Configure https://openinfrastructure.co on core1

This gets everything ready for DNS redirection of the apex and www
domains.

Note, redirect cloudflare in proxy mode using the
[email protected] login to get to the domains.

Encryption is set to full mode and the cert issued is a cluster managed
cert instead of a letsencrypt cert.  This allows cloudflare to manage
the public cert.

Closes: #3

Author: jeffmccune

k8s/certificate-prd.yaml

@@ -0,0 +1,16 @@
+# NOTE: Cloudflare is in front so we use a cluster certificate.
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: openinfrastructure-co-cert
+  namespace: istio-ingress
+spec:
+  secretName: openinfrastructure-co-cert
+  issuerRef:
+    name: cluster-issuer
+    kind: ClusterIssuer
+  commonName: openinfrastructure.co
+  dnsNames:
+    - openinfrastructure.co
+    - www.openinfrastructure.co

k8s/certificate-stg.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ois-run-cert
+  namespace: istio-ingress
+spec:
+  secretName: ois-run-cert
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+  commonName: ois.run
+  dnsNames:
+    - ois.run
+

k8s/deployment.yaml

@@ -3,6 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: website
+  namespace: website
   labels:
     app: website
 spec:

k8s/gateway-prd.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: openinfrastructure-co-gw
+  namespace: istio-ingress
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+  - port:
+      number: 443
+      name: http
+      protocol: HTTPS
+    tls:
+      mode: SIMPLE
+      credentialName: openinfrastructure-co-cert
+    hosts:
+    - openinfrastructure.co
+    - www.openinfrastructure.co

k8s/gateway.yaml renamed to k8s/gateway-stg.yaml

@@ -1,16 +1,3 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: ois-run-cert
-  namespace: istio-ingress
-spec:
-  secretName: ois-run-cert
-  issuerRef:
-    name: letsencrypt
-    kind: ClusterIssuer
-  commonName: ois.run
-  dnsNames:
-    - ois.run
 ---
 apiVersion: networking.istio.io/v1alpha3
 kind: Gateway

k8s/kustomization.yaml

@@ -0,0 +1,10 @@
+resources:
+  - namespace.yaml
+  - deployment.yaml
+  - service.yaml
+  - certificate-prd.yaml
+  - certificate-stg.yaml
+  - gateway-prd.yaml
+  - gateway-stg.yaml
+  - virtual-service-prd.yaml
+  - virtual-service-stg.yaml

k8s/service.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: website
+  namespace: website
 spec:
   selector:
     app: website

k8s/virtual-service-prd.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: openinfrastructure-co-vs
+  namespace: website
+spec:
+  hosts:
+    - openinfrastructure.co
+    - www.openinfrastructure.co
+  gateways:
+    - istio-ingress/openinfrastructure-co-gw
+  http:
+    - route:
+        - destination:
+            host: website

k8s/virtual-service.yaml renamed to k8s/virtual-service-stg.yaml

@@ -3,6 +3,7 @@ apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
   name: ois-run-vs
+  namespace: website
 spec:
   hosts:
     - ois.run