I left the domains hard-coded for the redirects in our NGINX config,
which was breaking authentication for versions of the site that don't
use that domain. This updates the config to use the domains supplied via
environment variable.
FlexVol requires that you specify certificates as secrets in order to get both the certificate and private key in the appropriate format for nginx to consume. Additionally, flexvol shouldn't interfer with other secrets mounted in it's host directory.
This adds additional SSL/TLS config to specify the acceptable TLS
version, cipher suites, session cache, etc. Values are currently based
on the Mozilla Foundation's recommendations for intermediate
compatibility:
https://wiki.mozilla.org/Security/Server_Side_TLS
We will manage NGINX configuration snippets as a K8s ConfigMap so that
they can be included in server blocks as-needed.
This configures the NGINX container to log in JSON. It also updates the
K8s config so that we mount all of the key/value pairs available in the
atst-nginx ConfigMap as files in "/etc/nginx/conf.d" inside the
container. This simplifies the config a little.
This is not the certificate setup we will use in production. I'd like to
merge this configuration as a reference point because this is the
easiest way to handle manual LetsEncrypt verification within the
cluster.
This allows NGINX to serve static files over HTTP from the
".well-known/acme-challenge" directory, which is necessary for certbot
validation of domain ownership.
Adds a [kustomize](https://github.com/kubernetes-sigs/kustomize) overlay
for a new staging environment. Additionally, adds environment variables
in the place of certain pieces of information that need to be templated.
The K8s README ("deploy/README.md") has been updated to reflect the new
method for applying config.
This commit also removes the configuration for the AWS cluster and
references to AWS in the README.
