deploy(apple-mdm): route scep to noc1 ca

Adds the GX10 /scep route to the noc1 Apple MDM SCEP CA without exposing NanoHUB APIs.
2026-06-18 11:23:00 -05:00
parent e543018bdc
commit f78e6747b4
3 changed files with 91 additions and 10 deletions
--- a/apps-gx10/fc-apple-mdm/fc-apple-mdm.yaml
+++ b/apps-gx10/fc-apple-mdm/fc-apple-mdm.yaml
@@ -192,6 +192,43 @@ spec:
      targetPort: 9004
      protocol: TCP
 ---
+apiVersion: v1
+kind: Service
+metadata:
+  name: fc-apple-mdm-scep
+  namespace: fc-apple-mdm
+  labels:
+    app: fc-apple-mdm-scep
+    app.kubernetes.io/name: fc-apple-mdm-scep
+    app.kubernetes.io/part-of: flowercore
+spec:
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 80
+      targetPort: 9080
+      protocol: TCP
+---
+apiVersion: discovery.k8s.io/v1
+kind: EndpointSlice
+metadata:
+  name: fc-apple-mdm-scep-noc1
+  namespace: fc-apple-mdm
+  labels:
+    kubernetes.io/service-name: fc-apple-mdm-scep
+    app.kubernetes.io/name: fc-apple-mdm-scep
+    app.kubernetes.io/part-of: flowercore
+addressType: IPv4
+endpoints:
+  - addresses:
+      - 10.0.56.10
+    conditions:
+      ready: true
+ports:
+  - name: http
+    port: 9080
+    protocol: TCP
+---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
@@ -218,6 +255,11 @@ spec:
  entryPoints:
    - websecure
  routes:
+    - match: Host(`mdm.iamworkin.lan`) && PathPrefix(`/scep`)
+      kind: Rule
+      services:
+        - name: fc-apple-mdm-scep
+          port: 80
    - match: Host(`mdm.iamworkin.lan`) && (PathPrefix(`/mdm`) || PathPrefix(`/checkin`) || PathPrefix(`/version`))
      kind: Rule
      services: