Merge pull request #1164 from thecodingmachine/wildcard-cert-in-cd
Installing Wildcard certificate in CD environments
This commit is contained in:
commit
94333a7438
33
.github/workflows/build-and-deploy.yml
vendored
33
.github/workflows/build-and-deploy.yml
vendored
@ -149,6 +149,37 @@ jobs:
|
|||||||
# Create a slugified value of the branch
|
# Create a slugified value of the branch
|
||||||
- uses: rlespinasse/github-slug-action@3.1.0
|
- uses: rlespinasse/github-slug-action@3.1.0
|
||||||
|
|
||||||
|
- name: Write certificate
|
||||||
|
run: echo "${CERTS_PRIVATE_KEY}" > secret.key && chmod 0600 secret.key
|
||||||
|
env:
|
||||||
|
CERTS_PRIVATE_KEY: ${{ secrets.CERTS_PRIVATE_KEY }}
|
||||||
|
|
||||||
|
- name: Download certificate
|
||||||
|
run: mkdir secrets && scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i secret.key ubuntu@cert.workadventu.re:./config/live/workadventu.re/* secrets/
|
||||||
|
|
||||||
|
- name: Create namespace
|
||||||
|
uses: steebchen/kubectl@v1.0.0
|
||||||
|
env:
|
||||||
|
KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_FILE_BASE64 }}
|
||||||
|
with:
|
||||||
|
args: create namespace workadventure-${{ github.event_name == 'pull_request' && env.GITHUB_HEAD_REF_SLUG || env.GITHUB_REF_SLUG }}
|
||||||
|
continue-on-error: true
|
||||||
|
|
||||||
|
- name: Delete old certificates in namespace
|
||||||
|
uses: steebchen/kubectl@v1.0.0
|
||||||
|
env:
|
||||||
|
KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_FILE_BASE64 }}
|
||||||
|
with:
|
||||||
|
args: -n workadventure-${{ github.event_name == 'pull_request' && env.GITHUB_HEAD_REF_SLUG || env.GITHUB_REF_SLUG }} delete secret certificate-tls
|
||||||
|
continue-on-error: true
|
||||||
|
|
||||||
|
- name: Install certificates in namespace
|
||||||
|
uses: steebchen/kubectl@v1.0.0
|
||||||
|
env:
|
||||||
|
KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_FILE_BASE64 }}
|
||||||
|
with:
|
||||||
|
args: -n workadventure-${{ github.event_name == 'pull_request' && env.GITHUB_HEAD_REF_SLUG || env.GITHUB_REF_SLUG }} create secret tls certificate-tls --key="secrets/privkey.pem" --cert="secrets/fullchain.pem"
|
||||||
|
|
||||||
- name: Deploy
|
- name: Deploy
|
||||||
uses: thecodingmachine/deeployer-action@master
|
uses: thecodingmachine/deeployer-action@master
|
||||||
env:
|
env:
|
||||||
@ -168,4 +199,4 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
with:
|
with:
|
||||||
msg: Environment deployed at https://play.${{ env.GITHUB_HEAD_REF_SLUG }}.test.workadventu.re
|
msg: Environment deployed at https://play-${{ env.GITHUB_HEAD_REF_SLUG }}.test.workadventu.re
|
||||||
|
@ -11,8 +11,7 @@
|
|||||||
"back1": {
|
"back1": {
|
||||||
"image": "thecodingmachine/workadventure-back:"+tag,
|
"image": "thecodingmachine/workadventure-back:"+tag,
|
||||||
"host": {
|
"host": {
|
||||||
"url": "api1."+url,
|
"url": "api1-"+url,
|
||||||
"https": "enable",
|
|
||||||
"containerPort": 8080
|
"containerPort": 8080
|
||||||
},
|
},
|
||||||
"ports": [8080, 50051],
|
"ports": [8080, 50051],
|
||||||
@ -30,8 +29,7 @@
|
|||||||
"back2": {
|
"back2": {
|
||||||
"image": "thecodingmachine/workadventure-back:"+tag,
|
"image": "thecodingmachine/workadventure-back:"+tag,
|
||||||
"host": {
|
"host": {
|
||||||
"url": "api2."+url,
|
"url": "api2-"+url,
|
||||||
"https": "enable",
|
|
||||||
"containerPort": 8080
|
"containerPort": 8080
|
||||||
},
|
},
|
||||||
"ports": [8080, 50051],
|
"ports": [8080, 50051],
|
||||||
@ -50,8 +48,7 @@
|
|||||||
"replicas": 2,
|
"replicas": 2,
|
||||||
"image": "thecodingmachine/workadventure-pusher:"+tag,
|
"image": "thecodingmachine/workadventure-pusher:"+tag,
|
||||||
"host": {
|
"host": {
|
||||||
"url": "pusher."+url,
|
"url": "pusher-"+url,
|
||||||
"https": "enable"
|
|
||||||
},
|
},
|
||||||
"ports": [8080],
|
"ports": [8080],
|
||||||
"env": {
|
"env": {
|
||||||
@ -68,27 +65,25 @@
|
|||||||
"front": {
|
"front": {
|
||||||
"image": "thecodingmachine/workadventure-front:"+tag,
|
"image": "thecodingmachine/workadventure-front:"+tag,
|
||||||
"host": {
|
"host": {
|
||||||
"url": "play."+url,
|
"url": "play-"+url,
|
||||||
"https": "enable"
|
|
||||||
},
|
},
|
||||||
"ports": [80],
|
"ports": [80],
|
||||||
"env": {
|
"env": {
|
||||||
"PUSHER_URL": "//pusher."+url,
|
"PUSHER_URL": "//pusher-"+url,
|
||||||
"UPLOADER_URL": "//uploader."+url,
|
"UPLOADER_URL": "//uploader-"+url,
|
||||||
"ADMIN_URL": "//"+url,
|
"ADMIN_URL": "//"+url,
|
||||||
"JITSI_URL": env.JITSI_URL,
|
"JITSI_URL": env.JITSI_URL,
|
||||||
"SECRET_JITSI_KEY": env.SECRET_JITSI_KEY,
|
"SECRET_JITSI_KEY": env.SECRET_JITSI_KEY,
|
||||||
"TURN_SERVER": "turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443",
|
"TURN_SERVER": "turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443",
|
||||||
"JITSI_PRIVATE_MODE": if env.SECRET_JITSI_KEY != '' then "true" else "false",
|
"JITSI_PRIVATE_MODE": if env.SECRET_JITSI_KEY != '' then "true" else "false",
|
||||||
"START_ROOM_URL": "/_/global/maps."+url+"/Floor0/floor0.json"
|
"START_ROOM_URL": "/_/global/maps-"+url+"/Floor0/floor0.json"
|
||||||
//"GA_TRACKING_ID": "UA-10196481-11"
|
//"GA_TRACKING_ID": "UA-10196481-11"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"uploader": {
|
"uploader": {
|
||||||
"image": "thecodingmachine/workadventure-uploader:"+tag,
|
"image": "thecodingmachine/workadventure-uploader:"+tag,
|
||||||
"host": {
|
"host": {
|
||||||
"url": "uploader."+url,
|
"url": "uploader-"+url,
|
||||||
"https": "enable",
|
|
||||||
"containerPort": 8080
|
"containerPort": 8080
|
||||||
},
|
},
|
||||||
"ports": [8080],
|
"ports": [8080],
|
||||||
@ -98,16 +93,12 @@
|
|||||||
"maps": {
|
"maps": {
|
||||||
"image": "thecodingmachine/workadventure-maps:"+tag,
|
"image": "thecodingmachine/workadventure-maps:"+tag,
|
||||||
"host": {
|
"host": {
|
||||||
"url": "maps."+url,
|
"url": "maps-"+url
|
||||||
"https": "enable"
|
|
||||||
},
|
},
|
||||||
"ports": [80]
|
"ports": [80]
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"config": {
|
"config": {
|
||||||
"https": {
|
|
||||||
"mail": "d.negrier@thecodingmachine.com"
|
|
||||||
},
|
|
||||||
k8sextension(k8sConf)::
|
k8sextension(k8sConf)::
|
||||||
k8sConf + {
|
k8sConf + {
|
||||||
back1+: {
|
back1+: {
|
||||||
@ -122,6 +113,14 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
ingress+: {
|
||||||
|
spec+: {
|
||||||
|
tls+: [{
|
||||||
|
hosts: ["api1-"+url],
|
||||||
|
secretName: "certificate-tls"
|
||||||
|
}]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
back2+: {
|
back2+: {
|
||||||
@ -136,6 +135,14 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
ingress+: {
|
||||||
|
spec+: {
|
||||||
|
tls+: [{
|
||||||
|
hosts: ["api2-"+url],
|
||||||
|
secretName: "certificate-tls"
|
||||||
|
}]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
pusher+: {
|
pusher+: {
|
||||||
@ -150,8 +157,46 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
},
|
||||||
}
|
ingress+: {
|
||||||
|
spec+: {
|
||||||
|
tls+: [{
|
||||||
|
hosts: ["pusher-"+url],
|
||||||
|
secretName: "certificate-tls"
|
||||||
|
}]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
front+: {
|
||||||
|
ingress+: {
|
||||||
|
spec+: {
|
||||||
|
tls+: [{
|
||||||
|
hosts: ["play-"+url],
|
||||||
|
secretName: "certificate-tls"
|
||||||
|
}]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
uploader+: {
|
||||||
|
ingress+: {
|
||||||
|
spec+: {
|
||||||
|
tls+: [{
|
||||||
|
hosts: ["uploader-"+url],
|
||||||
|
secretName: "certificate-tls"
|
||||||
|
}]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
maps+: {
|
||||||
|
ingress+: {
|
||||||
|
spec+: {
|
||||||
|
tls+: [{
|
||||||
|
hosts: ["maps-"+url],
|
||||||
|
secretName: "certificate-tls"
|
||||||
|
}]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user