feat: add tls support with selfsigned certs #31
Conversation
pulumi/aws/certmgr/__main__.py
Outdated
| namespace=ns.metadata.name, | ||
| repo=CERTMGR_HELM_REPO_NAME, | ||
| fetch_opts=FetchOpts(repo=CERTMGR_HELM_REPO_URL), | ||
| version='v1.4.0', |
There was a problem hiding this comment.
Make version configurable.
There was a problem hiding this comment.
version, chart repo url, and chart repo name are now all configurable in the master config with fallback options if they are unset.
| ), | ||
| )], | ||
| )) | ||
| boaingress = k8s.networking.v1beta1.Ingress("boaingress", |
There was a problem hiding this comment.
Now that this block has become more complex, it would be good to intersperse it with comments to tell the story about what you are doing.
There was a problem hiding this comment.
Lots of additional detail added to that section in comments.
|
|
||
| # If we have not defined a hostname in our config, we use the | ||
| # hostname of the LB. | ||
| if not anthos_host: |
There was a problem hiding this comment.
Why are we doing this? This also deserves a comment (if it doesn't already exist).
There was a problem hiding this comment.
There was a comment, but I beefed it up a bit. the tl;dr is that we need to give the ingress object a hostname, and we default to the loadbalancer name. I note how this impacts TLS if the user moves to real certs and not self-signed.
Proposed changes
Add TLS support to the bank of anthos application, including an example ingress object using a self-signed cluster issuer resource. This requires adding cert-manager to the project as well. This can be used by additional ingress objects deployed as part of this framework.
This will close #6
Checklist
Before creating a PR, run through this checklist and mark each as complete.