Skip to content

Commit

Permalink
Added Letsencrypt SSL Configuration & Update notes step deployment
Browse files Browse the repository at this point in the history
  • Loading branch information
@zeroc0d3
zeroc0d3 committed Nov 3, 2021
1 parent 77457ca commit 49c4936
Show file tree
Hide file tree
Showing 7 changed files with 116 additions and 12 deletions.
17 changes: 17 additions & 0 deletions Changelog.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,20 @@
- Added Laravel Container
- Added HelmChart NGINX
- Added HelmChart Laravel

## Version 0.2.1

- Update laravel blade welcome template & docker-compose configuration
- Added cheatsheet maintenance database
- Added ignore files & folders

## Version 0.2.2

- Refactoring helm template for secret & secret-prod
- Update docker-compose configuration for added Adminer (Database Administrator) tools
- Update docker ignore files

## Version 0.2.3

- Added Letsencrypt SSL configuration
- Update notes Step Deployment
73 changes: 72 additions & 1 deletion helm/templates/laravel/Deploy.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,75 @@
- Helm Upgrade
```
helm upgrade laravel-kubernetes -f values.yaml -f helm/secrets-prod.yaml stable/lamp -n laravel-app
```
```

- Install NGINX-Ingress
```
helm install nginx-ingress stable/nginx-ingress --set controller.publishService.enabled=true -n laravel-app
```

- Apply Cert Manager
```
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.crds.yaml
```

- Create Namespace for Cert Manager
```
kubectl create namespace cert-manager
```

- Install Cert Manager
```
helm repo add jetstack https://charts.jetstack.io
helm install cert-manager --version v1.6.1 --namespace cert-manager jetstack/cert-manager
```

- Apply Ingress & SSL
```
kubectl apply -f ingress.yaml -n laravel-app
kubectl apply -f production_issuer.yaml -n laravel-app
```

- Validate Nginx Ingress Controller
```
kubectl get service nginx-ingress-controller -n laravel-app
---
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress-controller LoadBalancer 10.100.146.218 a60fec***3296.ap-southeast-1.elb.amazonaws.com 80:31932/TCP,443:31919/TCP 38m
```

- Check Pods
```
kubectl get pods -n laravel-app
NAME READY STATUS RESTARTS AGE
cm-acme-http-solver-q28bv 1/1 Running 0 16m
laravel-kubernetes-lamp-5896f8c99c-vszgr 2/2 Running 0 3h25m
mariadb-0 1/1 Running 0 17h
nginx-ingress-controller-6d998555d4-8tmb8 1/1 Running 0 41m
nginx-ingress-default-backend-c5449fb44-wpx9r 1/1 Running 0 41m
```

- Migrate Database
```
kubectl exec laravel-kubernetes-lamp-5896f8c99c-vszgr -n laravel-app -- php artisan migrate --force
---
Defaulted container "httpdphp" out of: httpdphp, mysql, init-chown-mysql (init)
Migration table created successfully.
Migrating: 2014_10_12_000000_create_users_table
Migrated: 2014_10_12_000000_create_users_table (24.40ms)
Migrating: 2014_10_12_100000_create_password_resets_table
Migrated: 2014_10_12_100000_create_password_resets_table (22.69ms)
Migrating: 2019_08_19_000000_create_failed_jobs_table
Migrated: 2019_08_19_000000_create_failed_jobs_table (17.95ms)
Migrating: 2019_12_14_000001_create_personal_access_tokens_table
Migrated: 2019_12_14_000001_create_personal_access_tokens_table (28.77ms)
```

- Setup SSL for Doamin In Route53:
```
+-------------------------------+-------+----------------+----------------+----------------------------------------------------------+
| Record Name | Type | Routing Policy | Differentiator | Value/Route traffic to |
+-------------------------------+-------+----------------+----------------+----------------------------------------------------------+
| devopscorner.online | A | Simple | - | dualstack.a60fec***3296.ap-southeast-1.elb.amazonaws.com |
| develop.devopscorner.online | A | Simple | - | dualstack.a60fec***3296.ap-southeast-1.elb.amazonaws.com |
+-------------------------------+-------+----------------+----------------+----------------------------------------------------------+
9 changes: 8 additions & 1 deletion helm/templates/laravel/ingress.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: networking.k8s.io/v1
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: laravel-kubernetes-ingress
Expand All @@ -8,9 +8,16 @@ metadata:
spec:
tls:
- hosts:
- devopscorner.online
- develop.devopscorner.online
secretName: laravel-kubernetes-tls
rules:
- host: devopscorner.online
http:
paths:
- backend:
serviceName: laravel-kubernetes-lamp
servicePort: 80
- host: develop.devopscorner.online
http:
paths:
Expand Down
17 changes: 17 additions & 0 deletions helm/templates/laravel/production_issuer.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# Email address used for ACME registration
email: YOUR_EMAIL_ADDRESS
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Name of a secret used to store the ACME account private key
name: letsencrypt-prod-private-key
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress:
class: nginx
2 changes: 1 addition & 1 deletion helm/templates/laravel/values-domain-https.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ ingress:
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/tags: Department=DEVOPS,Environment=DEV,Service=ALB,DepartmentGroup=DEV-DEVOPS,ResourceGroup=PROD-ALB-DEVOPSCORNER,Name=ALB-DEVOPSCORNER-EKS-1.19
domain: "develop.devopscorner.online"
domain: "devopscorner.online"
rules:
- path: /
backend:
Expand Down
2 changes: 1 addition & 1 deletion helm/templates/laravel/values-domain.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,4 @@ nodeSelector:

ingress:
enabled: true
domain: develop.devopscorner.online
domain: devopscorner.online
8 changes: 0 additions & 8 deletions helm/templates/laravel/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,3 @@ nodeSelector:
enabled: true
select:
node: "laravel"

ingress:
enabled: false
annotations: {}
hosts:
- host: ""
paths: []
tls: []

0 comments on commit 49c4936

Please sign in to comment.