search

ObrienlabsDev / pipeline

Apache License 2.0
0 stars 0 forks source link

Experimentation: cert-manager end to end canary #2

Open obriensystems opened 1 hour ago

obriensystems commented 1 hour ago

Including CRUD operations on the certificate

https://cert-manager.io/ https://github.com/cert-manager/cert-manager https://cert-manager.io/docs/tutorials/acme/nginx-ingress/

obriensystems commented 1 hour ago

20241202: cluster start Using docker desktop under ARM64

(venv-metal) michaelobrien@mbp8 pipeline % kubectl version
Client Version: v1.31.3
Kustomize Version: v5.4.2
Server Version: v1.30.2
(venv-metal) michaelobrien@mbp8 pipeline % kubectl get nodes                                  
NAME             STATUS   ROLES           AGE     VERSION
docker-desktop   Ready    control-plane   2d13h   v1.30.2
(venv-metal) michaelobrien@mbp8 pipeline % kubectl get pods --all-namespaces
NAMESPACE     NAME                                     READY   STATUS    RESTARTS      AGE
kube-system   coredns-7db6d8ff4d-f4t2v                 1/1     Running   2 (82m ago)   2d13h
kube-system   coredns-7db6d8ff4d-jdfgp                 1/1     Running   2 (82m ago)   2d13h
kube-system   etcd-docker-desktop                      1/1     Running   2 (82m ago)   2d13h
kube-system   kube-apiserver-docker-desktop            1/1     Running   2 (82m ago)   2d13h
kube-system   kube-controller-manager-docker-desktop   1/1     Running   2 (82m ago)   2d13h
kube-system   kube-proxy-knrjw                         1/1     Running   2 (82m ago)   2d13h
kube-system   kube-scheduler-docker-desktop            1/1     Running   2 (82m ago)   2d13h
kube-system   storage-provisioner                      1/1     Running   4 (81m ago)   2d13h
kube-system   vpnkit-controller                        1/1     Running   2 (82m ago)   2d13h

https://cert-manager.io/docs/tutorials/acme/nginx-ingress/

already installed helm via "brew install helm" not kubernetes-helm
(venv-metal) michaelobrien@Michaels-MBP pipeline % helm version
version.BuildInfo{Version:"v3.16.3", GitCommit:"cfd07493f46efc9debd9cc1b02a0961186df7fdf", GitTreeState:"dirty", GoVersion:"go1.23.3"}
(venv-metal) michaelobrien@Michaels-MBP pipeline % helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
"ingress-nginx" has been added to your repositories
(venv-metal) michaelobrien@Michaels-MBP pipeline % helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "ingress-nginx" chart repository
Update Complete. ⎈Happy Helming!⎈
(venv-metal) michaelobrien@Michaels-MBP pipeline % helm list
NAME    NAMESPACE   REVISION    UPDATED STATUS  CHART   APP VERSION
(venv-metal) michaelobrien@Michaels-MBP pipeline % helm install quickstart ingress-nginx/ingress-nginx

NAME: quickstart
LAST DEPLOYED: Mon Dec  2 11:23:36 2024
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the load balancer IP to be available.
You can watch the status by running 'kubectl get service --namespace default quickstart-ingress-nginx-controller --output wide --watch'

An example Ingress that makes use of the controller:
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: example
    namespace: foo
  spec:
    ingressClassName: nginx
    rules:
      - host: www.example.com
        http:
          paths:
            - pathType: Prefix
              backend:
                service:
                  name: exampleService
                  port:
                    number: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
      - hosts:
        - www.example.com
        secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls

default namespace
(venv-metal) michaelobrien@Michaels-MBP pipeline % kubectl get pods --all-namespaces
NAMESPACE     NAME                                                   READY   STATUS    RESTARTS       AGE
default       quickstart-ingress-nginx-controller-6b6d869888-n6kqj   1/1     Running   0              39s
kube-system   coredns-7db6d8ff4d-f4t2v                               1/1     Running   2 (127m ago)   2d14h
kube-system   coredns-7db6d8ff4d-jdfgp                               1/1     Running   2 (127m ago)   2d14h
kube-system   etcd-docker-desktop                                    1/1     Running   2 (127m ago)   2d14h
kube-system   kube-apiserver-docker-desktop                          1/1     Running   2 (126m ago)   2d14h
kube-system   kube-controller-manager-docker-desktop                 1/1     Running   2 (127m ago)   2d14h
kube-system   kube-proxy-knrjw                                       1/1     Running   2 (127m ago)   2d14h
kube-system   kube-scheduler-docker-desktop                          1/1     Running   2 (127m ago)   2d14h
kube-system   storage-provisioner                                    1/1     Running   4 (125m ago)   2d14h
kube-system   vpnkit-controller                                      1/1     Running   2 (127m ago)   2d14h