feat(k8s): Add Google managed TLS certificates r/66

Introduces certificates for tazj.in & www.tazj.in.
author: Vincent Ambo <tazjin@google.com> 2019-08-27T11·43+0100
committer: Vincent Ambo <tazjin@google.com> 2019-08-27T11·43+0100
commit: cae99692de34a9d7600adb2fa7bb88436a332ff6 (patch)
tree: 9bd1aa59faa834ded3f95909838494029335e4ee /infra
parent: 593e96da6077b343b9716d490a17c7c3603cb2fc (diff)
2 files changed, 19 insertions, 0 deletions
diff --git a/infra/kubernetes/https-cert/cert.yaml b/infra/kubernetes/https-cert/cert.yaml
new file mode 100644
index 0000000000..c7a85275ae
--- /dev/null
+++ b/infra/kubernetes/https-cert/cert.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: networking.gke.io/v1beta1
+kind: ManagedCertificate
+metadata:
+  name: {{ .domain | replace "." "-" }}
+spec:
+  domains:
+    - {{ .domain }}
diff --git a/infra/kubernetes/primary-cluster.yaml b/infra/kubernetes/primary-cluster.yaml
index c8a6423e34..f043f92fa8 100644
--- a/infra/kubernetes/primary-cluster.yaml
+++ b/infra/kubernetes/primary-cluster.yaml
@@ -3,6 +3,17 @@
 ---
 context: gke_tazjins-infrastructure_europe-north1_tazjin-cluster
 include:
+  # SSL certificates (provisioned by Google)
+  - name: tazj-in-cert
+    path: https-cert
+    values:
+      domain: tazj.in
+  - name: www-tazj-in-cert
+    path: https-cert
+    values:
+      domain: www.tazj.in
+
+  # Services
   - name: nixery
     values:
       port: 8080
author	Vincent Ambo <tazjin@google.com>	2019-08-27T11·43+0100
committer	Vincent Ambo <tazjin@google.com>	2019-08-27T11·43+0100
commit	cae99692de34a9d7600adb2fa7bb88436a332ff6 (patch)
tree	9bd1aa59faa834ded3f95909838494029335e4ee /infra
parent	593e96da6077b343b9716d490a17c7c3603cb2fc (diff)