/env/local/base.yaml

@@ -2,7 +2,7 @@ ip: ""
 ingressHost: "*.wbaas.localhost"
 ingressNameSuffix: main
 forceSSL: false
-tls: false
+tls: true
 wbstack:
   subdomainSuffix: ".wbaas.localhost"
-  uiurl: http://wbaas.localhost
+  uiurl: https://wbaas.localhost

k8s/helmfile/env/local/certificates.values.yaml.gotmpl

@@ -0,0 +1,8 @@
+certificates:
+  - name: wikibase-local-tls
+    commonName: wbaas.localhost
+    dnsNames:
+      - '*.wbaas.localhost'
+      - 'wbaas.localhost'
+    secretName: wikibase-local-tls
+    issuerRef: selfsigned-cluster-issuer

k8s/helmfile/env/local/private.yaml

@@ -4,7 +4,7 @@ gcsApiStaticBucket: 'something'
 
 # TODO move this (and many other things) out of private file...
 uiHostName: www.wbaas.localhost
-tlsSecret: wikibase-dev-tls
+tlsSecret: wikibase-local-tls
 
 services:
   queryservice:
@@ -13,8 +13,8 @@ services:
 
   app:
     mailer: smtp
-    url: http://www.wbaas.localhost
-    apiUrl: http://api.wbaas.localhost
+    url: https://www.wbaas.localhost
+    apiUrl: https://api.wbaas.localhost
     ingressHosts:
       - host: api.wbaas.localhost
         paths:

k8s/helmfile/env/local/ui.values.yaml.gotmpl

@@ -6,7 +6,10 @@ ui:
   recaptchaSitekeySecretKey: site_key
 
 ingress:
-  tls: null
+  tls:
+  - hosts:
+    - {{ .Values.uiHostName }}
+    secretName: {{ .Values.tlsSecret }}
 
 resources:
   limits:

k8s/helmfile/env/production/argo-cd-base.values.yaml.gotmpl

@@ -42,7 +42,6 @@ configs:
 controller:
   resources:
    limits:
-     cpu: null
      memory: 512Mi
    requests:
      cpu: 250m
@@ -51,7 +50,6 @@ controller:
 applicationSet:
   resources:
     limits:
-      cpu: null
       memory: 128Mi
     requests:
       cpu: 100m
@@ -60,7 +58,6 @@ applicationSet:
 dex:
   resources:
    limits:
-     cpu: null
      memory: 64Mi
    requests:
      cpu: 10m
@@ -69,7 +66,6 @@ dex:
 notifications:
   resources:
     limits:
-      cpu: null
       memory: 128Mi
     requests:
       cpu: 100m
@@ -78,7 +74,6 @@ notifications:
 redis:
   resources:
    limits:
-     cpu: null
      memory: 128Mi
    requests:
      cpu: 100m
@@ -87,7 +82,6 @@ redis:
 repoServer:
   resources:
    limits:
-     cpu: null
      memory: 1024Mi
    requests:
      cpu: 10m

k8s/helmfile/helmfile.yaml

@@ -78,11 +78,11 @@ releases:
   # Only deploy the clusterissuers to production clusters for now, as they won't
   # work locally for now...
   - name: clusterissuers
-    installed: {{ ne .Environment.Name "local" | toYaml }}
+    # installed: {{ ne .Environment.Name "local" | toYaml }}
     namespace: cert-manager
     # TODO use something more generic or from wbstack/charts repo
-    chart: wbstack/wikibase-cloud-clusterissuers
-    version: 0.1.0
+    chart: ../../../charts/charts/wikibase-cloud-clusterissuers
+    # version: 0.1.0
     values:
       - email: {{ .Values.external.letsencrypt.email }}
       - gceProject: {{ .Values.gceProject }}
@@ -96,10 +96,10 @@ releases:
               - 'wikibase.dev'
 
   - name: certificates
-    installed: {{ ne .Environment.Name "local" | toYaml }}
+    # installed: {{ ne .Environment.Name "local" | toYaml }}
     namespace: default
-    chart: wbstack/certificates
-    version: 0.1.0
+    chart: ../../../charts/charts/certificates
+    # version: 0.1.0
     <<: *default_release
 
 
@@ -133,6 +133,12 @@ releases:
     version: 10.5.0
     <<: *default_release
 
+  - name: ui
+    namespace: default
+    chart: wbstack/ui
+    version: 0.3.1
+    <<: *default_release
+
   - name: elasticsearch-2
     namespace: default
     chart: bitnami/elasticsearch