Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support TLS traffic with cert-manager. #357

Merged
merged 15 commits into from
Oct 5, 2020
Merged

Support TLS traffic with cert-manager. #357

merged 15 commits into from
Oct 5, 2020

Conversation

willgraf
Copy link
Contributor

@willgraf willgraf commented Jun 12, 2020
edited
Loading

cert-manager can generate and manage TLS certificates. This PR introduces the cert-manager, and deploys 2 ClusterIssuers to issue certificates for let's encrypt staging and prod environment, as well as a certificate (staging by default).

This certificate is then referenced by the frontend helm chart, which it uses to authenticate requests.

Fixes #266

SSL Labs screenshot

@willgraf willgraf marked this pull request as draft June 12, 2020 01:57
@willgraf willgraf added the enhancement New feature or request label Jun 12, 2020
@willgraf willgraf changed the base branch from stable to master August 27, 2020 00:50
@willgraf willgraf changed the base branch from master to stable August 27, 2020 00:52
@willgraf willgraf marked this pull request as ready for review September 1, 2020 16:54
@willgraf
Upgrade from helm2 to helm3 by updating the base image. (#370)
b579505 
* don't deploy helm anymore, using helm3, no tiller required.

* helm3 removes client/server achritecture and relies on binary only; no need for "helm init".

* kubernetes 1.16 updates all APIs to apps/v1 instead of extensions/v1beta1

* update nginx-ingress chart to support kube1.16. unstringify the helmfile too.

* Update base images to latest versions.

* update recommended API versions for ClusterRole, ClusterRoleBinding and Ingress

* remove references to --purge, unused in helm3.
@willgraf
Merge branch 'stable' into tls
c26a892
@willgraf
remove tensorboard yaml file (again)
79d39ff
@willgraf
fix whitespace.
6fd411c
@willgraf willgraf changed the base branch from stable to temp September 18, 2020 20:20
@willgraf willgraf changed the base branch from temp to stable September 18, 2020 20:22
@willgraf willgraf merged commit 119b8de into stable Oct 5, 2020
@willgraf willgraf deleted the tls branch October 5, 2020 20:21
@willgraf willgraf mentioned this pull request Oct 6, 2020
Closed
willgraf added a commit that referenced this pull request Dec 16, 2020
@willgraf @msschwartz21
Merge stable into master for release 1.4.0 (#410)
13f5edb 
* Support TLS traffic with cert-manager. (#357)

* Fix frontend ingress issue when no hosts are provided. (#381)

* Template frontend ingress annotations using `CERTIFICATE_MANAGER_ENABLED` (#383)

* Create tf-serving configuration files using an initContainer. (#382)

* Fix whitespace issue in tasks/Makefile.kubectl (#386)

* Bump openvpn to 4.2.3 (#385)

* Upgrade certificate manager to version 1.0.3 (#384)

* Add screenshot of successfully created cluster to docs. (#388)

* Set up an AlertManager with slack receiver support (#317)

* Install procps to give access to sysctl. (#390)

* Migrate CI/CD from TravisCI to GitHub Actions (#394)

* Change the redis helm chart repo to bitnami (#393)

* Upgrade tf-serving chart to 0.3.0 for application version 0.4.0 (#392)

* Move the frontend HPA definition into the helm chart. (#395)

* Move the tf-serving HPA into the helm chart. (#396)

* Move redis-consumer HPA into the helm chart. (#397)

* Remove deprecated and unused charts (#398)

* Migrate stable helm chart repo to archived URL. (#399)

* Destroy the secret and remove the key from the DNS solver SA in a new task: `gke/destroy/certificate-manager-secret` (fixes #391).

* Use GCP_SERVICE_ACCOUNT for DNS resolution (#401)

* Clean up docs and test them with new GitHub Action workflow (#402)

* Add code-formatted filename to list of files to change (#403)

* Update ELK stack helmfiles (#380)

* Move the prometheus-redis-exporter script to a chart using incubator/raw. (#405)

* Use `kubectl del pvc` instead of deleting all pds with the cluster name. (#406)

* Update helmfile defaults for faster helm deployments. (#404)

* Skip gke/destroy/node-pools during cluster teardown. (#407)

* Update docs to reflect the pending 1.4.0 release. (#408)

* Bump redis-consumer version to 0.8.3 (#409)

* Run integration tests on all PRs to master OR if they have the commit message. (#411)

* Remove helm defaults for ELK helmfiles (#413)

Co-authored-by: Morgan Schwartz <msschwartz21@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MekWarrior MekWarrior MekWarrior approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@willgraf @MekWarrior