prepare s3 for https

2025-08-22 19:17:58 -04:00
parent ec81a2b4c2
commit 4c64f79377
3 changed files with 44 additions and 0 deletions
--- a/system-apps/cert-manager/config/Certificates/dubyatp-xyz.yaml
+++ b/system-apps/cert-manager/config/Certificates/dubyatp-xyz.yaml
@@ -9,6 +9,7 @@ spec:
  - dubyatp.xyz
  - '*.dubyatp.xyz'
  - '*.infra.dubyatp.xyz'
+  - "*.weyma-s3.infra.dubyatp.xyz"
  issuerRef:
    kind: ClusterIssuer
    name: letsencrypt-dubyatp-xyz
--- a/system-apps/rook-ceph/storage/object/cert-dubyatp-xyz.yaml
+++ b/system-apps/rook-ceph/storage/object/cert-dubyatp-xyz.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cert-dubyatp-xyz
+  annotations:
+    replicator.v1.mittwald.de/replicate-from: cert-manager/cert-dubyatp-xyz
+    replicator.v1.mittwald.de/replicated-keys: tls.crt,tls.key
+type: Opaque
+stringData:
+  tls.crt: ""
+  tls.key: ""
--- a/system-apps/rook-ceph/storage/object/ingress.yaml
+++ b/system-apps/rook-ceph/storage/object/ingress.yaml
@@ -0,0 +1,32 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: weyma-s3-ingress
+spec:
+  rules:
+  - host: "weyma-s3.infra.dubyatp.xyz"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: rook-ceph-rgw-weyma-s3
+            port: 
+              number: 80
+        
+  - host: "*.weyma-s3.infra.dubyatp.xyz"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: rook-ceph-rgw-weyma-s3
+            port: 
+              number: 80
+  tls:
+    - secretName: cert-dubyatp-xyz
+      hosts:
+       - weyma-s3.infra.dubyatp.xyz
+       - "*.weyma-s3.infra.dubyatp.xyz"