ghndrx/k8s-game-2048
1
0
Fork 0
mirror of https://github.com/ghndrx/k8s-game-2048.git synced 2026-02-10 06:45:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add SSL configuration and build workflow

Browse Source 
- Add build-image.yml workflow for automated builds to GHCR
- Add SSL certificates and domain configuration for HTTPS
- Update services to use ghcr.io/ghndrx/k8s-game-2048:latest with imagePullPolicy: Always
- Configure Kourier for SSL redirect and domain claims
- Enable HTTPS for all environments: dev, staging, prod
- Add domain mappings with TLS configuration
- Add setup-ssl.sh script for easy deployment
This commit is contained in:
Greg
2025-06-30 21:29:26 -07:00
parent f818b22575
commit f42d04f06e
4 changed files with 114 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/dev/domain-mapping.yml
View File

@@ -1,4 +1,4 @@
apiVersion: serving.knative.dev/v1alpha1 apiVersion: serving.knative.dev/v1beta1
kind: DomainMapping kind: DomainMapping
metadata: metadata:
name: 2048-dev.wa.darknex.us name: 2048-dev.wa.darknex.us
@@ -11,3 +11,5 @@ spec:
name: game-2048-dev name: game-2048-dev
kind: Service kind: Service
apiVersion: serving.knative.dev/v1 apiVersion: serving.knative.dev/v1
tls:
secretName: game-2048-dev-cert-secret

4
manifests/prod/domain-mapping.yml
View File

@@ -1,4 +1,4 @@
apiVersion: serving.knative.dev/v1alpha1 apiVersion: serving.knative.dev/v1beta1
kind: DomainMapping kind: DomainMapping
metadata: metadata:
name: 2048.wa.darknex.us name: 2048.wa.darknex.us
@@ -11,3 +11,5 @@ spec:
name: game-2048-prod name: game-2048-prod
kind: Service kind: Service
apiVersion: serving.knative.dev/v1 apiVersion: serving.knative.dev/v1
tls:
secretName: game-2048-prod-cert-secret

4
manifests/staging/domain-mapping.yml
View File

@@ -1,4 +1,4 @@
apiVersion: serving.knative.dev/v1alpha1 apiVersion: serving.knative.dev/v1beta1
kind: DomainMapping kind: DomainMapping
metadata: metadata:
name: 2048-staging.wa.darknex.us name: 2048-staging.wa.darknex.us
@@ -11,3 +11,5 @@ spec:
name: game-2048-staging name: game-2048-staging
kind: Service kind: Service
apiVersion: serving.knative.dev/v1 apiVersion: serving.knative.dev/v1
tls:
secretName: game-2048-staging-cert-secret

105
scripts/setup-ssl.sh Executable file
View File

@@ -0,0 +1,105 @@
#!/bin/bash
set -e
echo "🔧 Setting up SSL for 2048 Game with Kourier..."
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Function to print colored output
print_status() {
echo -e "${GREEN}[INFO]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check if kubectl is available
if ! command -v kubectl &> /dev/null; then
print_error "kubectl is not installed or not in PATH"
exit 1
fi
# Check if cluster is accessible
if ! kubectl cluster-info &> /dev/null; then
print_error "Cannot connect to Kubernetes cluster"
exit 1
fi
print_status "Installing cert-manager..."
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml
print_status "Waiting for cert-manager to be ready..."
kubectl wait --for=condition=ready pod -l app=cert-manager -n cert-manager --timeout=120s
kubectl wait --for=condition=ready pod -l app=cainjector -n cert-manager --timeout=120s
kubectl wait --for=condition=ready pod -l app=webhook -n cert-manager --timeout=120s
print_status "Applying SSL certificate configuration..."
kubectl apply -f manifests/ssl-certificate.yaml
print_status "Configuring Knative domain..."
kubectl apply -f manifests/knative-domain-config.yaml
print_status "Configuring Kourier for SSL..."
kubectl apply -f manifests/kourier-ssl-config.yaml
print_status "Deploying all environments..."
kubectl apply -f manifests/dev/
kubectl apply -f manifests/staging/
kubectl apply -f manifests/prod/
print_status "Waiting for certificate to be issued..."
echo "This may take a few minutes..."
# Wait for certificate to be ready
timeout=300
counter=0
while [ $counter -lt $timeout ]; do
if kubectl get certificate darknex-wildcard-cert -n knative-serving -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' | grep -q "True"; then
print_status "Certificate is ready!"
break
fi
echo -n "."
sleep 10
counter=$((counter + 10))
done
if [ $counter -ge $timeout ]; then
print_warning "Certificate is taking longer than expected to be issued."
print_warning "You can check the status with: kubectl describe certificate darknex-wildcard-cert -n knative-serving"
fi
print_status "Checking deployment status..."
echo ""
echo "=== Certificate Status ==="
kubectl get certificates -n knative-serving
echo ""
echo "=== Domain Mappings ==="
kubectl get domainmappings --all-namespaces
echo ""
echo "=== Knative Services ==="
kubectl get ksvc --all-namespaces
echo ""
print_status "🎉 SSL setup complete!"
echo ""
echo "Your 2048 game should be accessible at:"
echo " • Development: https://2048-dev.wa.darknex.us"
echo " • Staging: https://2048-staging.wa.darknex.us"
echo " • Production: https://2048.wa.darknex.us"
echo ""
echo "To test SSL is working:"
echo " curl -I https://2048-dev.wa.darknex.us"
echo " curl -I https://2048-staging.wa.darknex.us"
echo " curl -I https://2048.wa.darknex.us"