User Tools
система_kubernetes
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
система_kubernetes [2025/12/28 11:57] val [cert-manager] |
система_kubernetes [2026/01/06 14:16] (current) val [Ingress] |
||
|---|---|---|---|
| Line 1229: | Line 1229: | ||
| spec: | spec: | ||
| ingressClassName: nginx | ingressClassName: nginx | ||
| - | # tls: | ||
| - | # - hosts: | ||
| - | # - gowebd.corpX.un | ||
| - | # secretName: gowebd-tls | ||
| rules: | rules: | ||
| - host: webd.corpX.un | - host: webd.corpX.un | ||
| Line 1254: | Line 1250: | ||
| path: / | path: / | ||
| pathType: Prefix | pathType: Prefix | ||
| + | # tls: | ||
| + | # - hosts: | ||
| + | # - gowebd.corpX.un | ||
| + | # - "*.corpX.un" | ||
| + | # secretName: gowebd-tls | ||
| + | # - hosts: | ||
| + | # - webd.corpX.un | ||
| + | # secretName: webd-tls | ||
| </code><code> | </code><code> | ||
| kube1# kubectl apply -f my-ingress.yaml -n my-ns | kube1# kubectl apply -f my-ingress.yaml -n my-ns | ||
| Line 2504: | Line 2508: | ||
| student@vps:~$ kubectl -n cert-manager get all | student@vps:~$ kubectl -n cert-manager get all | ||
| + | |||
| + | student@vps:~$ #kubectl create secret generic cert-manager-tsig-secret --from-literal=tsig-secret-key="NNN...NNN" -n cert-manager | ||
| student@vps:~$ cat ...issuer.yaml | student@vps:~$ cat ...issuer.yaml | ||
| Line 2514: | Line 2520: | ||
| #name: letsencrypt-prod-clusterissuer | #name: letsencrypt-prod-clusterissuer | ||
| #name: freeipa-clusterissuer | #name: freeipa-clusterissuer | ||
| + | #name: freeipa-dns-clusterissuer | ||
| spec: | spec: | ||
| acme: | acme: | ||
| Line 2532: | Line 2539: | ||
| #- dns01: | #- dns01: | ||
| #rfc2136: | #rfc2136: | ||
| - | #nameserver: 172.19.32.2 | + | #nameserver: 192.168.X.10 |
| - | #tsigKeyName: certbot.anysite | + | #tsigKeyName: cert-manager |
| - | #tsigAlgorithm: HMACSHA512 | + | #tsigAlgorithm: HMACSHA256 |
| #tsigSecretSecretRef: | #tsigSecretSecretRef: | ||
| - | #name: anysite-tsig-secret | + | #name: cert-manager-tsig-secret |
| #key: tsig-secret-key | #key: tsig-secret-key | ||
| + | |||
| </code><code> | </code><code> | ||
| student@vps:~$ kubectl apply -f ...issuer.yaml #-n my-ns | student@vps:~$ kubectl apply -f ...issuer.yaml #-n my-ns | ||
| Line 2547: | Line 2555: | ||
| NAME READY AGE | NAME READY AGE | ||
| ...issuer True 42s | ...issuer True 42s | ||
| - | |||
| - | |||
| - | student@vps:~/pywebd-k8s$ kubectl -n my-pywebd-ns create secret generic anysite-tsig-secret --from-literal=tsig-secret-key="NNN...NNN" | ||
| </code> | </code> | ||
| Line 2567: | Line 2572: | ||
| secretName: webd-tls | secretName: webd-tls | ||
| dnsNames: | dnsNames: | ||
| - | - siteN.mgtu.ru | + | #- siteN.mgtu.ru |
| + | #- keycloak.corpX.un | ||
| + | #- gitlab.corpX.un | ||
| issuerRef: | issuerRef: | ||
| name: ...issuer | name: ...issuer | ||
| Line 2575: | Line 2582: | ||
| <code> | <code> | ||
| - | student@vps:~$ kubectl -n my-ns get certificate,secrets | + | student@vps:~/webd-k8s$ kubectl apply -f my-certificate.yaml -n my-ns |
| + | |||
| + | student@vps:~$ kubectl get certificate,secrets -n my-ns | ||
| - | student@vps:~$ kubectl -n my-ns events | + | student@vps:~$ kubectl events -n my-ns |
| ... | ... | ||
| Certificate fetched from issuer successfully | Certificate fetched from issuer successfully | ||
| - | student@vps:~$ kubectl -n my-ns get secret webd-tls -o yaml | + | student@vps:~$ kubectl get secret webd-tls -o yaml -n my-ns |
| </code> | </code> | ||
система_kubernetes.1766912247.txt.gz · Last modified: 2025/12/28 11:57 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
