From 46983da4a61b09b0a74d96b5b952ce4c2534922e Mon Sep 17 00:00:00 2001
From: nzbr <mail@nzbr.de>
Date: Wed, 6 Mar 2024 14:43:31 +0100
Subject: [PATCH] add apiserver ingress

---
 kubernetes/default/apiserver-ingress.jsonnet  | 37 +++++++++++++++++++
 .../kube-system/clusterrolebinding.jsonnet    | 20 ++++++++++
 .../kube-system/serviceaccount-secret.jsonnet | 14 +++++++
 kubernetes/kube-system/serviceaccount.jsonnet | 10 +++++
 4 files changed, 81 insertions(+)
 create mode 100644 kubernetes/default/apiserver-ingress.jsonnet
 create mode 100644 kubernetes/kube-system/clusterrolebinding.jsonnet
 create mode 100644 kubernetes/kube-system/serviceaccount-secret.jsonnet
 create mode 100644 kubernetes/kube-system/serviceaccount.jsonnet

diff --git a/kubernetes/default/apiserver-ingress.jsonnet b/kubernetes/default/apiserver-ingress.jsonnet
new file mode 100644
index 0000000..98eff75
--- /dev/null
+++ b/kubernetes/default/apiserver-ingress.jsonnet
@@ -0,0 +1,37 @@
+{
+  apiVersion: 'networking.k8s.io/v1',
+  kind: 'Ingress',
+  metadata: {
+    name: 'kubernetes-api',
+    labels: {
+      "app.kubernetes.io/name": 'kubernetes-api',
+    },
+    annotations: {
+      'kubernetes.io/ingress.class': 'nginx',
+      'nginx.ingress.kubernetes.io/backend-protocol': 'HTTPS',
+    },
+  },
+  spec: {
+    rules: [
+      {
+        host: 'k8s.nzbr.de',
+        http: {
+          paths: [
+            {
+              path: '/',
+              pathType: 'Prefix',
+              backend: {
+                service: {
+                  name: 'kubernetes',
+                  port: {
+                    number: 443,
+                  },
+                },
+              },
+            },
+          ],
+        },
+      },
+    ],
+  },
+}
diff --git a/kubernetes/kube-system/clusterrolebinding.jsonnet b/kubernetes/kube-system/clusterrolebinding.jsonnet
new file mode 100644
index 0000000..20e6911
--- /dev/null
+++ b/kubernetes/kube-system/clusterrolebinding.jsonnet
@@ -0,0 +1,20 @@
+{
+  kind: 'ClusterRoleBinding',
+  apiVersion: 'rbac.authorization.k8s.io/v1',
+  metadata: {
+    name: 'admin',
+    labels: {
+      "app.kubernetes.io/name": 'kubernetes-api',
+    },
+  },
+  subjects: [{
+    kind: 'ServiceAccount',
+    name: 'admin',
+    namespace: 'default',
+  }],
+  roleRef: {
+    apiGroup: 'rbac.authorization.k8s.io',
+    kind: 'ClusterRole',
+    name: 'cluster-admin',
+  },
+}
diff --git a/kubernetes/kube-system/serviceaccount-secret.jsonnet b/kubernetes/kube-system/serviceaccount-secret.jsonnet
new file mode 100644
index 0000000..32db372
--- /dev/null
+++ b/kubernetes/kube-system/serviceaccount-secret.jsonnet
@@ -0,0 +1,14 @@
+{
+  apiVersion: 'v1',
+  kind: 'Secret',
+  metadata: {
+    name: 'admin-token',
+    labels: {
+      "app.kubernetes.io/name": 'kubernetes-api',
+    },
+    annotations: {
+      'kubernetes.io/service-account.name': 'admin',
+    },
+  },
+  type: 'kubernetes.io/service-account-token',
+}
diff --git a/kubernetes/kube-system/serviceaccount.jsonnet b/kubernetes/kube-system/serviceaccount.jsonnet
new file mode 100644
index 0000000..1e3bae6
--- /dev/null
+++ b/kubernetes/kube-system/serviceaccount.jsonnet
@@ -0,0 +1,10 @@
+{
+  apiVersion: 'v1',
+  kind: 'ServiceAccount',
+  metadata: {
+    name: 'admin',
+    labels: {
+      "app.kubernetes.io/name": 'kubernetes-api',
+    },
+  },
+}