- Access to private repo, which contains environment specific vars
- Install Aviator (used to merge pipeline YAML files)
- Clone eirini-private-config
- Make sure you have
The pipelines are organized in separate directories with individual
- The dns provider for the eirini.cf domain should point to the GCP dns servers and a corresponding entry should be created in GCP.
- In GCS's CloudDNS console, the
eirini.cfdomain should point to the external IP of the Istio Gateway.
- The Issuer should be configured to generate with the ACME challenge with a GCP service account that has permissions to create and delete CloudDNS entries. Additionaly a Certificate should be created for the eirini.cf domain using this Issuer.
- The certificate should be present in the namespace where the Istio Gateway is deployed (in cf-for-k8s that's
istio-system). Since that namespace is managed by cf-for-k8s, it will be deleted when doing a
kapp delete, which will also delete the certificates. Since letsencrypt has an API limit of 5 per week for a single domain, the certificates must be generated in a separate namespace and copied over to a secret in
- A server must be configured in the Istio Gateway that has the
eirini.cfhost and uses the copied secret in