Summary
hg
Use ID
pomerium repository
Statistics are disabled for this repository
Downloads are disabled for this repository
drewp@bigasterisk.com | d8b3c6fa64a3 |
20 months ago
|
|||
drewp@bigasterisk.com | b0761c1022d9 |
20 months ago
|
|||
drewp@bigasterisk.com | 290342e75927 |
21 months ago
|
|||
drewp@bigasterisk.com | 90438c76732f |
21 months ago
|
|||
drewp@bigasterisk.com | 6c42f94f0285 |
23 months ago
|
|||
drewp@bigasterisk.com | 54b0edb7cca8 |
2 years ago
|
|||
drewp@bigasterisk.com | 037539eb52c3 |
2 years ago
|
|||
drewp@bigasterisk.com | c9e2108bb271 |
2 years ago
|
|||
drewp@bigasterisk.com | 723ad82340d1 |
2 years ago
|
|||
drewp@bigasterisk.com | 0071c165e990 |
2 years ago
|
https://www.pomerium.com/docs/k8s/quickstart
kubectl apply -f deployment.yaml
3152 sudo apt install libnss3-tools
3153 ./mkcert-v1.4.4-linux-amd64 -install
3156 ./mkcert-v1.4.4-linux-amd64 "*.localhost.pomerium.io"
3158 kubectl create secret tls pomerium-wildcard-tls --namespace=pomerium --cert=./_wildcard.localhost.pomerium.io.pem --key=./_wildcard.localhost.pomerium.io-key.pem
k rollout restart -n pomerium deploy/pomerium
----------------------------------------------------------------
bootstrap:
comment out 10-pomerium.yaml certificates line.
get to this saying ready=true
k get -n pomerium certificate/pomerium-proxy-tls -o wide
enable 10-pomerium.yaml certificates line.
k apply -f kube/10-pomerium.yaml
✨ dash(pts/11):/my/serv/pomerium% k apply -f verify-service.yaml
service/verify created
deployment.apps/verify created
✨ dash(pts/11):/my/serv/pomerium% k apply -f verify-ingress.yaml
k get -A certificate -o wide
todo:
https://www.pomerium.com/docs/topics/data-storage#postgres
---------------------------------------------
2022-12-11
inv run
-------------
I1212 18:37:55.559944 1 pod.go:59] cert-manager/challenges/http01/selfCheck/http01/ensurePod "msg"="found one existing HTTP01 solver pod" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Pod" "related_resource_name"="cm-acme-http-solver-szbwz" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
I1212 18:37:55.561255 1 service.go:43] cert-manager/challenges/http01/selfCheck/http01/ensureService "msg"="found one existing HTTP01 solver Service for challenge resource" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Service" "related_resource_name"="cm-acme-http-solver-gw5dd" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
I1212 18:37:55.562467 1 ingress.go:99] cert-manager/challenges/http01/selfCheck/http01/ensureIngress "msg"="found one existing HTTP01 solver ingress" "dnsName"="authenticate.bigasterisk.com" "related_resource_kind"="Ingress" "related_resource_name"="cm-acme-http-solver-skn9b" "related_resource_namespace"="pomerium" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
E1212 18:37:55.604107 1 sync.go:190] cert-manager/challenges "msg"="propagation check failed" "error"="failed to perform self check GET request 'http://authenticate.bigasterisk.com/.well-known/acme-challenge/40xNPGvj7rFgf1PSlm4UKmQw6i9BJsMe8orpIFXrxAc': Get \"http://authenticate.bigasterisk.com/.well-known/acme-challenge/40xNPGvj7rFgf1PSlm4UKmQw6i9BJsMe8orpIFXrxAc\": EOF" "dnsName"="authenticate.bigasterisk.com" "resource_kind"="Challenge" "resource_name"="pomerium-proxy-tls-5hmnq-2918954797-1564766882" "resource_namespace"="pomerium" "resource_version"="v1" "type"="HTTP-01"
------------------------------
# version notes
# see https://hub.docker.com/r/pomerium/ingress-controller/tags but idk how to get the version number!
# It's not even in the startup logs, just this: "pomerium_version":""
#
# I think sha-2c8038a is v0.21.3 (by date, https://www.pomerium.com/docs/releases/changelog)
#
# sha-dd49d67 is 2023-05-30,
# https://github.com/pomerium/ingress-controller/commit/dd49d679ea077930229dff8aa319c58c77a767dc
# including 'current main branch' as of 2023-05-23 per
# https://github.com/pomerium/ingress-controller/commit/f79735129577344cc9fd766ff1b51df324990771
image: pomerium/ingress-controller:sha-dd49d67
preview kustomize:
meld =(cat 00-defs/00-namespace.yaml 00-defs/01-crd.yaml 00-defs/02-roles.yaml 20-kube/21-pom-svc.yaml 20-kube/20-pom-deploy.yaml) =(k kustomize -o /dev/stdout)