Files
@ 695948b426ae
Branch filter:
Location: pomerium/readme - annotation
695948b426ae
4.1 KiB
text/plain
redo config with kustomize (still has a bug with pomerium-proxy-tls secret name getting a suffix)
54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae |
https://www.pomerium.com/docs/k8s/quickstart
kubectl apply -f deployment.yaml
3152 sudo apt install libnss3-tools
3153 ./mkcert-v1.4.4-linux-amd64 -install
3156 ./mkcert-v1.4.4-linux-amd64 "*.localhost.pomerium.io"
3158 kubectl create secret tls pomerium-wildcard-tls --namespace=pomerium --cert=./_wildcard.localhost.pomerium.io.pem --key=./_wildcard.localhost.pomerium.io-key.pem
k rollout restart -n pomerium deploy/pomerium
----------------------------------------------------------------
bootstrap:
comment out 10-pomerium.yaml certificates line.
get to this saying ready=true
k get -n pomerium certificate/pomerium-proxy-tls -o wide
enable 10-pomerium.yaml certificates line.
k apply -f kube/10-pomerium.yaml
✨ dash(pts/11):/my/serv/pomerium% k apply -f verify-service.yaml
service/verify created
deployment.apps/verify created
✨ dash(pts/11):/my/serv/pomerium% k apply -f verify-ingress.yaml
k get -A certificate -o wide
todo:
https://www.pomerium.com/docs/topics/data-storage#postgres
---------------------------------------------
2022-12-11
inv run
-------------
I1212 18:37:55.559944 1 pod.go:59] cert-manager/challenges/http01/selfCheck/http01/ensurePod "msg"="found one existing HTTP01 solver pod" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Pod" "related_resource_name"="cm-acme-http-solver-szbwz" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
I1212 18:37:55.561255 1 service.go:43] cert-manager/challenges/http01/selfCheck/http01/ensureService "msg"="found one existing HTTP01 solver Service for challenge resource" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Service" "related_resource_name"="cm-acme-http-solver-gw5dd" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
I1212 18:37:55.562467 1 ingress.go:99] cert-manager/challenges/http01/selfCheck/http01/ensureIngress "msg"="found one existing HTTP01 solver ingress" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Ingress" "related_resource_name"="cm-acme-http-solver-skn9b" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
E1212 18:37:55.604107 1 sync.go:190] cert-manager/challenges "msg"="propagation check failed" "error"="failed to perform self check GET request 'http://authenticate.bigasterisk.com/.well-known/acme-challenge/40xNPGvj7rFgf1PSlm4UKmQw6i9BJsMe8orpIFXrxAc': Get \"http://authenticate.bigasterisk.com/.well-known/acme-challenge/40xNPGvj7rFgf1PSlm4UKmQw6i9BJsMe8orpIFXrxAc\": EOF" "dnsName"="authenticate.bigasterisk.com" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
------------------------------
# version notes
# see https://hub.docker.com/r/pomerium/ingress-controller/tags but idk how to get the version number!
# It's not even in the startup logs, just this: "pomerium_version":""
#
# I think sha-2c8038a is v0.21.3 (by date, https://www.pomerium.com/docs/releases/changelog)
#
# sha-dd49d67 is 2023-05-30,
# https://github.com/pomerium/ingress-controller/commit/dd49d679ea077930229dff8aa319c58c77a767dc
# including 'current main branch' as of 2023-05-23 per
# https://github.com/pomerium/ingress-controller/commit/f79735129577344cc9fd766ff1b51df324990771
image: pomerium/ingress-controller:sha-dd49d67
preview kustomize:
meld =(cat 00-defs/00-namespace.yaml 00-defs/01-crd.yaml 00-defs/02-roles.yaml 20-kube/21-pom-svc.yaml 20-kube/20-pom-deploy.yaml) =(k kustomize -o /dev/stdout)
|