From a21e4ac9876b9b6e0ca67569634eac104178365a Mon Sep 17 00:00:00 2001
From: Steven Polley <himself@stevenpolley.net>
Date: Sun, 31 Dec 2023 11:26:32 -0700
Subject: [PATCH] Resequence steps and add cert-manager

---
 {05-join-nodes => 03-join-nodes}/README.md    |  2 +-
 .../README.md                                 |  2 +-
 .../README.md                                 |  7 ++++--
 .../values.yaml                               |  0
 06-cert-manager/README.md                     | 18 +++++++++++++++
 06-cert-manager/lets-encrypt-issuer.yaml      | 23 +++++++++++++++++++
 6 files changed, 48 insertions(+), 4 deletions(-)
 rename {05-join-nodes => 03-join-nodes}/README.md (93%)
 rename {03-nfs-subdir-provisioner => 04-nfs-subdir-provisioner}/README.md (95%)
 rename {04-ingress-controller-nginx => 05-ingress-controller-nginx}/README.md (84%)
 rename {04-ingress-controller-nginx => 05-ingress-controller-nginx}/values.yaml (100%)
 create mode 100644 06-cert-manager/README.md
 create mode 100644 06-cert-manager/lets-encrypt-issuer.yaml

diff --git a/05-join-nodes/README.md b/03-join-nodes/README.md
similarity index 93%
rename from 05-join-nodes/README.md
rename to 03-join-nodes/README.md
index e217901..5b4fc6d 100644
--- a/05-join-nodes/README.md
+++ b/03-join-nodes/README.md
@@ -1,4 +1,4 @@
-# 05 | Join Additional Controller and Worker Nodes
+# 03 | Join Additional Controller and Worker Nodes
 
 At this point, other nodes can be joined to the cluster.  From a control node, you can get the join command by doing the following.
 
diff --git a/03-nfs-subdir-provisioner/README.md b/04-nfs-subdir-provisioner/README.md
similarity index 95%
rename from 03-nfs-subdir-provisioner/README.md
rename to 04-nfs-subdir-provisioner/README.md
index a51b592..aeb045e 100644
--- a/03-nfs-subdir-provisioner/README.md
+++ b/04-nfs-subdir-provisioner/README.md
@@ -1,4 +1,4 @@
-# 03 | Dynamic Volume Provisiong to NFS Subdirectory
+# 04 | Dynamic Volume Provisiong to NFS Subdirectory
 
 [https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner)
 
diff --git a/04-ingress-controller-nginx/README.md b/05-ingress-controller-nginx/README.md
similarity index 84%
rename from 04-ingress-controller-nginx/README.md
rename to 05-ingress-controller-nginx/README.md
index 7d1a5ed..9d77c35 100644
--- a/04-ingress-controller-nginx/README.md
+++ b/05-ingress-controller-nginx/README.md
@@ -1,8 +1,11 @@
-# 04 | Ingress Controller = NGINX
+# 05 | Ingress Controller = NGINX
 
 [https://kubernetes.github.io/ingress-nginx/](https://kubernetes.github.io/ingress-nginx/)
+
 [https://github.com/kubernetes/ingress-nginx](https://github.com/kubernetes/ingress-nginx)
 
+The ingress controller provides external access to services in the cluster by acting as a reverse proxy.  In this case, I've selected nginx which is simple to configure, and very fast.  It does not have as many fancy features as some other options though.  
+
 ```bash
 helm upgrade --install ingress-nginx ingress-nginx   --repo https://kubernetes.github.io/ingress-nginx   --namespace ingress-nginx --create-namespace -f values.yaml
 
@@ -28,7 +31,7 @@ spec:
             name: mandelmapper
             port:
               number: 6161
-
+---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
diff --git a/04-ingress-controller-nginx/values.yaml b/05-ingress-controller-nginx/values.yaml
similarity index 100%
rename from 04-ingress-controller-nginx/values.yaml
rename to 05-ingress-controller-nginx/values.yaml
diff --git a/06-cert-manager/README.md b/06-cert-manager/README.md
new file mode 100644
index 0000000..2163e10
--- /dev/null
+++ b/06-cert-manager/README.md
@@ -0,0 +1,18 @@
+# 06 | Cert Manager
+
+https://cert-manager.io/docs/installation/kubectl/
+
+Install cert-manager - check for latest version.
+
+```yaml
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml
+```
+
+After cert manager is installed, create the Let's Encrypt issuer:
+
+```yaml
+
+# Be sure to edit the file and set the production URL if not a test cluster
+kubectl apply -f lets-encrypt-issuer.yaml
+```
+
diff --git a/06-cert-manager/lets-encrypt-issuer.yaml b/06-cert-manager/lets-encrypt-issuer.yaml
new file mode 100644
index 0000000..323a0c8
--- /dev/null
+++ b/06-cert-manager/lets-encrypt-issuer.yaml
@@ -0,0 +1,23 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt
+  namespace: default
+spec:
+  acme:
+    # The ACME server URL
+    # production is https://acme-v02.api.letsencrypt.org/directory
+    # stagiong is https://acme-staging-v02.api.letsencrypt.org/directory
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: himself@stevenpolley.net
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    # An empty 'selector' means that this solver matches all domains
+    - selector: {}
+      http01:
+        ingress:
+          ingressClassName: nginx
\ No newline at end of file