Files
@ b53ab97e8979
Branch filter:
Location: pomerium/readme - annotation
b53ab97e8979
4.1 KiB
text/plain
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 54b0edb7cca8 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae 695948b426ae |
https://www.pomerium.com/docs/k8s/quickstart
kubectl apply -f deployment.yaml
3152 sudo apt install libnss3-tools
3153 ./mkcert-v1.4.4-linux-amd64 -install
3156 ./mkcert-v1.4.4-linux-amd64 "*.localhost.pomerium.io"
3158 kubectl create secret tls pomerium-wildcard-tls --namespace=pomerium --cert=./_wildcard.localhost.pomerium.io.pem --key=./_wildcard.localhost.pomerium.io-key.pem
k rollout restart -n pomerium deploy/pomerium
----------------------------------------------------------------
bootstrap:
comment out 10-pomerium.yaml certificates line.
get to this saying ready=true
k get -n pomerium certificate/pomerium-proxy-tls -o wide
enable 10-pomerium.yaml certificates line.
k apply -f kube/10-pomerium.yaml
✨ dash(pts/11):/my/serv/pomerium% k apply -f verify-service.yaml
service/verify created
deployment.apps/verify created
✨ dash(pts/11):/my/serv/pomerium% k apply -f verify-ingress.yaml
k get -A certificate -o wide
todo:
https://www.pomerium.com/docs/topics/data-storage#postgres
---------------------------------------------
2022-12-11
inv run
-------------
I1212 18:37:55.559944 1 pod.go:59] cert-manager/challenges/http01/selfCheck/http01/ensurePod "msg"="found one existing HTTP01 solver pod" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Pod" "related_resource_name"="cm-acme-http-solver-szbwz" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
I1212 18:37:55.561255 1 service.go:43] cert-manager/challenges/http01/selfCheck/http01/ensureService "msg"="found one existing HTTP01 solver Service for challenge resource" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Service" "related_resource_name"="cm-acme-http-solver-gw5dd" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
I1212 18:37:55.562467 1 ingress.go:99] cert-manager/challenges/http01/selfCheck/http01/ensureIngress "msg"="found one existing HTTP01 solver ingress" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Ingress" "related_resource_name"="cm-acme-http-solver-skn9b" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
E1212 18:37:55.604107 1 sync.go:190] cert-manager/challenges "msg"="propagation check failed" "error"="failed to perform self check GET request 'http://authenticate.bigasterisk.com/.well-known/acme-challenge/40xNPGvj7rFgf1PSlm4UKmQw6i9BJsMe8orpIFXrxAc': Get \"http://authenticate.bigasterisk.com/.well-known/acme-challenge/40xNPGvj7rFgf1PSlm4UKmQw6i9BJsMe8orpIFXrxAc\": EOF" "dnsName"="authenticate.bigasterisk.com" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
------------------------------
# version notes
# see https://hub.docker.com/r/pomerium/ingress-controller/tags but idk how to get the version number!
# It's not even in the startup logs, just this: "pomerium_version":""
#
# I think sha-2c8038a is v0.21.3 (by date, https://www.pomerium.com/docs/releases/changelog)
#
# sha-dd49d67 is 2023-05-30,
# https://github.com/pomerium/ingress-controller/commit/dd49d679ea077930229dff8aa319c58c77a767dc
# including 'current main branch' as of 2023-05-23 per
# https://github.com/pomerium/ingress-controller/commit/f79735129577344cc9fd766ff1b51df324990771
image: pomerium/ingress-controller:sha-dd49d67
preview kustomize:
meld =(cat 00-defs/00-namespace.yaml 00-defs/01-crd.yaml 00-defs/02-roles.yaml 20-kube/21-pom-svc.yaml 20-kube/20-pom-deploy.yaml) =(k kustomize -o /dev/stdout)
|