Files @ 6c42f94f0285
Branch filter:

Location: pomerium/readme - annotation

drewp@bigasterisk.com
static site

https://www.pomerium.com/docs/k8s/quickstart

kubectl apply -f deployment.yaml

3152  sudo apt install libnss3-tools
 3153  ./mkcert-v1.4.4-linux-amd64 -install
 3156  ./mkcert-v1.4.4-linux-amd64 "*.localhost.pomerium.io"
 3158  kubectl create secret tls pomerium-wildcard-tls --namespace=pomerium  --cert=./_wildcard.localhost.pomerium.io.pem --key=./_wildcard.localhost.pomerium.io-key.pem

 k rollout restart -n pomerium deploy/pomerium

----------------------------------------------------------------
bootstrap:
comment out 10-pomerium.yaml certificates line.

get to this saying ready=true
k get -n pomerium certificate/pomerium-proxy-tls -o wide

enable 10-pomerium.yaml certificates line.
k apply -f kube/10-pomerium.yaml


✨ dash(pts/11):/my/serv/pomerium% k apply -f verify-service.yaml
service/verify created
deployment.apps/verify created
✨ dash(pts/11):/my/serv/pomerium% k apply -f verify-ingress.yaml 

k get -A certificate -o wide


todo:
https://www.pomerium.com/docs/topics/data-storage#postgres

---------------------------------------------
2022-12-11

inv run

-------------

I1212 18:37:55.559944       1 pod.go:59] cert-manager/challenges/http01/selfCheck/http01/ensurePod "msg"="found one existing HTTP01 solver pod" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Pod" "related_resource_name"="cm-acme-http-solver-szbwz" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"

I1212 18:37:55.561255       1 service.go:43] cert-manager/challenges/http01/selfCheck/http01/ensureService "msg"="found one existing HTTP01 solver Service for challenge resource" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Service" "related_resource_name"="cm-acme-http-solver-gw5dd" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"

I1212 18:37:55.562467       1 ingress.go:99] cert-manager/challenges/http01/selfCheck/http01/ensureIngress "msg"="found one existing HTTP01 solver ingress" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Ingress" "related_resource_name"="cm-acme-http-solver-skn9b" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"

E1212 18:37:55.604107       1 sync.go:190] cert-manager/challenges "msg"="propagation check failed" "error"="failed to perform self check GET request 'http://authenticate.bigasterisk.com/.well-known/acme-challenge/40xNPGvj7rFgf1PSlm4UKmQw6i9BJsMe8orpIFXrxAc': Get \"http://authenticate.bigasterisk.com/.well-known/acme-challenge/40xNPGvj7rFgf1PSlm4UKmQw6i9BJsMe8orpIFXrxAc\": EOF" "dnsName"="authenticate.bigasterisk.com" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"