|
11
|
1
|
|
|
2 https://www.pomerium.com/docs/k8s/quickstart
|
|
|
3
|
|
|
4 kubectl apply -f deployment.yaml
|
|
|
5
|
|
|
6 3152 sudo apt install libnss3-tools
|
|
|
7 3153 ./mkcert-v1.4.4-linux-amd64 -install
|
|
|
8 3156 ./mkcert-v1.4.4-linux-amd64 "*.localhost.pomerium.io"
|
|
|
9 3158 kubectl create secret tls pomerium-wildcard-tls --namespace=pomerium --cert=./_wildcard.localhost.pomerium.io.pem --key=./_wildcard.localhost.pomerium.io-key.pem
|
|
|
10
|
|
|
11 k rollout restart -n pomerium deploy/pomerium
|
|
|
12
|
|
|
13 ----------------------------------------------------------------
|
|
|
14 bootstrap:
|
|
|
15 comment out 10-pomerium.yaml certificates line.
|
|
|
16
|
|
|
17 get to this saying ready=true
|
|
|
18 k get -n pomerium certificate/pomerium-proxy-tls -o wide
|
|
|
19
|
|
|
20 enable 10-pomerium.yaml certificates line.
|
|
|
21 k apply -f kube/10-pomerium.yaml
|
|
|
22
|
|
|
23
|
|
|
24 ✨ dash(pts/11):/my/serv/pomerium% k apply -f verify-service.yaml
|
|
|
25 service/verify created
|
|
|
26 deployment.apps/verify created
|
|
|
27 ✨ dash(pts/11):/my/serv/pomerium% k apply -f verify-ingress.yaml
|
|
|
28
|
|
|
29 k get -A certificate -o wide
|
|
|
30
|
|
|
31
|
|
|
32 todo:
|
|
|
33 https://www.pomerium.com/docs/topics/data-storage#postgres
|
|
|
34
|
|
|
35 ---------------------------------------------
|
|
|
36 2022-12-11
|
|
|
37
|
|
|
38 inv run
|
|
|
39
|
|
|
40 -------------
|
|
|
41
|
|
|
42 I1212 18:37:55.559944 1 pod.go:59] cert-manager/challenges/http01/selfCheck/http01/ensurePod "msg"="found one existing HTTP01 solver pod" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Pod" "related_resource_name"="cm-acme-http-solver-szbwz" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
|
|
|
43
|
|
|
44 I1212 18:37:55.561255 1 service.go:43] cert-manager/challenges/http01/selfCheck/http01/ensureService "msg"="found one existing HTTP01 solver Service for challenge resource" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Service" "related_resource_name"="cm-acme-http-solver-gw5dd" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
|
|
|
45
|
|
|
46 I1212 18:37:55.562467 1 ingress.go:99] cert-manager/challenges/http01/selfCheck/http01/ensureIngress "msg"="found one existing HTTP01 solver ingress" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Ingress" "related_resource_name"="cm-acme-http-solver-skn9b" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
|
|
|
47
|
|
|
48 E1212 18:37:55.604107 1 sync.go:190] cert-manager/challenges "msg"="propagation check failed" "error"="failed to perform self check GET request 'http://authenticate.bigasterisk.com/.well-known/acme-challenge/40xNPGvj7rFgf1PSlm4UKmQw6i9BJsMe8orpIFXrxAc': Get \"http://authenticate.bigasterisk.com/.well-known/acme-challenge/40xNPGvj7rFgf1PSlm4UKmQw6i9BJsMe8orpIFXrxAc\": EOF" "dnsName"="authenticate.bigasterisk.com" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
|
