From cae99692de34a9d7600adb2fa7bb88436a332ff6 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <tazjin@google.com>
Date: Tue, 27 Aug 2019 12:43:55 +0100
Subject: feat(k8s): Add Google managed TLS certificates

Introduces certificates for tazj.in & www.tazj.in.
---
 infra/kubernetes/https-cert/cert.yaml |  8 ++++++++
 infra/kubernetes/primary-cluster.yaml | 11 +++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 infra/kubernetes/https-cert/cert.yaml

(limited to 'infra')

diff --git a/infra/kubernetes/https-cert/cert.yaml b/infra/kubernetes/https-cert/cert.yaml
new file mode 100644
index 000000000000..c7a85275ae67
--- /dev/null
+++ b/infra/kubernetes/https-cert/cert.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: networking.gke.io/v1beta1
+kind: ManagedCertificate
+metadata:
+  name: {{ .domain | replace "." "-" }}
+spec:
+  domains:
+    - {{ .domain }}
diff --git a/infra/kubernetes/primary-cluster.yaml b/infra/kubernetes/primary-cluster.yaml
index c8a6423e341c..f043f92fa89b 100644
--- a/infra/kubernetes/primary-cluster.yaml
+++ b/infra/kubernetes/primary-cluster.yaml
@@ -3,6 +3,17 @@
 ---
 context: gke_tazjins-infrastructure_europe-north1_tazjin-cluster
 include:
+  # SSL certificates (provisioned by Google)
+  - name: tazj-in-cert
+    path: https-cert
+    values:
+      domain: tazj.in
+  - name: www-tazj-in-cert
+    path: https-cert
+    values:
+      domain: www.tazj.in
+
+  # Services
   - name: nixery
     values:
       port: 8080
-- 
cgit 1.4.1