From 78a8e1a4b024f9106554a8337a9f9f8a14b9f18b Mon Sep 17 00:00:00 2001
From: Danny Grove <danny@drgrovellc.com>
Date: Thu, 22 Apr 2021 09:11:41 -0700
Subject: [PATCH] openpgp-ca: Initial Commit

---
 openpgp-ca/add-domain-deployment.patch.yaml | 12 +++++++++
 openpgp-ca/ingress.yaml                     | 27 +++++++++++++++++++++
 openpgp-ca/kustomization.yaml               | 13 ++++++++++
 3 files changed, 52 insertions(+)
 create mode 100644 openpgp-ca/add-domain-deployment.patch.yaml
 create mode 100644 openpgp-ca/ingress.yaml
 create mode 100644 openpgp-ca/kustomization.yaml

diff --git a/openpgp-ca/add-domain-deployment.patch.yaml b/openpgp-ca/add-domain-deployment.patch.yaml
new file mode 100644
index 00000000..1e7504b6
--- /dev/null
+++ b/openpgp-ca/add-domain-deployment.patch.yaml
@@ -0,0 +1,12 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: openpgp-ca
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: init
+          env:
+            - name: DOMAIN
+              value: "hashbang.sh"
diff --git a/openpgp-ca/ingress.yaml b/openpgp-ca/ingress.yaml
new file mode 100644
index 00000000..32bfcbf9
--- /dev/null
+++ b/openpgp-ca/ingress.yaml
@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: openpgp-ca
+  labels:
+    app.kubernetes.io/name: openpgp-ca
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+    nginx.ingress.kubernetes.io/auth-tls-secret: "mtls/mtls-certs"
+    nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
+    nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "false"
+spec:
+  tls:
+    - hosts:
+      - openpgp-ca.hashbang.sh
+      secretName: opepgp-ca-tls
+  rules:
+    - host: openpgp-ca.hashbang.sh
+      http:
+        paths:
+          - path: "/"
+            pathType: Prefix
+            backend:
+              serviceName: openpgp-ca
+              servicePort: http
diff --git a/openpgp-ca/kustomization.yaml b/openpgp-ca/kustomization.yaml
new file mode 100644
index 00000000..996c57f8
--- /dev/null
+++ b/openpgp-ca/kustomization.yaml
@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: openpgp-ca
+resources:
+  - https://gitlab.com/openpgp-ca/openpgp-ca/kustomize/restd/?ref=e0d66ddf4a36d391546c70e73b592c530721260a # 0.10.1
+  - ingress.yaml
+images:
+  - name: registry.gitlab.com/openpgp-ca/openpgp-ca
+    digest: sha256:66782e94aea9fb41ba2b6636aa37617d7d4e9031e363b6a0a1f552b2ee0b804c # 0.10.1
+  - name: registry.gitlab.com/openpgp-ca/openpgp-ca/openpgp-ca-restd
+    digest: sha256:458d8f0f51cf59b3536fc716cdabbf065e2f5b212c64d7e9c43af9bce67143f8  # 0.10.1
+patches:
+  - path: add-domain-deployment.patch.yaml