Mercurial > code > home > repos > pomerium

annotate readme @ 36:6f8a6ccb2407 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
debugging
author drewp@bigasterisk.com
date Wed, 21 Jun 2023 23:03:05 -0700
parents 695948b426ae
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
11
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
1
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
2 https://www.pomerium.com/docs/k8s/quickstart
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
3
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
4 kubectl apply -f deployment.yaml
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
5
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
6 3152 sudo apt install libnss3-tools
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
7 3153 ./mkcert-v1.4.4-linux-amd64 -install
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
8 3156 ./mkcert-v1.4.4-linux-amd64 "*.localhost.pomerium.io"
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
9 3158 kubectl create secret tls pomerium-wildcard-tls --namespace=pomerium --cert=./_wildcard.localhost.pomerium.io.pem --key=./_wildcard.localhost.pomerium.io-key.pem
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
10
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
11 k rollout restart -n pomerium deploy/pomerium
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
12
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
13 ----------------------------------------------------------------
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
14 bootstrap:
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
15 comment out 10-pomerium.yaml certificates line.
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
16
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
17 get to this saying ready=true
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
18 k get -n pomerium certificate/pomerium-proxy-tls -o wide
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
19
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
20 enable 10-pomerium.yaml certificates line.
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
21 k apply -f kube/10-pomerium.yaml
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
22
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
23
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
24 ✨ dash(pts/11):/my/serv/pomerium% k apply -f verify-service.yaml
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
25 service/verify created
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
26 deployment.apps/verify created
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
27 ✨ dash(pts/11):/my/serv/pomerium% k apply -f verify-ingress.yaml
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
28
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
29 k get -A certificate -o wide
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
30
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
31
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
32 todo:
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
33 https://www.pomerium.com/docs/topics/data-storage#postgres
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
34
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
35 ---------------------------------------------
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
36 2022-12-11
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
37
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
38 inv run
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
39
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
40 -------------
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
41
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
42 I1212 18:37:55.559944 1 pod.go:59] cert-manager/challenges/http01/selfCheck/http01/ensurePod "msg"="found one existing HTTP01 solver pod" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Pod" "related_resource_name"="cm-acme-http-solver-szbwz" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
43
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
44 I1212 18:37:55.561255 1 service.go:43] cert-manager/challenges/http01/selfCheck/http01/ensureService "msg"="found one existing HTTP01 solver Service for challenge resource" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Service" "related_resource_name"="cm-acme-http-solver-gw5dd" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
45
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
46 I1212 18:37:55.562467 1 ingress.go:99] cert-manager/challenges/http01/selfCheck/http01/ensureIngress "msg"="found one existing HTTP01 solver ingress" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Ingress" "related_resource_name"="cm-acme-http-solver-skn9b" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
47
54b0edb7cca8 debug notes
drewp@bigasterisk.com
parents:
diff changeset
48 E1212 18:37:55.604107 1 sync.go:190] cert-manager/challenges "msg"="propagation check failed" "error"="failed to perform self check GET request 'http://authenticate.bigasterisk.com/.well-known/acme-challenge/40xNPGvj7rFgf1PSlm4UKmQw6i9BJsMe8orpIFXrxAc': Get \"http://authenticate.bigasterisk.com/.well-known/acme-challenge/40xNPGvj7rFgf1PSlm4UKmQw6i9BJsMe8orpIFXrxAc\": EOF" "dnsName"="authenticate.bigasterisk.com" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
23
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
49
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
50
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
51 ------------------------------
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
52 # version notes
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
53
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
54 # see https://hub.docker.com/r/pomerium/ingress-controller/tags but idk how to get the version number!
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
55 # It's not even in the startup logs, just this: "pomerium_version":""
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
56 #
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
57 # I think sha-2c8038a is v0.21.3 (by date, https://www.pomerium.com/docs/releases/changelog)
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
58 #
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
59 # sha-dd49d67 is 2023-05-30,
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
60 # https://github.com/pomerium/ingress-controller/commit/dd49d679ea077930229dff8aa319c58c77a767dc
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
61 # including 'current main branch' as of 2023-05-23 per
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
62 # https://github.com/pomerium/ingress-controller/commit/f79735129577344cc9fd766ff1b51df324990771
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
63 image: pomerium/ingress-controller:sha-dd49d67
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
64
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
65 preview kustomize:
695948b426ae redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
drewp@bigasterisk.com
parents: 11
diff changeset
66 meld =(cat 00-defs/00-namespace.yaml 00-defs/01-crd.yaml 00-defs/02-roles.yaml 20-kube/21-pom-svc.yaml 20-kube/20-pom-deploy.yaml) =(k kustomize -o /dev/stdout)