Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
система_kubernetes

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
система_kubernetes [2025/12/28 12:16]
val [cert-manager] 		система_kubernetes [2026/01/06 14:16] (current)
val [Ingress]
Line 1229: Line 1229:
 spec: spec:
   ingressClassName:​ nginx   ingressClassName:​ nginx
-#  tls: 
-#  - hosts: 
-#    - gowebd.corpX.un 
-#    secretName: gowebd-tls 
   rules:   rules:
   - host: webd.corpX.un   - host: webd.corpX.un
Line 1254: Line 1250:
         path: /         path: /
         pathType: Prefix         pathType: Prefix
 +#  tls:
 +#  - hosts:
 +#    - gowebd.corpX.un
 +#    - "​*.corpX.un"​
 +#    secretName: gowebd-tls
 +#  - hosts:
 +#    - webd.corpX.un
 +#    secretName: webd-tls
 </​code><​code>​ </​code><​code>​
 kube1# kubectl apply -f my-ingress.yaml -n my-ns kube1# kubectl apply -f my-ingress.yaml -n my-ns
Line 2504: Line 2508:
  
 student@vps:​~$ kubectl -n cert-manager get all student@vps:​~$ kubectl -n cert-manager get all
 +
 +student@vps:​~$ #kubectl create secret generic cert-manager-tsig-secret --from-literal=tsig-secret-key="​NNN...NNN"​ -n cert-manager
  
 student@vps:​~$ cat ...issuer.yaml student@vps:​~$ cat ...issuer.yaml
Line 2514: Line 2520:
   #name: letsencrypt-prod-clusterissuer   #name: letsencrypt-prod-clusterissuer
   #name: freeipa-clusterissuer   #name: freeipa-clusterissuer
 +  #name: freeipa-dns-clusterissuer
 spec: spec:
   acme:   acme:
Line 2532: Line 2539:
     #- dns01:     #- dns01:
         #rfc2136:         #rfc2136:
-          #​nameserver: ​172.19.32.2 +          #​nameserver: ​192.168.X.10 
-          #​tsigKeyName: ​certbot.anysite +          #​tsigKeyName: ​cert-manager 
-          #​tsigAlgorithm: ​HMACSHA512+          #​tsigAlgorithm: ​HMACSHA256
           #​tsigSecretSecretRef:​           #​tsigSecretSecretRef:​
-            #​name: ​anysite-tsig-secret+            #​name: ​cert-manager-tsig-secret
             #key: tsig-secret-key             #key: tsig-secret-key
 +
 </​code><​code>​ </​code><​code>​
 student@vps:​~$ kubectl apply -f ...issuer.yaml #-n my-ns student@vps:​~$ kubectl apply -f ...issuer.yaml #-n my-ns
Line 2547: Line 2555:
 NAME                    READY   AGE NAME                    READY   AGE
 ...issuer ​              ​True ​   42s ...issuer ​              ​True ​   42s
- 
- 
-student@vps:​~/​pywebd-k8s$ kubectl -n my-pywebd-ns create secret generic anysite-tsig-secret --from-literal=tsig-secret-key="​NNN...NNN"​ 
 </​code>​ </​code>​
  
Line 2577: Line 2582:
  
 <​code>​ <​code>​
 +student@vps:​~/​webd-k8s$ kubectl apply -f my-certificate.yaml -n my-ns
 +
 student@vps:​~$ kubectl get certificate,​secrets -n my-ns student@vps:​~$ kubectl get certificate,​secrets -n my-ns
  
система_kubernetes.1766913413.txt.gz · Last modified: 2025/12/28 12:16 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki