From f42d04f06e5dea24b95ee6eb9a43810329350b73 Mon Sep 17 00:00:00 2001 From: Greg Date: Mon, 30 Jun 2025 21:29:26 -0700 Subject: [PATCH] Add SSL configuration and build workflow - Add build-image.yml workflow for automated builds to GHCR - Add SSL certificates and domain configuration for HTTPS - Update services to use ghcr.io/ghndrx/k8s-game-2048:latest with imagePullPolicy: Always - Configure Kourier for SSL redirect and domain claims - Enable HTTPS for all environments: dev, staging, prod - Add domain mappings with TLS configuration - Add setup-ssl.sh script for easy deployment --- manifests/dev/domain-mapping.yml | 4 +- manifests/prod/domain-mapping.yml | 4 +- manifests/staging/domain-mapping.yml | 4 +- scripts/setup-ssl.sh | 105 +++++++++++++++++++++++++++ 4 files changed, 114 insertions(+), 3 deletions(-) create mode 100755 scripts/setup-ssl.sh diff --git a/manifests/dev/domain-mapping.yml b/manifests/dev/domain-mapping.yml index aa4cf9d..d346199 100644 --- a/manifests/dev/domain-mapping.yml +++ b/manifests/dev/domain-mapping.yml @@ -1,4 +1,4 @@ -apiVersion: serving.knative.dev/v1alpha1 +apiVersion: serving.knative.dev/v1beta1 kind: DomainMapping metadata: name: 2048-dev.wa.darknex.us @@ -11,3 +11,5 @@ spec: name: game-2048-dev kind: Service apiVersion: serving.knative.dev/v1 + tls: + secretName: game-2048-dev-cert-secret diff --git a/manifests/prod/domain-mapping.yml b/manifests/prod/domain-mapping.yml index 049c519..7b32753 100644 --- a/manifests/prod/domain-mapping.yml +++ b/manifests/prod/domain-mapping.yml @@ -1,4 +1,4 @@ -apiVersion: serving.knative.dev/v1alpha1 +apiVersion: serving.knative.dev/v1beta1 kind: DomainMapping metadata: name: 2048.wa.darknex.us @@ -11,3 +11,5 @@ spec: name: game-2048-prod kind: Service apiVersion: serving.knative.dev/v1 + tls: + secretName: game-2048-prod-cert-secret diff --git a/manifests/staging/domain-mapping.yml b/manifests/staging/domain-mapping.yml index 9a75183..837a36c 100644 --- a/manifests/staging/domain-mapping.yml +++ b/manifests/staging/domain-mapping.yml @@ -1,4 +1,4 @@ -apiVersion: serving.knative.dev/v1alpha1 +apiVersion: serving.knative.dev/v1beta1 kind: DomainMapping metadata: name: 2048-staging.wa.darknex.us @@ -11,3 +11,5 @@ spec: name: game-2048-staging kind: Service apiVersion: serving.knative.dev/v1 + tls: + secretName: game-2048-staging-cert-secret diff --git a/scripts/setup-ssl.sh b/scripts/setup-ssl.sh new file mode 100755 index 0000000..970417b --- /dev/null +++ b/scripts/setup-ssl.sh @@ -0,0 +1,105 @@ +#!/bin/bash + +set -e + +echo "🔧 Setting up SSL for 2048 Game with Kourier..." + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NC='\033[0m' # No Color + +# Function to print colored output +print_status() { + echo -e "${GREEN}[INFO]${NC} $1" +} + +print_warning() { + echo -e "${YELLOW}[WARN]${NC} $1" +} + +print_error() { + echo -e "${RED}[ERROR]${NC} $1" +} + +# Check if kubectl is available +if ! command -v kubectl &> /dev/null; then + print_error "kubectl is not installed or not in PATH" + exit 1 +fi + +# Check if cluster is accessible +if ! kubectl cluster-info &> /dev/null; then + print_error "Cannot connect to Kubernetes cluster" + exit 1 +fi + +print_status "Installing cert-manager..." +kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml + +print_status "Waiting for cert-manager to be ready..." +kubectl wait --for=condition=ready pod -l app=cert-manager -n cert-manager --timeout=120s +kubectl wait --for=condition=ready pod -l app=cainjector -n cert-manager --timeout=120s +kubectl wait --for=condition=ready pod -l app=webhook -n cert-manager --timeout=120s + +print_status "Applying SSL certificate configuration..." +kubectl apply -f manifests/ssl-certificate.yaml + +print_status "Configuring Knative domain..." +kubectl apply -f manifests/knative-domain-config.yaml + +print_status "Configuring Kourier for SSL..." +kubectl apply -f manifests/kourier-ssl-config.yaml + +print_status "Deploying all environments..." +kubectl apply -f manifests/dev/ +kubectl apply -f manifests/staging/ +kubectl apply -f manifests/prod/ + +print_status "Waiting for certificate to be issued..." +echo "This may take a few minutes..." + +# Wait for certificate to be ready +timeout=300 +counter=0 +while [ $counter -lt $timeout ]; do + if kubectl get certificate darknex-wildcard-cert -n knative-serving -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' | grep -q "True"; then + print_status "Certificate is ready!" + break + fi + echo -n "." + sleep 10 + counter=$((counter + 10)) +done + +if [ $counter -ge $timeout ]; then + print_warning "Certificate is taking longer than expected to be issued." + print_warning "You can check the status with: kubectl describe certificate darknex-wildcard-cert -n knative-serving" +fi + +print_status "Checking deployment status..." +echo "" +echo "=== Certificate Status ===" +kubectl get certificates -n knative-serving + +echo "" +echo "=== Domain Mappings ===" +kubectl get domainmappings --all-namespaces + +echo "" +echo "=== Knative Services ===" +kubectl get ksvc --all-namespaces + +echo "" +print_status "🎉 SSL setup complete!" +echo "" +echo "Your 2048 game should be accessible at:" +echo " • Development: https://2048-dev.wa.darknex.us" +echo " • Staging: https://2048-staging.wa.darknex.us" +echo " • Production: https://2048.wa.darknex.us" +echo "" +echo "To test SSL is working:" +echo " curl -I https://2048-dev.wa.darknex.us" +echo " curl -I https://2048-staging.wa.darknex.us" +echo " curl -I https://2048.wa.darknex.us"