forked from juice-shop/multi-juicer
-
-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add external-dns and acm capabilities
- Loading branch information
Showing
12 changed files
with
227 additions
and
53 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# Uncomment for ssl using ACM | ||
module "acm_balancer" { | ||
source = "terraform-aws-modules/acm/aws" | ||
|
||
count = var.balancer_domain_name != "" ? 1 : 0 | ||
|
||
validation_method = "DNS" | ||
|
||
domain_name = var.balancer_domain_name | ||
zone_id = var.hosted_zone_id | ||
|
||
subject_alternative_names = [ | ||
"*.${var.balancer_domain_name}" | ||
] | ||
|
||
wait_for_validation = true | ||
} | ||
|
||
module "acm_ctfd" { | ||
source = "terraform-aws-modules/acm/aws" | ||
|
||
count = var.ctfd_domain_name != "" ? 1 : 0 | ||
|
||
validation_method = "DNS" | ||
|
||
domain_name = var.ctfd_domain_name | ||
zone_id = var.hosted_zone_id | ||
|
||
subject_alternative_names = [ | ||
"*.${var.ctfd_domain_name}" | ||
] | ||
|
||
wait_for_validation = true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
apiVersion: networking.k8s.io/v1 | ||
kind: Ingress | ||
metadata: | ||
namespace: ctfd | ||
name: ctfd | ||
annotations: | ||
alb.ingress.kubernetes.io/scheme: internet-facing | ||
alb.ingress.kubernetes.io/target-type: instance | ||
alb.ingress.kubernetes.io/success-codes: 200-399 | ||
#uncomment and configure below if you want to use tls, don't forget to override the cookie to a secure value! | ||
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS13-1-2-2021-06 | ||
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' | ||
alb.ingress.kubernetes.io/ssl-redirect: "443" | ||
external-dns.alpha.kubernetes.io/hostname: ${CTFD_DOMAIN_NAME} | ||
# The certificate ARN can be discovered automatically by the ALB Ingress Controller based on the host value in the ingress, or you can specify it manually by uncommenting and customizing the line below | ||
# alb.ingress.kubernetes.io/certificate-arn: <certificate-arn> | ||
spec: | ||
ingressClassName: alb | ||
rules: | ||
- http: | ||
paths: | ||
- path: / | ||
pathType: Prefix | ||
backend: | ||
service: | ||
name: ctfd | ||
port: | ||
number: 80 | ||
host: ${CTFD_DOMAIN_NAME} # Specify the hostname to route to the service |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: external-dns | ||
labels: | ||
app.kubernetes.io/name: external-dns | ||
rules: | ||
- apiGroups: [""] | ||
resources: ["services", "endpoints", "pods", "nodes"] | ||
verbs: ["get", "watch", "list"] | ||
- apiGroups: ["extensions", "networking.k8s.io"] | ||
resources: ["ingresses"] | ||
verbs: ["get", "watch", "list"] | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: external-dns-viewer | ||
labels: | ||
app.kubernetes.io/name: external-dns | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: external-dns | ||
subjects: | ||
- kind: ServiceAccount | ||
name: external-dns | ||
namespace: kube-system | ||
--- | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: external-dns | ||
namespace: kube-system | ||
labels: | ||
app: external-dns | ||
spec: | ||
selector: | ||
matchLabels: | ||
app: external-dns | ||
strategy: | ||
type: Recreate | ||
template: | ||
metadata: | ||
labels: | ||
app: external-dns | ||
spec: | ||
serviceAccountName: external-dns | ||
securityContext: | ||
fsGroup: 65534 | ||
containers: | ||
- name: external-dns | ||
image: bitnami/external-dns:0.15.0 | ||
resources: | ||
limits: | ||
memory: 256Mi | ||
cpu: 500m | ||
args: | ||
- --source=ingress | ||
- --provider=aws | ||
- --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both) | ||
- --txt-owner-id=external-dns |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,7 @@ | ||
region = "eu-west-1" | ||
# state_bucket_arn = "..." | ||
|
||
## Use this section for a custom domain with TLS | ||
# hosted_zone_id = "..." | ||
# balancer_domain_name = "..." | ||
# ctfd_domain_name = "..." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters