websites: Manage dcow cert via Ingress annotation
Now that the reverse proxy for Internet-facing sites uses TLS passthrough, the certificate for the _darkchestofwonders.us_ Ingress needs to be correct. Since Ingress resources can only use either the default certificate (_*.pyrocufflink.blue_) or a certificate from their same namespace, we have to move the Certificate and its corresponding Secret into the _websites_ namespace. Fortunately, this is easy enoug to do, by setting the appropriate annotations on the Ingress. To keep the existing certificate (until it expires), I moved the Secret manually: ```sh kubectl get secret dcow-cert -o yaml | grep -v namespace | kubectl create -n websites -f - ```pull/9/head
parent
78afee9abc
commit
a443929c0c
|
|
@ -33,11 +33,6 @@ data:
|
||||||
key: certificates/tabitha.biz.key
|
key: certificates/tabitha.biz.key
|
||||||
cert: certificates/tabitha.biz.crt
|
cert: certificates/tabitha.biz.crt
|
||||||
bundle: certificates/tabitha.biz.pem
|
bundle: certificates/tabitha.biz.pem
|
||||||
- name: dcow-cert
|
|
||||||
namespace: default
|
|
||||||
key: certificates/darkchestofwonders.us.key
|
|
||||||
cert: certificates/darkchestofwonders.us.crt
|
|
||||||
bundle: certificates/darkchestofwonders.us.pem
|
|
||||||
- name: chmod777-cert
|
- name: chmod777-cert
|
||||||
namespace: default
|
namespace: default
|
||||||
key: certificates/chmod777.sh.key
|
key: certificates/chmod777.sh.key
|
||||||
|
|
@ -71,7 +66,6 @@ rules:
|
||||||
- dustinhatchname-cert
|
- dustinhatchname-cert
|
||||||
- hatchchat-cert
|
- hatchchat-cert
|
||||||
- tabitha-cert
|
- tabitha-cert
|
||||||
- dcow-cert
|
|
||||||
- chmod777-cert
|
- chmod777-cert
|
||||||
- dustinandtabitha-cert
|
- dustinandtabitha-cert
|
||||||
- hlc-cert
|
- hlc-cert
|
||||||
|
|
|
||||||
|
|
@ -71,24 +71,6 @@ spec:
|
||||||
algorithm: ECDSA
|
algorithm: ECDSA
|
||||||
rotationPolicy: Always
|
rotationPolicy: Always
|
||||||
|
|
||||||
---
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: dcow-cert
|
|
||||||
spec:
|
|
||||||
secretName: dcow-cert
|
|
||||||
dnsNames:
|
|
||||||
- darkchestofwonders.us
|
|
||||||
- '*.darkchestofwonders.us'
|
|
||||||
issuerRef:
|
|
||||||
group: cert-manager.io
|
|
||||||
kind: ClusterIssuer
|
|
||||||
name: zerossl
|
|
||||||
privateKey:
|
|
||||||
algorithm: ECDSA
|
|
||||||
rotationPolicy: Always
|
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: Certificate
|
kind: Certificate
|
||||||
|
|
|
||||||
|
|
@ -8,10 +8,17 @@ metadata:
|
||||||
app.kubernetes.io/component: darkchestofwonders.us
|
app.kubernetes.io/component: darkchestofwonders.us
|
||||||
app.kubernetes.io/part-of: darkchestofwonders.us
|
app.kubernetes.io/part-of: darkchestofwonders.us
|
||||||
annotations:
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: zerossl
|
||||||
|
cert-manager.io/private-key-algorithm: ECDSA
|
||||||
nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: 100m
|
nginx.ingress.kubernetes.io/proxy-body-size: 100m
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- '*.darkchestofwonders.us'
|
||||||
|
- darkchestofwonders.us
|
||||||
|
secretName: dcow-cert
|
||||||
rules:
|
rules:
|
||||||
- host: darkchestofwonders.us
|
- host: darkchestofwonders.us
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue