From e60f3feb2e73faec77d1c7973afb5606ccd0ad52 Mon Sep 17 00:00:00 2001 From: Fabrice Date: Fri, 26 Jan 2024 10:38:08 -0500 Subject: [PATCH] updates --- .github/workflows/ci-registry-avatar.yml | 5 +- .../citizen-registry/kubernetes/README.md | 35 ++++++--- .../registry-avatar/k8s/main/deployment.yml | 78 +++++++++---------- .../registry-avatar/k8s/main/ingress-ds.yml | 2 +- .../registry-gaia/k8s/main/deployment.yml | 69 ++++++++-------- .../registry-gaia/k8s/main/ingress-ds.yml | 2 +- 6 files changed, 101 insertions(+), 90 deletions(-) diff --git a/.github/workflows/ci-registry-avatar.yml b/.github/workflows/ci-registry-avatar.yml index bd22c35..8b3eefd 100644 --- a/.github/workflows/ci-registry-avatar.yml +++ b/.github/workflows/ci-registry-avatar.yml @@ -18,7 +18,6 @@ on: env: DH_USERNAME: ${{ secrets.DOCKER_HUB_LOGIN }} DH_TOKEN: ${{ secrets.DOCKER_HUB_PWD }} - IMAGE_TAG: ${GITHUB_REF##*/} IMAGE_NAME: "2060-demos-avatar-front" jobs: build: @@ -32,5 +31,5 @@ jobs: cd containers/citizen-registry/kubernetes/registry-avatar/ docker login -u $DH_USERNAME -p $DH_TOKEN echo "Build and push 2060-demos-avatar-front image for docker hub..." - docker build -f Dockerfile -t $IMAGE_NAME:$IMAGE_TAG . - docker push $IMAGE_NAME:$IMAGE_TAG + docker build -f Dockerfile -t $DH_USERNAME/$IMAGE_NAME:${GITHUB_REF##*/} . + docker push $DH_USERNAME/$IMAGE_NAME:${GITHUB_REF##*/} \ No newline at end of file diff --git a/containers/citizen-registry/kubernetes/README.md b/containers/citizen-registry/kubernetes/README.md index 84ffc1a..a6ada5b 100644 --- a/containers/citizen-registry/kubernetes/README.md +++ b/containers/citizen-registry/kubernetes/README.md @@ -7,20 +7,31 @@ In the [citizen-registry demos](../README.md), we provided demos based on the citizen-registry service. In this document, we will learn how to deploy the same demos services in a Kubernetes cluster. -The demo deployment descriptors are these 2 directories: [registry-gaia](registry-gaia) and [registry-avatar](registry-avatar). Let's the [registry-avatar](registry-avatar). +These 2 directories [registry-gaia](registry-gaia) and [registry-avatar](registry-avatar) contains: -``` -$ docker login -u io2060 -p $DOCKER_HUB_TOKEN -$ docker build -f Dockerfile -t $IMAGE_DH:$IMAGE_TAG . -$ docker push $IMAGE_DH:$IMAGE_TAG +- a Dockerfile to build a simple nginx-based image to expose a simple front-end, including the service's icon. See [github workflows](/.github/workflows) for build info. +- a k8s directory with kubernetes deployment files we are using for deploying the demos. To deploy the demos, you need a configured nginx ingress on your cluster. Our demos are deployed in ovh.com, but should work out of the box anywhere. + +Just clone one of these directories, customize it and you're done! + +## Customize configuration + +All files in k8s directory should be customized. + +### 2060-service-agent container -``` +## Deploy ``` -$ kubectl --kubeconfig=~/.kube/config apply -f /builds/${CI_PROJECT_PATH}/k8s/main/namespace.yml -$ kubectl --kubeconfig=~/.kube//config apply -f /builds/${CI_PROJECT_PATH}/k8s/main/deployment.yml -$ kubectl --kubeconfig=~/.kube//config apply -f /builds/${CI_PROJECT_PATH}/k8s/main/service.yml -$ kubectl --kubeconfig=~/.kube//config apply -f /builds/${CI_PROJECT_PATH}/k8s/main/ingress-ds.yml -$ kubectl --kubeconfig=~/.kube//config apply -f /builds/${CI_PROJECT_PATH}/k8s/main/ingress-public.yml -``` \ No newline at end of file +$ kubectl --kubeconfig=~/.kube/config apply -f k8s/namespace.yml +$ kubectl --kubeconfig=~/.kube/config apply -f k8s/deployment.yml +$ kubectl --kubeconfig=~/.kube/config apply -f k8s/service.yml +$ kubectl --kubeconfig=~/.kube/config apply -f k8s/ingress-ds.yml +$ kubectl --kubeconfig=~/.kube/config apply -f k8s/ingress-public.yml +``` + + + + + diff --git a/containers/citizen-registry/kubernetes/registry-avatar/k8s/main/deployment.yml b/containers/citizen-registry/kubernetes/registry-avatar/k8s/main/deployment.yml index e59dc23..3742d84 100644 --- a/containers/citizen-registry/kubernetes/registry-avatar/k8s/main/deployment.yml +++ b/containers/citizen-registry/kubernetes/registry-avatar/k8s/main/deployment.yml @@ -28,17 +28,17 @@ spec: image: io2060/2060-service-agent:main imagePullPolicy: Always env: - - name: AGENT_ENDPOINT + - name: AGENT_ENDPOINT # Service endpoint where Wallet will connect. Must accept upgraded https connections. value: "wss://avatar.demos.m.2060.io:443" - - name: AGENT_NAME + - name: AGENT_NAME # Name of the Service, as shown in user's Wallet value: "AvatarID" - - name: AGENT_INVITATION_IMAGE_URL + - name: AGENT_INVITATION_IMAGE_URL # The icon (avatar) of the service. Here, we put the icon in the front-end container value: "https://i.avatar.demos.m.2060.io/avatar.jpg" - - name: EVENTS_BASE_URL + - name: EVENTS_BASE_URL # Url of the backend that will receive messages, events, etc value: "http://localhost:2903" - - name: AGENT_PUBLIC_DID + - name: AGENT_PUBLIC_DID # DID of the service. **Must** be same domain than service endpoint value: "did:web:avatar.demos.m.2060.io" - - name: ANONCREDS_SERVICE_BASE_URL + - name: ANONCREDS_SERVICE_BASE_URL # Base URL of the anoncreds service. **Must** be same domain than service endpoint value: "https://avatar.demos.m.2060.io" volumeMounts: - name: avatar-sa-pv-main @@ -50,71 +50,69 @@ spec: image: io2060/2060-demos-citizen-registry:main imagePullPolicy: Always env: - - name: SERVICE_AGENT_ADMIN_BASE_URL - value: "http://localhost:3000" - - name: PUBLIC_BASE_URL - value: "https://avatar.demos.m.2060.io" - - name: PNVS_SERVICE_AGENT_ADMIN_BASE_URL - value: "https://a.avatar.demos.m.2060.io" - name: DEBUG value: "1" - - name: QUARKUS_HTTP_PORT + - name: QUARKUS_HTTP_PORT # Port of the backend value: "2903" - - name: IO_GAIAID_VISION_REDIRDOMAIN + - name: IO_GAIAID_VISION_REDIRDOMAIN # Redirection base domain for the vision service. Used to send face capture/verification result to backend, and to access datastore container value: "avatar.demos.m.2060.io" - - name: IO_TWENTYSIXTY_SA_RES_C_MESSAGERESOURCE_MP_REST_URL + - name: IO_TWENTYSIXTY_SA_RES_C_MESSAGERESOURCE_MP_REST_URL # Local endpoint of the service-agent, for the backend to send messages, credentials,... value: "http://localhost:3000" - - name: IO_TWENTYSIXTY_SA_RES_C_CREDENTIALTYPERESOURCE_MP_REST_URL + - name: IO_TWENTYSIXTY_SA_RES_C_CREDENTIALTYPERESOURCE_MP_REST_URL # Local endpoint of the service-agent, for the credential type querying value: "http://localhost:3000" - - name: IO_GAIAID_REGISTRY_RES_C_MEDIARESOURCE_MP_REST_URL + - name: IO_GAIAID_REGISTRY_RES_C_MEDIARESOURCE_MP_REST_URL # Local endpoint of the datastore container, used to store user's data value: "http://localhost:2904" - - name: QUARKUS_SWAGGER_UI_ALWAYS_INCLUDE + - name: QUARKUS_SWAGGER_UI_ALWAYS_INCLUDE # If you want to export the swagger-ui value: "1" - name: QUARKUS_DATASOURCE_PASSWORD value: "2060demo" - name: QUARKUS_ARTEMIS_PASSWORD value: "Quar2060enbPi26" - - name: IO_GAIAID_VISION_FACE_CAPTURE_URL + - name: IO_GAIAID_VISION_FACE_CAPTURE_URL # Redir URL for sending user to vision service for face capture value: "https://m.vision.2060.io/face/capture/?token=TOKEN" - name: IO_GAIAID_VISION_FACE_VERIFICATION_URL - value: "https://m.vision.2060.io/face/verification/?token=TOKEN" - - name: IO_GAIAID_IDENTITY_DEF_NAME + value: "https://m.vision.2060.io/face/verification/?token=TOKEN" # Redir URL for sending user to vision service for face verification + - name: IO_GAIAID_IDENTITY_DEF_NAME # Name of credential value: "AvatarID" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_CITIZENID + # Identity creation: if you do not set one of the attributes with "unique constraint", + # then the unique constraint will be the combination of all attributes and + # all attributes will be needed for restoration + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_CITIZENID # Does credential include a CitizenID? (unique constraint) value: "0" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_FIRSTNAME + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_FIRSTNAME # Does credential include a firstname? value: "0" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_LASTNAME + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_LASTNAME # Does credential include a lastname? value: "0" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_AVATARNAME + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_AVATARNAME # Does credential include an avatarname? (unique constraint) value: "1" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_AVATARPIC + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_AVATARPIC # Does credential include an avatar picture? value: "1" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_AVATARPIC_MAXDIMENSION + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_AVATARPIC_MAXDIMENSION # maxdim of avatar picture value: "320" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_BIRTHDATE + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_BIRTHDATE # Does credential include a birthdate? value: "0" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_BIRTHPLACE + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_BIRTHPLACE # Does credential include a birthplace? value: "0" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_PHOTO + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_PHOTO # Does credential include a photo? value: "0" - - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_CITIZENID + # Restoration: you should only put a combination that will ensure a unique result. + - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_CITIZENID # Will the service prompt user for a CitizenID when restoring an Identity? value: "0" - - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_FIRSTNAME + - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_FIRSTNAME # Will the service prompt user for a firstname when restoring an Identity? value: "0" - - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_LASTNAME + - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_LASTNAME # Will the service prompt user for a lastname when restoring an Identity? value: "0" - - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_AVATARNAME + - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_AVATARNAME # Will the service prompt user for an avatarname when restoring an Identity? value: "1" - - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_BIRTHDATE + - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_BIRTHDATE # Will the service prompt user for a birthdate when restoring an Identity? value: "0" - - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_BIRTHPLACE + - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_BIRTHPLACE # Will the service prompt user for a birthplace when restoring an Identity? value: "0" - - name: IO_GAIAID_LANGUAGE + - name: IO_GAIAID_LANGUAGE # Language of the bot. Supported: en, es, fr. If you need more languages, contribute! value: "en" - - name: IO_GAIAID_MESSAGES_WELCOME + - name: IO_GAIAID_MESSAGES_WELCOME # Welcome message. Also available WELCOME2, WELCOME3 value: "Welcome to AvatarID! Use the contextual menu to get started." - - name: IO_GAIAID_MESSAGES_ROOTMENU_TITLE + - name: IO_GAIAID_MESSAGES_ROOTMENU_TITLE # Title of contextual menu value: "AvatarID" - name: IO_GAIAID_JMS_MO_QUEUE_NAME value: "avatar-mo" @@ -136,7 +134,7 @@ spec: value: "/home/data/tmp" - name: IO_TWENTYSIXTY_DATASTORE_TMP_LIFETIMEDAYS value: "5" - - name: IO_TWENTYSIXTY_DATASTORE_REPO_LIFETIMEDAYS + - name: IO_TWENTYSIXTY_DATASTORE_REPO_LIFETIMEDAYS # Make sure not to delete user data value: "43800" - name: IO_TWENTYSIXTY_DATASTORE_REPO_FS_DIR value: "/home/data/repo" diff --git a/containers/citizen-registry/kubernetes/registry-avatar/k8s/main/ingress-ds.yml b/containers/citizen-registry/kubernetes/registry-avatar/k8s/main/ingress-ds.yml index a084e28..b5c94a1 100644 --- a/containers/citizen-registry/kubernetes/registry-avatar/k8s/main/ingress-ds.yml +++ b/containers/citizen-registry/kubernetes/registry-avatar/k8s/main/ingress-ds.yml @@ -5,7 +5,7 @@ metadata: namespace: demos-main annotations: cert-manager.io/cluster-issuer: letsencrypt-prod - nginx.ingress.kubernetes.io/whitelist-source-range: "51.79.89.27/32" + nginx.ingress.kubernetes.io/whitelist-source-range: "51.79.89.27/32" # only m.vision.2060.io can access backend and datastore spec: ingressClassName: nginx tls: diff --git a/containers/citizen-registry/kubernetes/registry-gaia/k8s/main/deployment.yml b/containers/citizen-registry/kubernetes/registry-gaia/k8s/main/deployment.yml index 242d923..ed5b4e3 100644 --- a/containers/citizen-registry/kubernetes/registry-gaia/k8s/main/deployment.yml +++ b/containers/citizen-registry/kubernetes/registry-gaia/k8s/main/deployment.yml @@ -28,17 +28,17 @@ spec: image: io2060/2060-service-agent:main imagePullPolicy: Always env: - - name: AGENT_ENDPOINT + - name: AGENT_ENDPOINT # Service endpoint where Wallet will connect. Must accept upgraded https connections. value: "wss://gaia.demos.m.2060.io:443" - - name: AGENT_NAME + - name: AGENT_NAME # Name of the Service, as shown in user's Wallet value: "GaiaID Citizen Registry" - - name: AGENT_INVITATION_IMAGE_URL + - name: AGENT_INVITATION_IMAGE_URL # The icon (avatar) of the service. Here, we put the icon in the front-end container value: "https://i.gaia.demos.m.2060.io/avatar.png" - - name: EVENTS_BASE_URL + - name: EVENTS_BASE_URL # Url of the backend that will receive messages, events, etc value: "http://localhost:2903" - - name: AGENT_PUBLIC_DID + - name: AGENT_PUBLIC_DID # DID of the service. **Must** be same domain than service endpoint value: "did:web:gaia.demos.m.2060.io" - - name: ANONCREDS_SERVICE_BASE_URL + - name: ANONCREDS_SERVICE_BASE_URL # Base URL of the anoncreds service. **Must** be same domain than service endpoint value: "https://gaia.demos.m.2060.io" volumeMounts: - name: gaia-sa-pv-main @@ -58,63 +58,66 @@ spec: value: "https://a.gaia.demos.m.2060.io" - name: DEBUG value: "1" - - name: QUARKUS_HTTP_PORT + - name: QUARKUS_HTTP_PORT # Port of the backend value: "2903" - - name: IO_GAIAID_VISION_REDIRDOMAIN + - name: IO_GAIAID_VISION_REDIRDOMAIN # Redirection base domain for the vision service. Used to send face capture/verification result to backend, and to access datastore container value: "gaia.demos.m.2060.io" - - name: IO_TWENTYSIXTY_SA_RES_C_MESSAGERESOURCE_MP_REST_URL + - name: IO_TWENTYSIXTY_SA_RES_C_MESSAGERESOURCE_MP_REST_URL # Local endpoint of the service-agent, for the backend to send messages, credentials,... value: "http://localhost:3000" - - name: IO_TWENTYSIXTY_SA_RES_C_CREDENTIALTYPERESOURCE_MP_REST_URL + - name: IO_TWENTYSIXTY_SA_RES_C_CREDENTIALTYPERESOURCE_MP_REST_URL # Local endpoint of the service-agent, for the credential type querying value: "http://localhost:3000" - - name: IO_GAIAID_REGISTRY_RES_C_MEDIARESOURCE_MP_REST_URL + - name: IO_GAIAID_REGISTRY_RES_C_MEDIARESOURCE_MP_REST_URL # Local endpoint of the datastore container, used to store user's data value: "http://localhost:2904" - - name: QUARKUS_SWAGGER_UI_ALWAYS_INCLUDE + - name: QUARKUS_SWAGGER_UI_ALWAYS_INCLUDE # If you want to export the swagger-ui value: "1" - - name: IO_GAIAID_VISION_FACE_CAPTURE_URL + - name: IO_GAIAID_VISION_FACE_CAPTURE_URL # Redir URL for sending user to vision service for face capture value: "https://m.vision.2060.io/face/capture/?token=TOKEN" - name: IO_GAIAID_VISION_FACE_VERIFICATION_URL value: "https://m.vision.2060.io/face/verification/?token=TOKEN" - - name: IO_GAIAID_IDENTITY_DEF_NAME + - name: IO_GAIAID_IDENTITY_DEF_NAME # Name of credential value: "Identity Card" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_CITIZENID + # Identity creation: if you do not set one of the attributes with "unique constraint", + # then the unique constraint will be the combination of all attributes and + # all attributes will be needed for restoration + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_CITIZENID # Does credential include a CitizenID? (unique constraint) value: "0" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_FIRSTNAME + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_FIRSTNAME # Does credential include a firstname? value: "1" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_LASTNAME + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_LASTNAME # Does credential include a lastname? value: "1" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_AVATARNAME + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_AVATARNAME # Does credential include an avatarname? (unique constraint) value: "0" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_AVATARPIC + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_AVATARPIC # Does credential include an avatar picture? value: "0" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_AVATARPIC_MAXDIMENSION + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_AVATARPIC_MAXDIMENSION # maxdim of avatar picture value: "640" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_BIRTHDATE + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_BIRTHDATE # Does credential include a birthdate? value: "1" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_BIRTHPLACE + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_BIRTHPLACE # Does credential include a birthplace? value: "0" - - name: IO_GAIAID_IDENTITY_DEF_CLAIM_PHOTO + - name: IO_GAIAID_IDENTITY_DEF_CLAIM_PHOTO # Does credential include a photo? value: "1" - - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_CITIZENID + - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_CITIZENID # Will the service prompt user for a CitizenID when restoring an Identity? value: "0" - - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_FIRSTNAME + - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_FIRSTNAME # Will the service prompt user for a firstname when restoring an Identity? value: "1" - - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_LASTNAME + - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_LASTNAME # Will the service prompt user for a lastname when restoring an Identity? value: "1" - - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_AVATARNAME + - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_AVATARNAME # Will the service prompt user for an avatarname when restoring an Identity? value: "0" - - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_BIRTHDATE + - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_BIRTHDATE # Will the service prompt user for a birthdate when restoring an Identity? value: "1" - - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_BIRTHPLACE + - name: IO_GAIAID_IDENTITY_RESTORE_CLAIM_BIRTHPLACE # Will the service prompt user for a birthplace when restoring an Identity? value: "0" - - name: IO_GAIAID_LANGUAGE + - name: IO_GAIAID_LANGUAGE # Language of the bot. Supported: en, es, fr. If you need more languages, contribute! value: "en" - - name: IO_GAIAID_MESSAGES_WELCOME + - name: IO_GAIAID_MESSAGES_WELCOME # Welcome message. Also available WELCOME2, WELCOME3 value: "🌎 Welcome to GaiaID! The place where you can create your Identity, protect it with your biometrics, and easily restore it if you loose your handset." - name: IO_GAIAID_MESSAGES_WELCOME2 value: "This conversational service is provided as a demo service, no guarantee is made regarding uptime and/or data persistence. You can easily delete data of a created Identity by selecting the \"Delete Identity\" option in the contextual menu. Data is removed from our demo server 24h after Identity deletion." - name: IO_GAIAID_MESSAGES_WELCOME3 value: "To get started, use the contextual menu above ↗️, and Create or Restore an Identity." - - name: IO_GAIAID_MESSAGES_ROOTMENU_TITLE + - name: IO_GAIAID_MESSAGES_ROOTMENU_TITLE # Title of contextual menu value: "GaiaID Citizen Registry" - name: IO_GAIAID_JMS_MO_QUEUE_NAME value: "gaiaid-mo" @@ -136,7 +139,7 @@ spec: value: "/home/data/tmp" - name: IO_TWENTYSIXTY_DATASTORE_TMP_LIFETIMEDAYS value: "5" - - name: IO_TWENTYSIXTY_DATASTORE_REPO_LIFETIMEDAYS + - name: IO_TWENTYSIXTY_DATASTORE_REPO_LIFETIMEDAYS # Make sure not to delete user data value: "43800" - name: IO_TWENTYSIXTY_DATASTORE_REPO_FS_DIR value: "/home/data/repo" diff --git a/containers/citizen-registry/kubernetes/registry-gaia/k8s/main/ingress-ds.yml b/containers/citizen-registry/kubernetes/registry-gaia/k8s/main/ingress-ds.yml index b82fb70..75e4cdb 100644 --- a/containers/citizen-registry/kubernetes/registry-gaia/k8s/main/ingress-ds.yml +++ b/containers/citizen-registry/kubernetes/registry-gaia/k8s/main/ingress-ds.yml @@ -5,7 +5,7 @@ metadata: namespace: demos-main annotations: cert-manager.io/cluster-issuer: letsencrypt-prod - nginx.ingress.kubernetes.io/whitelist-source-range: "51.79.89.27/32" + nginx.ingress.kubernetes.io/whitelist-source-range: "51.79.89.27/32" # only m.vision.2060.io can access backend and datastore spec: ingressClassName: nginx tls: