From 1e58dd1bb4ea83542571dd520a871ad9a29bc613 Mon Sep 17 00:00:00 2001
From: James Pannacciulli <jpnc@jpnc.info>
Date: Fri, 3 Nov 2023 17:24:28 -0400
Subject: initial commit of possibly working code

---
 seagl2023/k8s.jp.net/ingress.yaml | 76 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)
 create mode 100644 seagl2023/k8s.jp.net/ingress.yaml

(limited to 'seagl2023/k8s.jp.net/ingress.yaml')

diff --git a/seagl2023/k8s.jp.net/ingress.yaml b/seagl2023/k8s.jp.net/ingress.yaml
new file mode 100644
index 0000000..444a88e
--- /dev/null
+++ b/seagl2023/k8s.jp.net/ingress.yaml
@@ -0,0 +1,76 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nginx-ingress-microk8s
+  annotations:
+    kubernetes.io/ingress.class: public
+    ingressclass.kubernetes.io/is-default-class: "true"
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/enable-modsecurity: "true"
+    nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
+    nginx.ingress.kubernetes.io/modsecurity-transaction-id: "$request_id"
+    nginx.ingress.kubernetes.io/modsecurity-snippet: |
+      SecRuleEngine On
+spec:
+  rules:
+  - host: "seagl00.k8s.jp.net"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: seagl00-k8s-jp-net
+            port:
+              number: 80
+  - host: "seagl01.k8s.jp.net"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: seagl01-k8s-jp-net
+            port:
+              number: 80
+  tls:
+    - hosts:
+      - seagl00.k8s.jp.net
+      secretName: seag00-k8s-jp-net-tls
+    - hosts:
+      - seagl01.k8s.jp.net
+      secretName: seag01-k8s-jp-net-tls
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ingress
+spec:
+  selector:
+    name: nginx-ingress-microk8s
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: 80
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    # You must replace this email address with your own.
+    # Let's Encrypt will use this to contact you about expiring
+    # certificates, and issues related to your account.
+    email: seagl2023@jpnc.info
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource that will be used to store the account's private key.
+      name: letsencrypt-account-key
+    # Add a single challenge solver, HTTP01 using nginx
+    solvers:
+    - http01:
+        ingress:
+          class: public
-- 
cgit v1.2.3