Generate Let'sEncrypt certificate on Kubernetes

-

 yaml file: 


---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: deploy-production
spec:
  acme:
    # You must replace this email address with your own.
    # Let's Encrypt will use this to contact you about expiring
    # certificates, and issues related to your account.
    email: name.surname@email.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      # Secret resource that will be used to store the account's private key.
      name: deploy-production
    # Add a single challenge solver, HTTP01 using nginx
    solvers:
    - http01:
        ingress:
          class: nginx
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: www.website.com
spec:
  secretName: www.website.com.tls.prod
  issuerRef:
    name: deploy-production
    kind: ClusterIssuer
  commonName: www.website.com
  dnsNames:
  - www.website.com
---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: deploy-production
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
  generation: 2
  name: nginx-ingress
spec:
  rules:
  - host: www.website.com
    http:
      paths:
      - backend:
          service:
            name: service-clusterip-nginx
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - www.website.com
    secretName: www.website.com.tls.prod

Commenti

Posta un commento

Post popolari in questo blog

Teams Incoming Webhook deprecated: Use PowerAutomate - Workflow

-
Since is not possible configure Classic Teams Webhook (deprecated, and it does not work from teams gui), I just created a workflow for "Gatus" monitoring application.  goto: https://make.powerautomate.com/ go to My flows > New flow > instant cloud flow     select "When a Teams webhook request is received" > create               configure: "Who can trigger the flow" > anyone add an action, search for:            post message in a chat or channel          configure:               "post as": flow bot               "post in": channel               "team": dropdown select team               "channel": dropdown select channel               "content":  Content: @...
Continua a leggere

Mysql operator S3 innodbcluster backup SECRET CONFIG

-
[ERROR] [backup] Backup failed with an exception: Util.dump_instance: Argument #2: The AWS access and secret keys were not found in: environment variables     mysql do not provide a good documentation about mysql operator. ORACLE WANT YOU TO USE OCI! USE OCI cmon.  mysql operator wants aws "cretentials" file down the "/mysqlsh/.aws folder, it does this in pod through VolumeMount the secret file, nothing about to worry about.  PS: If you are trying to backup to an s3 endpoint with self signed or with private ca certificate, loose all hopes. I do not find a solution about that.  cat secret   [default]   aws_access_key_id=REDACTED aws_secret_access_key=REDACTED cat secret | base64 -w 0 W2RlZmF1bHRdIAphd3NfYWNjZXNzX2tleV9pZD1SRURBQ1RFRAphd3Nfc2VjcmV0X2FjY2Vzc19rZXk9UkVEQUNURUQKCg==                            ...
Continua a leggere

Fedora - KVM - qemu - Windows 11 guest. error: swtpm at /usr/bin/swtpm does not support TPM 2

-
 you cannot create and execute VM: Windows 11 Guest in Fedora 40?  it's SELINUX. you can disable SELINUX or create a rule to avoid the TPM problem. we choose the second one.  check sudo ausearch -c 'virtqemud' --raw or sudo ausearch -m avc -ts recent if results appear, go on solution: sudo ausearch -m avc -ts recent | grep virtqemud | sudo audit2allow -M local_virtqemud sudo semodule -i local_virtqemud.pp systemctl restart libvirtd
Continua a leggere