Deploy Fuel-Core Ingress with SSL Cert (FuelLabs#209)

* Adding nginx ingress and cert manager deployment

* Add new lines

* Updating ValidatingWebhookConfiguration API Version

* Updating ValidatingWebhookConfiguration API Version

* Update cert manager helm chart version

* Remove ingress controller definition

* Updating helm upgrade cert-manager

* Changing ingress controller version

* Adding ingress delete script

* Adding nginx ingress annotation

deployment/charts/templates/fuel-core-deploy.yaml

@@ -13,28 +13,24 @@ spec:
       storage: {{ .Values.app.volume.storagerequests }}
   storageClassName: {{ .Values.app.volume.storageclass }}
 ---
-apiVersion: v1
 kind: Service
+apiVersion: v1
 metadata:
   labels:
     app: {{ template "fuel-core.name" . }}
     chart: {{ template "fuel-core.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
-  name: {{ template "fuel-core.name" . }}-k8s-lb
+  name: {{ template "fuel-core.name" . }}-service
 spec:
+  type: NodePort
+  selector:
+    app: {{ template "fuel-core.name" . }}
   ports:
-    - port: {{ .Values.app.httpport }}
-      targetPort: {{ .Values.app.targetport }}
+    - name: http
+      port: {{ .Values.app.httpport }}
       protocol: TCP
-      name: http
-    - port: {{ .Values.app.httpsport }}
       targetPort: {{ .Values.app.targetport }}
-      protocol: TCP
-      name: https
-  selector:
-    app: {{ template "fuel-core.name" . }}
-  type: LoadBalancer
 ---
 apiVersion: apps/v1
 kind: Deployment

deployment/charts/values.yaml

@@ -16,6 +16,7 @@ app:
     pvname: db-volume
     mountPath: /mnt/db/
     claimname: db-volume-pv-claim
-    storageclass: gp2
-    storagerequests: 3Gi
+    storageclass: ${pvc_storage_class}
+    storagerequests: ${pvc_storage_requests}
     accessmodes: ReadWriteOnce
+

deployment/ingress/eks/ingress.yaml

@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ${k8s_namespace}-ingress
+  namespace: ${k8s_namespace}
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "letsencrypt-prod" 
+    kubernetes.io/ingress.class: "nginx"
+spec:
+  rules:
+    - host: ${ingress_dns}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: ${k8s_namespace}-service
+                port:
+                  number: ${ingress_http_port}
+  tls:
+    - hosts:
+        - ${ingress_dns}
+      secretName: letsencrypt-prod

deployment/ingress/eks/prod-issuer.yaml

@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+  namespace: cert-manager
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: ${letsencrypt_email}
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - http01:
+        ingress:
+          class: nginx

deployment/scripts/.env

@@ -1,11 +1,18 @@
 # Kubernetes Provider Enviromment Variables
 k8s_provider="eks"
 
-# Helm Enviroment Variables
+# Helm Environment Values
 k8s_namespace="fuel-core"
 fuel_core_image_repository="ghcr.io/fuellabs/fuel-core"
 fuel_core_image_tag="latest"
 fuel_core_pod_replicas="1"
+pvc_storage_class="gp2"
+pvc_storage_requests="3Gi"
+
+# Ingress Environment variables
+letsencrypt_email="[email protected]"
+ingress_dns="example.com"
+ingress_http_port="80"
 
 # AWS Environment variables 
 TF_VAR_environment="fuel-core"

deployment/scripts/fuel-core-delete.sh

@@ -8,5 +8,5 @@ if [ "${k8s_provider}" == "eks" ]; then
     echo "Deleting fuel-core helm chart on ${TF_VAR_eks_cluster_name} ...."
     helm delete fuel-core --namespace ${k8s_namespace}
 else
-   echo "You have chosen a non-supported kubernetes provider"
+   echo "You have inputted a non-supported kubernetes provider in your .env"
 fi

deployment/scripts/fuel-core-deploy.sh

@@ -19,5 +19,5 @@ if [ "${k8s_provider}" == "eks" ]; then
               --timeout 8000s \
               --debug
 else
-   echo "You have chosen a non-supported kubernetes provider"
+   echo "You have inputted a non-supported kubernetes provider in your .env"
 fi

deployment/scripts/ingress-delete.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -o allexport && source .env && set +o allexport 
+
+if [ "${k8s_provider}" == "eks" ]; then
+    echo " ...."
+    aws eks update-kubeconfig --name ${TF_VAR_eks_cluster_name}
+    cd ../ingress/${k8s_provider}
+    kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/aws/1.21/deploy.yaml
+    helm delete cert-manager --namespace cert-manager
+    kubectl delete -f prod-issuer.yaml
+    kubectl delete -f ingress.yaml
+else
+   echo "You have inputted a non-supported kubernetes provider in your .env"
+fi

deployment/scripts/ingress-deploy.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -o allexport && source .env && set +o allexport 
+
+if [ "${k8s_provider}" == "eks" ]; then
+    echo " ...."
+    aws eks update-kubeconfig --name ${TF_VAR_eks_cluster_name}
+    cd ../ingress/${k8s_provider}
+    kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/aws/1.21/deploy.yaml
+    helm repo add jetstack https://charts.jetstack.io
+    helm repo update
+    helm upgrade cert-manager jetstack/cert-manager --namespace cert-manager --version v1.7.1 --install --create-namespace 
+    mv prod-issuer.yaml prod-issuer.template
+    envsubst < prod-issuer.template > prod-issuer.yaml
+    rm prod-issuer.template
+    kubectl apply -f prod-issuer.yaml
+    mv ingress.yaml ingress.template
+    envsubst < ingress.template > ingress.yaml
+    rm ingress.template
+    kubectl apply -f ingress.yaml
+else
+   echo "You have inputted a non-supported kubernetes provider in your .env"
+fi