Skip to content

Instantly share code, notes, and snippets.

Avatar

Marcelo Ochoa marcelo-ochoa

View GitHub Profile
@marcelo-ochoa
marcelo-ochoa / whoami-tls.yaml
Created Jun 22, 2021
WhoAmi TLS LetsEncrypt cert generation test
View whoami-tls.yaml
# whoami-tls.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: app-tls
spec:
entryPoints:
- websecure
routes:
- kind: Rule
@marcelo-ochoa
marcelo-ochoa / whoami.yml
Created Jun 22, 2021
WhoAmi Traefik App for testing
View whoami.yml
# whoami.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: app-v1
spec:
replicas: 1
selector:
matchLabels:
app: app-v1
@marcelo-ochoa
marcelo-ochoa / traefik-values.yaml
Created Jun 22, 2021
Traefik+LetsEncrypt configuration for Oracle OCI Kubernetes deployment
View traefik-values.yaml
additionalArguments:
- --certificatesresolvers.le.acme.email=marcelo.ochoa@gmail.com
- --certificatesresolvers.le.acme.storage=/data/acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- --certificatesresolvers.le.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
persistence:
enabled: true
path: /data
podSecurityContext:
fsGroup: 65532
View sample-app.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-test
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: "letsencrypt-staging"
spec:
rules:
- host: www.example.com
@marcelo-ochoa
marcelo-ochoa / letsencrypt-http01.yaml
Last active May 19, 2021
Sample ClusterIssuer letsencrypt
View letsencrypt-http01.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: user@example.com
privateKeySecretRef:
name: letsencrypt
@marcelo-ochoa
marcelo-ochoa / letsencrypt-staging-http01.yaml
Last active May 19, 2021
Sample ClusterIssuer staging
View letsencrypt-staging-http01.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: user@example.com
View docker-compose.yml
version: '3.6'
services:
registry:
image: registry:2
hostname: registry.mydomain.com
networks:
- lb_network
volumes:
- data:/var/lib/registry
View docker-compose.yml
version: '3.6'
x-default-opts:
&default-opts
image: certbot-oci:v1.10.1
volumes:
- certs-repo:/etc/letsencrypt
environment:
OCID: ocid1.loadbalancer.oc1.iad.nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
RENEWED_DOMAINS: dev-oci.mydomain.com
deploy:
View create-lb-certs.sh
#!/bin/sh
cd /etc/letsencrypt
cert_number=$(ls csr/|tail -1|sed s/_.*//)
cert_name=$RENEWED_DOMAINS-$cert_number
echo $cert_name
oci lb certificate create --load-balancer-id $OCID --certificate-name $cert_name --public-certificate-file /etc/letsencrypt/live/$RENEWED_DOMAINS/fullchain.pem --private-key-file /etc/letsencrypt/live/$RENEWED_DOMAINS/privkey.pem
sleep 30
oci lb listener update --force --listener-name lb_ssl --default-backend-set-name bs_default --port 443 --protocol HTTP --load-balancer-id $OCID --ssl-certificate-name $cert_name
View Dockerfile
ARG VERSION=v1.10.1
FROM certbot/certbot:$VERSION
COPY requirements.txt ./
RUN apk add --update alpine-sdk libffi libffi-dev openssl openssl-dev && pip install --no-cache-dir -r requirements.txt
COPY oci/* /root/.oci/
COPY *.sh /