k/website: add caution.co

k/cert-manager: update, so we can use http01 ingressClassName
2025-06-09 21:54:41 -04:00 · 2025-06-09 21:54:22 -04:00
4 changed files with 86 additions and 2 deletions
--- a/kustomizations/cert-manager/cluster-issuer/issuer.yaml
+++ b/kustomizations/cert-manager/cluster-issuer/issuer.yaml
@ -4,7 +4,7 @@ metadata:
  name: letsencrypt
 spec:
  acme:
-    email: ryan@distrust.co
+    email: team@distrust.co
    privateKeySecretRef:
      name: letsencrypt
    server: https://acme-v02.api.letsencrypt.org/directory
@ -14,3 +14,21 @@ spec:
          tokenSecretRef:
            name: digitalocean
            key: access-token
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-caution
+spec:
+  acme:
+    email: team@distrust.co
+    privateKeySecretRef:
+      name: letsencrypt-caution
+    server: https://acme-v02.api.letsencrypt.org/directory
+    solvers:
+    - http01:
+        ingress:
+          ingressClassName: nginx
+      selector:
+        dnsZones:
+        - "caution.co"
--- a/kustomizations/cert-manager/kustomization.yaml
+++ b/kustomizations/cert-manager/kustomization.yaml
@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: cert-manager
 resources:
- https://github.com/james-callahan/cert-manager-kustomize?ref=b9560b4603bffac901c99d7d9d16e5e2a07e44d8
+- https://github.com/james-callahan/cert-manager-kustomize?ref=039fc866e432953a5ceda9bc26155513b535eea4
 - cluster-issuer
 - namespace.yaml
 replacements:
--- a/kustomizations/website/caution.yaml
+++ b/kustomizations/website/caution.yaml
@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: website-caution
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: website-caution
+  template:
+    metadata:
+      labels:
+        app: website-caution
+    spec:
+      containers:
+      - name: website
+        image: git.distrust.co/caution/website
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: website-caution
+spec:
+  ports:
+  - name: http
+    port: 80
+    targetPort: 80
+  selector:
+    app: website-caution
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: website-caution
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-caution
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: caution.co
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: website-caution
+            port:
+              number: 80
+      # NOTE: This makes use of distrust.co's web form
+      - path: /submit-email
+        pathType: Prefix
+        backend:
+          service:
+            name: web-form
+            port:
+              number: 80
+  tls:
+  - hosts:
+    - caution.co
+    secretName: website-caution-tls
--- a/kustomizations/website/kustomization.yaml
+++ b/kustomizations/website/kustomization.yaml
@ -7,6 +7,7 @@ resources:
 - website.yaml
 - docs.yaml
 - wellknown.yaml
+- caution.yaml
 configMapGenerator:
 - name: openpgp-keys
  files:
Author	SHA1	Message	Date
Ryan Heywood	50fc310110	k/website: add caution.co	2025-06-09 21:54:41 -04:00
Ryan Heywood	2627095c97	k/cert-manager: update, so we can use http01 ingressClassName	2025-06-09 21:54:22 -04:00