Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Experimentation: cert-manager end to end canary #2

Open
obriensystems opened this issue Dec 2, 2024 · 3 comments
Open

Experimentation: cert-manager end to end canary #2

obriensystems opened this issue Dec 2, 2024 · 3 comments
Assignees

Comments

@obriensystems
Copy link
Member

obriensystems commented Dec 2, 2024

Including CRUD operations on the certificate

https://cert-manager.io/
https://github.com/cert-manager/cert-manager
https://cert-manager.io/docs/tutorials/acme/nginx-ingress/

@obriensystems obriensystems self-assigned this Dec 2, 2024
@obriensystems
Copy link
Member Author

obriensystems commented Dec 2, 2024

20241202: cluster start
Using docker desktop under ARM64

(venv-metal) michaelobrien@mbp8 pipeline % kubectl version
Client Version: v1.31.3
Kustomize Version: v5.4.2
Server Version: v1.30.2
(venv-metal) michaelobrien@mbp8 pipeline % kubectl get nodes                                  
NAME             STATUS   ROLES           AGE     VERSION
docker-desktop   Ready    control-plane   2d13h   v1.30.2
(venv-metal) michaelobrien@mbp8 pipeline % kubectl get pods --all-namespaces
NAMESPACE     NAME                                     READY   STATUS    RESTARTS      AGE
kube-system   coredns-7db6d8ff4d-f4t2v                 1/1     Running   2 (82m ago)   2d13h
kube-system   coredns-7db6d8ff4d-jdfgp                 1/1     Running   2 (82m ago)   2d13h
kube-system   etcd-docker-desktop                      1/1     Running   2 (82m ago)   2d13h
kube-system   kube-apiserver-docker-desktop            1/1     Running   2 (82m ago)   2d13h
kube-system   kube-controller-manager-docker-desktop   1/1     Running   2 (82m ago)   2d13h
kube-system   kube-proxy-knrjw                         1/1     Running   2 (82m ago)   2d13h
kube-system   kube-scheduler-docker-desktop            1/1     Running   2 (82m ago)   2d13h
kube-system   storage-provisioner                      1/1     Running   4 (81m ago)   2d13h
kube-system   vpnkit-controller                        1/1     Running   2 (82m ago)   2d13h


https://cert-manager.io/docs/tutorials/acme/nginx-ingress/

already installed helm via "brew install helm" not kubernetes-helm
(venv-metal) michaelobrien@Michaels-MBP pipeline % helm version
version.BuildInfo{Version:"v3.16.3", GitCommit:"cfd07493f46efc9debd9cc1b02a0961186df7fdf", GitTreeState:"dirty", GoVersion:"go1.23.3"}
(venv-metal) michaelobrien@Michaels-MBP pipeline % helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
"ingress-nginx" has been added to your repositories
(venv-metal) michaelobrien@Michaels-MBP pipeline % helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "ingress-nginx" chart repository
Update Complete. ⎈Happy Helming!⎈
(venv-metal) michaelobrien@Michaels-MBP pipeline % helm list
NAME	NAMESPACE	REVISION	UPDATED	STATUS	CHART	APP VERSION
(venv-metal) michaelobrien@Michaels-MBP pipeline % helm install quickstart ingress-nginx/ingress-nginx

NAME: quickstart
LAST DEPLOYED: Mon Dec  2 11:23:36 2024
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the load balancer IP to be available.
You can watch the status by running 'kubectl get service --namespace default quickstart-ingress-nginx-controller --output wide --watch'

An example Ingress that makes use of the controller:
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: example
    namespace: foo
  spec:
    ingressClassName: nginx
    rules:
      - host: www.example.com
        http:
          paths:
            - pathType: Prefix
              backend:
                service:
                  name: exampleService
                  port:
                    number: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
      - hosts:
        - www.example.com
        secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls

default namespace
(venv-metal) michaelobrien@Michaels-MBP pipeline % kubectl get pods --all-namespaces
NAMESPACE     NAME                                                   READY   STATUS    RESTARTS       AGE
default       quickstart-ingress-nginx-controller-6b6d869888-n6kqj   1/1     Running   0              39s
kube-system   coredns-7db6d8ff4d-f4t2v                               1/1     Running   2 (127m ago)   2d14h
kube-system   coredns-7db6d8ff4d-jdfgp                               1/1     Running   2 (127m ago)   2d14h
kube-system   etcd-docker-desktop                                    1/1     Running   2 (127m ago)   2d14h
kube-system   kube-apiserver-docker-desktop                          1/1     Running   2 (126m ago)   2d14h
kube-system   kube-controller-manager-docker-desktop                 1/1     Running   2 (127m ago)   2d14h
kube-system   kube-proxy-knrjw                                       1/1     Running   2 (127m ago)   2d14h
kube-system   kube-scheduler-docker-desktop                          1/1     Running   2 (127m ago)   2d14h
kube-system   storage-provisioner                                    1/1     Running   4 (125m ago)   2d14h
kube-system   vpnkit-controller                                      1/1     Running   2 (127m ago)   2d14h


@obriensystems
Copy link
Member Author

(venv-metal) michaelobrien@mbp8 src % kubectl config use-context docker-desktop 
Switched to context "docker-desktop".
(venv-metal) michaelobrien@mbp8 src % kubectl get svc
NAME                                            TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
kubernetes                                      ClusterIP      10.96.0.1       <none>        443/TCP                      3d14h
quickstart-ingress-nginx-controller             LoadBalancer   10.105.113.34   localhost     80:32766/TCP,443:31993/TCP   24h
quickstart-ingress-nginx-controller-admission   ClusterIP      10.102.48.252   <none>        443/TCP                      24h

move the chart to a namespace
(venv-metal) michaelobrien@mbp8 src % helm uninstall quickstart

(venv-metal) michaelobrien@mbp8 src % kubectl create namespace nginx 
namespace/nginx created

(venv-metal) michaelobrien@Michaels-MBP pipeline % helm install quickstart ingress-nginx/ingress-nginx -n nginx
NAME: quickstart
LAST DEPLOYED: Tue Dec  3 12:04:05 2024
NAMESPACE: nginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the load balancer IP to be available.
You can watch the status by running 'kubectl get service --namespace nginx quickstart-ingress-nginx-controller --output wide --watch'

An example Ingress that makes use of the controller:
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: example
    namespace: foo
  spec:
    ingressClassName: nginx
    rules:
      - host: www.example.com
        http:
          paths:
            - pathType: Prefix
              backend:
                service:
                  name: exampleService
                  port:
                    number: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
      - hosts:
        - www.example.com
        secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls

(venv-metal) michaelobrien@Michaels-MBP pipeline % kubectl get pods -n nginx
NAME                                                   READY   STATUS    RESTARTS   AGE
quickstart-ingress-nginx-controller-6b6d869888-xvqzh   1/1     Running   0          80s

(venv-metal) michaelobrien@Michaels-MBP pipeline % kubectl get svc --all-namespaces
NAMESPACE     NAME                                            TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
default       kubernetes                                      ClusterIP      10.96.0.1        <none>        443/TCP                      3d15h
kube-system   kube-dns                                        ClusterIP      10.96.0.10       <none>        53/UDP,53/TCP,9153/TCP       3d15h
nginx         quickstart-ingress-nginx-controller             LoadBalancer   10.110.138.20    localhost     80:30401/TCP,443:32358/TCP   52s
nginx         quickstart-ingress-nginx-controller-admission   ClusterIP      10.110.219.159   <none>        443/TCP                      52s

@obriensystems
Copy link
Member Author

deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kuard
spec:
  selector:
    matchLabels:
      app: kuard
  replicas: 1
  template:
    metadata:
      labels:
        app: kuard
    spec:
      containers:
      - image: gcr.io/kuar-demo/kuard-amd64:1
        imagePullPolicy: Always
        name: kuard
        ports:
        - containerPort: 8080


(venv-metal) michaelobrien@Michaels-MBP pipeline % kubectl apply -f src/kubernetes/sample-deployment.yaml -n nginx
deployment.apps/kuard created

(venv-metal) michaelobrien@Michaels-MBP pipeline % kubectl get pods -n nginx                                      
NAME                                                   READY   STATUS    RESTARTS   AGE
kuard-667779577c-mln4j                                 1/1     Running   0          53s
quickstart-ingress-nginx-controller-6b6d869888-xvqzh   1/1     Running   0          9m38s

service.yaml

apiVersion: v1
kind: Service
metadata:
  name: kuard
spec:
  ports:
  - port: 80
    targetPort: 8080
    protocol: TCP
  selector:
    app: kuard

(venv-metal) michaelobrien@Michaels-MBP pipeline % kubectl get service -n nginx
NAME                                            TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
kuard                                           ClusterIP      10.106.171.6     <none>        80/TCP                       14s
quickstart-ingress-nginx-controller             LoadBalancer   10.110.138.20    localhost     80:30401/TCP,443:32358/TCP   10m
quickstart-ingress-nginx-controller-admission   ClusterIP      10.110.219.159   <none>        443/TCP                      10m

obriensystems pushed a commit that referenced this issue Dec 5, 2024
obriensystems added a commit that referenced this issue Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant