diff --git a/Makefile b/Makefile index 843d742..205b047 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,7 @@ test: ## Runs unit tests and shows coverage. install-pubgrade: # build ## Install pubgrade on cluster using helm. # kubectl create namespace $(APP_NAME) --dry-run=client -o yaml | kubectl apply -f - - helm upgrade --install $(APP_NAME) deployment/ -n $(APP_NAME) + helm upgrade --install $(APP_NAME) helm/ -n $(APP_NAME)-ns uninstall-pubgrade: ## Uninstall pubgrade. helm delete $(APP_NAME) -n $(APP_NAME) diff --git a/helm/templates/pubgrade-webserver/ingress.yaml b/helm/templates/pubgrade-webserver/ingress.yaml index 79ad4ba..ec9efe0 100644 --- a/helm/templates/pubgrade-webserver/ingress.yaml +++ b/helm/templates/pubgrade-webserver/ingress.yaml @@ -1,16 +1,16 @@ -{{- if .Values.pubgrade_webserver.ingress.enabled }} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - annotations: - kubernetes.io/ingress.class: nginx - {{- if .Values.pubgrade_webserver.ingress.https.enabled }} - cert-manager.io/cluster-issuer: {{ .Values.pubgrade_webserver.ingress.https.issuer }} - kubernetes.io/tls-acme: {{ quote .Values.pubgrade_webserver.ingress.https.enabled}} - {{- end }} name: pubgrade-ingress + annotations: + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: + ingressClassName: nginx + tls: + - hosts: + - {{ .Values.pubgrade_webserver.ingress.url }} + secretName: pubgrade-dyn-cloud-e-infra-cz-tls rules: - host: {{ .Values.pubgrade_webserver.ingress.url }} http: @@ -19,31 +19,5 @@ spec: service: name: pubgrade-service port: - number: {{ .Values.pubgrade_webserver.port }} - path: / - pathType: Prefix - {{- if .Values.pubgrade_webserver.ingress.https.enabled }} - tls: - - hosts: - - {{ .Values.pubgrade_webserver.ingress.url }} - secretName: pubgrade-ingress-secret - {{- end }} -{{- else if .Capabilities.APIVersions.Has "route.openshift.io/v1/Route" -}} -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: pubgrade-ingress -spec: - host: {{ .Values.pubgrade_webserver.ingress.url }} - tls: - insecureEdgeTerminationPolicy: Redirect - termination: edge - to: - kind: Service - name: pubgrade-service - weight: 100 - wildcardPolicy: None -status: - ingress: [] -{{- end }} -{{- end }} \ No newline at end of file + number: {{ .Values.pubgrade_webserver.port }} + pathType: ImplementationSpecific \ No newline at end of file diff --git a/helm/templates/pubgrade-webserver/secrets.yaml b/helm/templates/pubgrade-webserver/secrets.yaml index 0a62529..d76aa44 100644 --- a/helm/templates/pubgrade-webserver/secrets.yaml +++ b/helm/templates/pubgrade-webserver/secrets.yaml @@ -7,15 +7,15 @@ data: gh_access_token: ENC[AES256_GCM,data:UBkjenltnbZYbVABRxQU94C5sjfN/qSqfsp21QgHKdCfGb3T38HoAxyJJYkIAqCWW1/yellZEqQ=,iv:SOozTjfhKVZMf4yoMldAB7jbGQQp3MGabG+Xj6CcSJQ=,tag:dFoj8Dqnv8NJHqCXslQcIg==,type:str] cosign_password: ENC[AES256_GCM,data:nPLDBdTyE4g=,iv:1CnDCgprepOADS3gCgYmsHY5R4cKukIgVNVmPyHflwA=,tag:7ZVLeGM6Fo8/bc/lDtvXsQ==,type:str] cosign_private_key: ENC[AES256_GCM,data:EWGPN0MAg+Z20GISbyB7LsYWiREjsBX6lhqLl9ooodTZORCJaRri6zSRMFvG/7n4K7FdKqUVdlzUWEr+9r+hJp4ZmTXGLAZRK0FuxmJl4q74q2WlZBaTC8zn4oJMGhg8oA9XO7ASOQarHKM5a66pHVB2tOx3sn98tM6rEhPqf89Is33i8DXr+qE7HmrKDd7yZcORKBqZK3laoTivXJ6Sm2Lj+hSxf1oyinsCSl8SVKe1lUGwqZtAlGD7DsU4XRjadcG2iR2EpR4HxRNQF6zbXLtLxrVp4lkD4KwMSE9he1MiVjT1p6ABR7+bzCHJ6nFq85U+sBgNIfLRbYYAmDKeqtzZrxdUz2ZH0UjenfslyhkYQQBnRb0zdWR8FL7SrWgscABPjr6FwD70AldIdU09da+1tV/UmLeGSUl8K9QaYgmBeR2OQLu/2DpmiqSDPy9Enwd3Nzy7XOFTCOHRPP74nquqjVAg5e46ke4BOeFoPAIV6GN8m8b0NOTIniOf2t5xSLZjpM+pCRkHMOpyDXRSbQIYA2b0GVVVIzwmTkiME97mS1XRMGJ7h0nCpHHBTWIO0XeVw5X9oSbDuL2mcBtjQlKgn4deZ7q8dr9FzZKbbC6ATkqjHi0tiEWZCaWr1A59kRJGuU5hpxfUr+tzZSpjfDR4LhQYZUy9kYdGwujheUPlVAgtM19+rEIPIFNiAtp/K/8z1Iz48G3stPApD8fjht/iGEqp2hNoAZYfvCNMpeoPMXbWbmkkhSvizUUK0IbFPpb1TasW4WmsnsL0fABM6gx1FW/RnOG6qvpXsPSHBrccZcM7rk97db2C6kLU3trY+dHhdNHCMAe3Ua9Gatfy/bUcE3ecw5MBHw6gE6RuKGlnj6Tigs7bOU9lG5/9iNS1HwbUcjFQXfohRQg64dvDfUkDOvmE6+YwwrRX7HKGVSUuHWrUT/VrT19ToYf37QiKXlA2ls0XlMjeJGifmHM+2hd41esCllRheSOUWC/8xOyKv9I3+xKoj6A9nGr7+oXrru/Lbot9lNTLWvL0CNJM90bw2jt3/svgtwIzSG/7XsokHLztSkVAmU3nm5wIEdqOV3cWYH7D9po+MspvRRORFY+gN2VN5zQm665rFRKZZcYsHckheO3urFegsk89i5bC,iv:IxnskDR1kLDIq8hr1YkHR9GoaseXzcO0dvym5pfkVuw=,tag:wUPmqj34n4MQEoexaZs//Q==,type:str] - intermediate_registry_token: ENC[AES256_GCM,data:+FSSbA4HpSTOS2dndJpgKfdXFi7fmjNuMAIPb2i6AMpbnlnZLaZhtyjPxtCR1pSjzBvN85flQRnAurmJL8swxngAEWxYYdrjOXyVed+bgfrqte/kIgZISlrlVxzGKIXaNL85ycxazfGOCvGKUHmJXdW2vs/aj3x+v7DaC95MvibWQRCoyPuzTn78QDrThShpQG4Iov2JcqVuJPJmoBEHLp32MuOb2qiKHzKndYk/Pk7ivNXc6WqwDhzHjrKgOzO0Q3i5ir8Sf/ckSihAqAFovZEyiocku5eb2+Dr8l/0jj4Cqb/x0VkVURVxb1LK6dYoyyrtFOEmAry+SUkQaxPgfsHgh6idnArHnWp7kFppy/ppEG8VTTKPenPUMC2RucDhG5GpgE0fM6h2wiw+OFBednz3nZcQpRPIWy9ECv+ZmSK/rc+gh9rEQ7XMcv7RYGdjmuHMIc1qOCkHxsHake23AEQYY3g1MUAT9NFb/irYUB8xY0hQ91g0wz9zjk9IogUtw4H1RYzQ0vwKS1hN3cbM42uivCXwb2fH//BO6uzfsur33+s575PG1czy1WdvJMNvKfQ5KcU7cdyVrtw2BBiRe4DKYPtgIl2B8kcbHMT0Tf3jrwNAL624AnKIYLAUPWCDQjkyszZoa0ZiIOWwkZxkW1OdU1Rjwoxzhznn5rfhVRRCzgbcwXD4sybjMQoNOG+9i2y0754F9pnOzhIG3s/Svf7kDnQCZzn1VW3ZuAbQHyvwvSF48tU64nk4zbOkRdQH0/pq7hyh/kRiK5BDJgVBqPPYMA5E3ur2L5vppBfPOB0PfSGD/rN9YtjRlxYICQmJFYI/+oE+FzgD4T/+gv4bX9LlMiS1iyslJqEIdFRFaG/eC4187q/kzNxUIREOdqp2EYtBL8CfvmkDwV0Nw61xViHg798YoHID9Wl1nPnoZFpEeFgNu3aHrSdLQW+i22XTYhHES8m0mvndrP7kJCBgw77IjhxUNZJF+vWy3frEdksa3c5Re9HN92alhHKlW3ONPR3xpPNujVQxhVhzuFA0ZFv73XzqEEagu2V8l6jRggSNaP5AqGQ3d3bA2iFMRYd03ZrbW2v3Z9BGgFyBf+HsZEPGZyhdaEl4GxSmzgKHs8tb/4QVF3DMc7mu1jcC+Ve1WPNK1RJ1pSRDfrsvF5vg+xqXmtQbdhr7nzINIFLQvlTqKm5a4W/qF4A06KiDo3I8jC9koxAGtfdO1wbFfGxLXZLWdFGrDA0j5JMT+WXdieLfnbkYUyXL7abbb9KnTxIYoE8D+dJxvBPBW+eCHSEMIlsAtT5CqiADZSa+KZvOC94MgOq6YUxrX6EL/MqVn0iwBKdLWjnsanRckCaHrGz2uXSlFP/rZ6FNKZ2eyuNI6AO+Uyo6pi5ob9Kuy9kDluoiFINUMKVD0FQtgXTmiYKvsQFPur8C2hVF6i9/EC0dRQ+kDJO/UEZf9hcGwi766Wp3/VPhsx+fWxQd9/xu6UYyQ7GroN8+EULnw0559T+xIVGVipi20tmN9guB+bFY6GPA5B8EluchAgqzuRILS19rRgKiLXVYRcwOhEwijBJtMStU0qVSNi7xcq+AcUl6qXXxSzlnujiLwMbSY4qPws5x/vTM4hyfLonvedQ2wZRfiYPZKIWJnjsk0SYM/Tv4gY4gXpgEvV9biM+ltwhzO4CG8VVdaJeIZipQv1swTQ6J9Qq3eg4G+OkTPkMFKk7HU9aLqMcaNWKaIcN6RukEWYWJqi3j8ChUbpTwzXh833e7dfy6Qxol+JQVd5rGG9PGI22ai/W2L7+E22y/+HIJUJ67G+3YMQiRsvmpW7YwdRjySibJTorq7wHNbbEtKWW+dSK5rtLb8dyAKep/ud5cnVrTS1hqZna8xoCLMPauRBjQG4GvS60VUorOosUq0cY8KzFKEJzCIxPpLCYnldv6pk7AZHFTuasX3pIrwafg11TNwaL9H56utQHLLHDpa0b8NTD54pyNJiCwUwyGla70v7KAEev/sCrqKjz1cwvp/z/waZWI9j358QeeMbBOggchJ3cOg7UnW0HP9eMs11obnLg0s9HI37kUSftVj98OKkLuwHU1p92TkO9ezqrhLb3vb2JPzx8hkcv5Qwd2236kgSP9jC9gSjJzph54+Jro1at816HBfF3OEm2bp4pPVcm9r6j+f++y4QtFhYYp/wsjkV/FvRikmI++YoUudate8ILIyp0FhJVLT98y0tN3w6F5MJ6Tbjg0CmVZhU52cp9t3HhML3lI/6CEqVja4H3R0VZ/TzKnvaOUsYAjT3cpjWjhhDgAy4KYif7Sk6BQ3SJJN+0SVsgV70z62iI9KfKnmIxCfpdBDaatc9rIMjoapmPCYpkbMazlTAttK8w0CSxB60drQeUXGMaUt5zjGahhjreqAIba+0FFhUplpUqApNGD3wYlPTA8PItYS+J8IwMn9d4onS8SKOimhRqZaIQ9/6sDj9nl1ZRLTmiQkl3pgjDBIlI5nv+JSJxvXUb0v7JHINq9gii9aiGEemPBjWO+ptfMjXCzF6yZFkxRC62hyASS2BZuIitroUJFCArpZ4CYzp48ymbOYACw3eSv+n51V7jhDfyciTwZrHje/mgyRH7HCh45PDiqQAu+IiEYZa9hm2Yq8tCP86fFL/5TQJ2Bs+lbWeckvKXg1FBqTXw2h4YTwk89/T3VBcMSEhrMBvd/gviuzE9brItypikg6EAMI8FI8C2VJcNHlw5Y4EHl8KdCBgDXpJ9kpsiajh+ehNtUH9oCJcVXjldAPseePcXLZEmifg57BQICZCfQjJ1ASSIMTMLIjSR7MkL/jB33ybMwp0LkI5e64Gc9EC20VxHmC357dYsOMoRA4hER4yGuWOrFoMoz0xxfDHSQ/8hBAag7u8soOLKSsd6cCbj5BJGqvLhxu94XV2lmS89Rcdiskxo1BOhmT0WmKyFyMARP/c0Olx+f34YISMNXKd8H2G4USz36y61NIcGe68s5GQ==,iv:9ndRqNZc+eyRN/LZq772QqT40gM0qT1G3mNzbpwl/88=,tag:FOatS78EDjePcm9nF206PA==,type:str] + intermediate_registry_token: ENC[AES256_GCM,data:zwzg2e6Md0qUqAXuHaixIU5acVohtR7hwKop45Tbl9D8YmrOyG7jko+YdW9auj5UhfLG7R7do40AehDwR/IdotlDgvQmPCqK7xf6MgbSjpXfXJXF/G4BfB+bdWf4oZqKyOEv/IhWQy0jFQyb6vnwkv3ED8e8uHYWqLkRC1Ok0JsvE/JlFBqglUKngIv8sVTWVRlrMF2Cujccm7FyLGiXOiryUhU2LIsK7ernaVbuEIHIFJcfeCf0hT/XbjLzPuv4zLzYabVkwjfZi9JraBQ8RfxYHWI6J2FMIhDbrWDF9ec2c3aYo+3r2UUzHAhakugmhjr5L7YB7iGx6bEzXx6oU0ZW6NbLwKGfC8AobSZ2N01K1UjeqNi+ENOBgWkHXlYEnEGRqL/Fbvg8DEys4jVbT26ojus20Rn7HYE4p/x84UeWEmI8ijCL779+rHcihY2EOxZiARjDV7aCFi3dooELBXHiZvLWbPnJ5iX6H3PYZC4r+ux+uaK1wQ1bBlajzFBdBGCoLpBLVYBJ0rJKOBvKZZOsT+SbnuZeX/hdKrEYGZtvxB8VPpXpUu9N5ULrKnaActeQi0N9a8YXSTfpbpNpIjvrkQQqEVyqp9R47MahaObzQxSkOu9t8XS1B6+yf7j28fjBGCRXA83x3udV2w+QqLkN3i7UfettCzA8zrUo+fSt+AX1bFhQLo5h2KyN2fM9q7OJe4sJSDhMh0SvdBt4kFh/P58cPss/ewWkLpDZZ+28VA1JHkUr2GPUwrw5wmnA3O/Kqxfz/2UGIO6Pgg4LRT4VHjjKZ71Hy3dr/74pqFVUWndk5ydgGPOhCwnzMZD8ZPrVMsWUf+DV4aDzCwBxfm3X5BN6Btw9KdBZZ1b3I524cf9pp+5q7qLIuU44czNc8ir68NWtRNPgkskYR9gI2vLshU8ePU+yOacuzzBJAWJ9QYDNwjIwD3YSX5iYywwLpOY3lKq9ajvLT5NzjjIwm7MFrvIy1fgNdTVkDviTXQeEmPfaJcgnhGxIBNziAZIQGCxYmpH/vGQdXYizgu4FLWLIRdZzHpuSwV+LxAupL7+azacNGqnySTK1AC1wYqcxSXsE7wTnjNpc/47gwRGvoW3TEq2YEATd0kT8kB4fgbJ5bvMMH19Pwp0HBudIj0kq/cs5bsngCv+wrfg+bRNfj4x5287ELdPDnZE+97kU2bztfKFZTomauqD5p+xSmRZjBvucFgp/4RI+PFTuUp9gtUpab/lznLZ4G+V1mKERQ9AdQrxDh4ATgmnkC+uJbKzES5lJD5M7D9+kvPoqFDzzU/GGc9PDZf/B6HoXkB+LTIWyzJMqCTqBJ+2c0+rmvSzA8w4aayW8a62wPWtUUphyNQ46OkthoWgp9GAmCSUokdZv3hmQIbDWM32Hb+0NX5Uz2aLYnpMC78Rht5VOJqikOI5zvPLlO7tdtlLOAB6DAP/Tp4mP+BahXfpEpLPW8LxJcl4mLR9CMxHO1WeG1Q4r+YRuprecRGMUV+X80b/xsWfcQQlNwFUoOG3OjQ2q3YvscYEZPJzyn2UzF50f57xQl0lct9hundNos02nUMW44Egyxgq+3zktdlHjgz3u+6klUmp3Sfvc0PX5xEUy5DXPSClZ/0QAbQKrmleLVsmxWk9aZHGc6yOuaS/HzWIZHD9KxBy64Dd4642XKRpJcReAy4dACWgkvGxF/i780M3orBragommP0dwWnopVZnC0xX6TbPgND4A8Mf0MQYtHzP7YsAgg8SPpLmNJPnxigS6L7WmQZcjrJa7/DgEQ8sVo+h7RO8LWCS7yP5P7q4A8J2ZbGbbT/dtb41/wx6nDCbepvxsGcBT8UuMFVgHAPqUFMiHj+J+zssqinOPx4GDNYJKh3vaJcfBg0gBdtqJ0UFhZ8YyC21abCrxsK88OTt836hb2efIFjEQjplrC2AL5Lnuz+DIRioddVvNJmOQQGO9Ytv5+9TWbvDtRgvOW1YqAjwGvOx27HtbNX2rHuoU9/3ArDj5SB+Dd1C0oRFT9eljVxFh3tsR20LGq2T1uYiALTeRsrHB4c4W6YXDCHuxtY9UotzwtBYGQIVEz7Hpi6tqwAm6+gPjWc1G9uFvgBhtvOm4FM6aqbwXBBWXzB2/4avbHhNBwbthnapLRhh3gx0xPDOgdumAuHcNSxmNvvIUM0OAjth0CsnNRGjYBMN5eoHp0fjyV71MQGAhL1xljcLf/9FwiY+k7eQNSy81MlM=,iv:a52pO3MlLUbC+5TyLN4w5A5jnn15CmDfo0xpFCLi/c4=,tag:bW2po2rvlhttao0Ds+7ySQ==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-12-08T19:37:28Z" - mac: ENC[AES256_GCM,data:IkE6gD5WMsK7cnOj6+LigbqrMqoQkwKR0tFd4pTBuxYVuioRWMiTu2ureIy5M51y3PQx+SvigJwh0arfprpo73LsRusHhD7Y6tw0fBm21D9+P5sroZEWlyTv8u+cZJ/5EHOJTOqIdU+7xkw9TqLS6B3pVdbFmct6elZYBeZMuP4=,iv:RBJFs1naCz31N4/CLTIaPhlqRaY29JpBRcNLBbFPO0Y=,tag:qfXfTNvfBmXSrEi/xxAK9w==,type:str] + lastmodified: "2025-01-28T19:50:47Z" + mac: ENC[AES256_GCM,data:7dKkGzbYn/GDMCT4Hi5DMx+8lw7/0nymb4x2x5/VTpMUlqXiDyyQDH+S1MDITS+PxWWraalu6F8xpIJAjEJ8SAbOG8aqF6rE2ZX8AWCW3fbLS1NplnC45EBTlzf34ax75rITy5yNE+2Ih7gk6EKC9MmEYco4vPzMuVTG4PEPp+w=,iv:jgNmlzLCxlGb1zzL4QtwhmXwsnoTu0NmlH7JbR95N/A=,tag:an4uR3/UoXgceoiW+akkpw==,type:str] pgp: - created_at: "2024-12-08T18:28:08Z" enc: | diff --git a/helm/values.yaml b/helm/values.yaml index 3d2f0e4..ce1ab48 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -50,11 +50,9 @@ pubgrade_webserver: storage_active: true ingress: - enabled: true - url: 'your.url.without.http.com' - https: - enabled: true - issuer: letsencrypt-prod + url: pubgrade.dyn.cloud.e-infra.cz + tlsSecrets: pubgrade-dyn-cloud-e-infra-cz-tls + securityContext: runAsUser: 1004510000 diff --git a/pubgrade/config.yaml b/pubgrade/config.yaml index 7e5de38..07dc417 100644 --- a/pubgrade/config.yaml +++ b/pubgrade/config.yaml @@ -104,4 +104,4 @@ endpoints: user_access_token: 'c42fhg44e3d0' builds: gh_action_path: "akash2237778/pubgrade-signer" - intermediate_registery_format: "cloud-registry.2.rahtiapp.fi/pubgrade/{}:1h" \ No newline at end of file + intermediate_registery_format: "image-registry.apps.2.rahti.csc.fi/pubgrade/{}:1h" \ No newline at end of file