Created
February 1, 2021 07:56
-
-
Save svanellewee/2facc585152e81780c274d694b498542 to your computer and use it in GitHub Desktop.
TLS on ingress-nginx for great justice.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # OpenSSL needs this. | |
| # ingress-nginx needs the SANS info (CN only seems to be deprecated for this purpose) | |
| # HOWEVER, when I create a CSR with all my SANS info and then self-sign it with my CA | |
| # the new cert doesnt' have the SAN info I specified! | |
| # This config seems to help | |
| # Based on this https://kubernetes.io/docs/concepts/cluster-administration/certificates/ | |
| # updated my hosts file to make the hosts file whatever the loadbalancer field in the ingress said it was. | |
| [ req ] | |
| default_bits = 2048 | |
| prompt = no | |
| default_md = sha256 | |
| req_extensions = req_ext | |
| distinguished_name = dn | |
| [ dn ] | |
| CN = foo.bar.com | |
| [ req_ext ] | |
| subjectAltName = @alt_names | |
| [ alt_names ] | |
| DNS.1 = foo.bar.com | |
| DNS.2 = http-svc.default.svc.cluster.local | |
| IP.1 = 192.168.2.30 | |
| IP.2 = 192.168.2.31 | |
| IP.3 = 192.168.2.32 | |
| [ v3_ext ] | |
| authorityKeyIdentifier=keyid,issuer:always | |
| basicConstraints=CA:FALSE | |
| keyUsage=keyEncipherment,dataEncipherment | |
| extendedKeyUsage=serverAuth,clientAuth | |
| subjectAltName=@alt_names |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| items: | |
| - apiVersion: extensions/v1beta1 | |
| kind: Ingress | |
| metadata: | |
| annotations: | |
| kubectl.kubernetes.io/last-applied-configuration: | | |
| {"apiVersion":"networking.k8s.io/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"nginx-test","namespace":"default"},"spec":{"rules":[{"host":"foo.bar.com","http":{"paths":[{"backend":{"serviceName":"http-svc","servicePort":80},"path":"/"}]}}],"tls":[{"hosts":["foo.bar.com"],"secretName":"tls-secret"}]}} | |
| nginx.ingress.kubernetes.io/auth-tls-secret: default/my-certs | |
| nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" | |
| creationTimestamp: "2021-02-01T05:18:13Z" | |
| generation: 6 | |
| managedFields: | |
| - apiVersion: networking.k8s.io/v1beta1 | |
| fieldsType: FieldsV1 | |
| fieldsV1: | |
| f:metadata: | |
| f:annotations: | |
| .: {} | |
| f:kubectl.kubernetes.io/last-applied-configuration: {} | |
| f:spec: | |
| f:rules: {} | |
| manager: kubectl | |
| operation: Update | |
| time: "2021-02-01T05:18:13Z" | |
| - apiVersion: networking.k8s.io/v1beta1 | |
| fieldsType: FieldsV1 | |
| fieldsV1: | |
| f:status: | |
| f:loadBalancer: | |
| f:ingress: {} | |
| manager: nginx-ingress-controller | |
| operation: Update | |
| time: "2021-02-01T05:18:50Z" | |
| - apiVersion: extensions/v1beta1 | |
| fieldsType: FieldsV1 | |
| fieldsV1: | |
| f:metadata: | |
| f:annotations: | |
| f:nginx.ingress.kubernetes.io/auth-tls-secret: {} | |
| f:nginx.ingress.kubernetes.io/auth-tls-verify-client: {} | |
| f:spec: | |
| f:tls: {} | |
| manager: kubectl | |
| operation: Update | |
| time: "2021-02-01T07:41:17Z" | |
| name: nginx-test | |
| namespace: default | |
| resourceVersion: "103887" | |
| selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/nginx-test | |
| uid: 172708b4-91a6-437a-b1ed-578ecc2336e4 | |
| spec: | |
| rules: | |
| - host: foo.bar.com | |
| http: | |
| paths: | |
| - backend: | |
| serviceName: http-svc | |
| servicePort: 80 | |
| path: / | |
| pathType: ImplementationSpecific | |
| tls: | |
| - hosts: | |
| - foo.bar.com | |
| - 192.168.2.32 | |
| secretName: my-certs | |
| status: | |
| loadBalancer: | |
| ingress: | |
| - ip: 192.168.2.32 | |
| - apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| creationTimestamp: "2021-02-01T05:10:14Z" | |
| labels: | |
| app: http-svc | |
| managedFields: | |
| - apiVersion: v1 | |
| fieldsType: FieldsV1 | |
| fieldsV1: | |
| f:metadata: | |
| f:labels: | |
| .: {} | |
| f:app: {} | |
| f:spec: | |
| f:ports: | |
| .: {} | |
| k:{"port":80,"protocol":"TCP"}: | |
| .: {} | |
| f:name: {} | |
| f:port: {} | |
| f:protocol: {} | |
| f:targetPort: {} | |
| f:selector: | |
| .: {} | |
| f:app: {} | |
| f:sessionAffinity: {} | |
| f:type: {} | |
| manager: kubectl | |
| operation: Update | |
| time: "2021-02-01T05:10:14Z" | |
| name: http-svc | |
| namespace: default | |
| resourceVersion: "77860" | |
| selfLink: /api/v1/namespaces/default/services/http-svc | |
| uid: a0c756b8-8e25-4749-a9d9-71366175c8ca | |
| spec: | |
| clusterIP: 10.96.183.188 | |
| ports: | |
| - name: http | |
| port: 80 | |
| protocol: TCP | |
| targetPort: 8080 | |
| selector: | |
| app: http-svc | |
| sessionAffinity: None | |
| type: ClusterIP | |
| status: | |
| loadBalancer: {} | |
| - apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| creationTimestamp: "2021-01-31T10:03:24Z" | |
| labels: | |
| component: apiserver | |
| provider: kubernetes | |
| managedFields: | |
| - apiVersion: v1 | |
| fieldsType: FieldsV1 | |
| fieldsV1: | |
| f:metadata: | |
| f:labels: | |
| .: {} | |
| f:component: {} | |
| f:provider: {} | |
| f:spec: | |
| f:clusterIP: {} | |
| f:ports: | |
| .: {} | |
| k:{"port":443,"protocol":"TCP"}: | |
| .: {} | |
| f:name: {} | |
| f:port: {} | |
| f:protocol: {} | |
| f:targetPort: {} | |
| f:sessionAffinity: {} | |
| f:type: {} | |
| manager: kube-apiserver | |
| operation: Update | |
| time: "2021-01-31T10:03:24Z" | |
| name: kubernetes | |
| namespace: default | |
| resourceVersion: "150" | |
| selfLink: /api/v1/namespaces/default/services/kubernetes | |
| uid: 303bd1b4-99ed-48d9-9cae-2f6db612fe7c | |
| spec: | |
| clusterIP: 10.96.0.1 | |
| ports: | |
| - name: https | |
| port: 443 | |
| protocol: TCP | |
| targetPort: 6443 | |
| sessionAffinity: None | |
| type: ClusterIP | |
| status: | |
| loadBalancer: {} | |
| - apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| annotations: | |
| deployment.kubernetes.io/revision: "1" | |
| creationTimestamp: "2021-02-01T05:10:14Z" | |
| generation: 1 | |
| managedFields: | |
| - apiVersion: apps/v1 | |
| fieldsType: FieldsV1 | |
| fieldsV1: | |
| f:spec: | |
| f:progressDeadlineSeconds: {} | |
| f:replicas: {} | |
| f:revisionHistoryLimit: {} | |
| f:selector: | |
| f:matchLabels: | |
| .: {} | |
| f:app: {} | |
| f:strategy: | |
| f:rollingUpdate: | |
| .: {} | |
| f:maxSurge: {} | |
| f:maxUnavailable: {} | |
| f:type: {} | |
| f:template: | |
| f:metadata: | |
| f:labels: | |
| .: {} | |
| f:app: {} | |
| f:spec: | |
| f:containers: | |
| k:{"name":"http-svc"}: | |
| .: {} | |
| f:env: | |
| .: {} | |
| k:{"name":"NODE_NAME"}: | |
| .: {} | |
| f:name: {} | |
| f:valueFrom: | |
| .: {} | |
| f:fieldRef: | |
| .: {} | |
| f:apiVersion: {} | |
| f:fieldPath: {} | |
| k:{"name":"POD_IP"}: | |
| .: {} | |
| f:name: {} | |
| f:valueFrom: | |
| .: {} | |
| f:fieldRef: | |
| .: {} | |
| f:apiVersion: {} | |
| f:fieldPath: {} | |
| k:{"name":"POD_NAME"}: | |
| .: {} | |
| f:name: {} | |
| f:valueFrom: | |
| .: {} | |
| f:fieldRef: | |
| .: {} | |
| f:apiVersion: {} | |
| f:fieldPath: {} | |
| k:{"name":"POD_NAMESPACE"}: | |
| .: {} | |
| f:name: {} | |
| f:valueFrom: | |
| .: {} | |
| f:fieldRef: | |
| .: {} | |
| f:apiVersion: {} | |
| f:fieldPath: {} | |
| f:image: {} | |
| f:imagePullPolicy: {} | |
| f:name: {} | |
| f:ports: | |
| .: {} | |
| k:{"containerPort":8080,"protocol":"TCP"}: | |
| .: {} | |
| f:containerPort: {} | |
| f:protocol: {} | |
| f:resources: {} | |
| f:terminationMessagePath: {} | |
| f:terminationMessagePolicy: {} | |
| f:dnsPolicy: {} | |
| f:restartPolicy: {} | |
| f:schedulerName: {} | |
| f:securityContext: {} | |
| f:terminationGracePeriodSeconds: {} | |
| manager: kubectl | |
| operation: Update | |
| time: "2021-02-01T05:10:14Z" | |
| - apiVersion: apps/v1 | |
| fieldsType: FieldsV1 | |
| fieldsV1: | |
| f:metadata: | |
| f:annotations: | |
| .: {} | |
| f:deployment.kubernetes.io/revision: {} | |
| f:status: | |
| f:availableReplicas: {} | |
| f:conditions: | |
| .: {} | |
| k:{"type":"Available"}: | |
| .: {} | |
| f:lastTransitionTime: {} | |
| f:lastUpdateTime: {} | |
| f:message: {} | |
| f:reason: {} | |
| f:status: {} | |
| f:type: {} | |
| k:{"type":"Progressing"}: | |
| .: {} | |
| f:lastTransitionTime: {} | |
| f:lastUpdateTime: {} | |
| f:message: {} | |
| f:reason: {} | |
| f:status: {} | |
| f:type: {} | |
| f:observedGeneration: {} | |
| f:readyReplicas: {} | |
| f:replicas: {} | |
| f:updatedReplicas: {} | |
| manager: kube-controller-manager | |
| operation: Update | |
| time: "2021-02-01T05:10:16Z" | |
| name: http-svc | |
| namespace: default | |
| resourceVersion: "77887" | |
| selfLink: /apis/apps/v1/namespaces/default/deployments/http-svc | |
| uid: 56658dd4-e88f-426a-803b-933f457a5569 | |
| spec: | |
| progressDeadlineSeconds: 600 | |
| replicas: 1 | |
| revisionHistoryLimit: 10 | |
| selector: | |
| matchLabels: | |
| app: http-svc | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: 25% | |
| maxUnavailable: 25% | |
| type: RollingUpdate | |
| template: | |
| metadata: | |
| creationTimestamp: null | |
| labels: | |
| app: http-svc | |
| spec: | |
| containers: | |
| - env: | |
| - name: NODE_NAME | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: spec.nodeName | |
| - name: POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.name | |
| - name: POD_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.namespace | |
| - name: POD_IP | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: status.podIP | |
| image: gcr.io/kubernetes-e2e-test-images/echoserver:2.1 | |
| imagePullPolicy: IfNotPresent | |
| name: http-svc | |
| ports: | |
| - containerPort: 8080 | |
| protocol: TCP | |
| resources: {} | |
| terminationMessagePath: /dev/termination-log | |
| terminationMessagePolicy: File | |
| dnsPolicy: ClusterFirst | |
| restartPolicy: Always | |
| schedulerName: default-scheduler | |
| securityContext: {} | |
| terminationGracePeriodSeconds: 30 | |
| status: | |
| availableReplicas: 1 | |
| conditions: | |
| - lastTransitionTime: "2021-02-01T05:10:16Z" | |
| lastUpdateTime: "2021-02-01T05:10:16Z" | |
| message: Deployment has minimum availability. | |
| reason: MinimumReplicasAvailable | |
| status: "True" | |
| type: Available | |
| - lastTransitionTime: "2021-02-01T05:10:14Z" | |
| lastUpdateTime: "2021-02-01T05:10:16Z" | |
| message: ReplicaSet "http-svc-64f85bcc78" has successfully progressed. | |
| reason: NewReplicaSetAvailable | |
| status: "True" | |
| type: Progressing | |
| observedGeneration: 1 | |
| readyReplicas: 1 | |
| replicas: 1 | |
| updatedReplicas: 1 | |
| - apiVersion: v1 | |
| data: | |
| ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1ERXpNVEV3TURJMU9Wb1hEVE14TURFeU9URXdNREkxT1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTEtFCkYzWldBeGI3R1k1YmRaZHV5VFc0Q0svOHJFUzAzU2dtV3RVVzRGRTVGa2lseGxTaHgwK3hKQ1pUamc1djM0QnEKQnNiWjFaWm94SXNSSkpjSWZLN3M0aEV4cEZNd2xxMk1aOEJFdWpFazFTMVdZWWI2NXVJVTJrOVUzaUVnTDNTUwo4SjMvMHAzd21Mdm5MRXh3UWlLakxGVGdNZjBHS2FTV0ZNdGN2WEdBelJPNWdHeXR2bmtwaTZrQzZLLzFpaXJxCkRlTERIY1dlTDR6enByQjJ4Zk9YU2ZybEl5NUhsQ0JQUlZjVWoyZmFmVzBPMjJod0xHZmx4c0IxMFkzUnhvY2QKWVNsTzUxTlplWVJoMWhIcno2K2NIRUdwejlGMExrMFFYQTZkR2tjN1NCcEVPZjc4bHVlUlBPV0I0NHU4bm92bApIL1o4bmY3WmErZUN4WTI1Y2cwQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFKT0lZRnNmaTFxclVGNTJ0L3FEaVMwVXBBMG8KajJrTDJyRU9FU0xTdVB4WTdjbm1BYjFVem52YmZlNXl4TE9aZDZZeVBhRXZRQkxNN1JzaTNLUmIzVktSZGkrdQpzWWJyamNLczNWU1p6MUZDOHA3eVNabkhicDdic2VWTThNcStNaUhFS3JzOHRKcEszOHpoZ2R6TFo2RVFHUk42CllKa0xsMzA5SGNmOFNDK2NuTzUwN0tUWG8vL0w5MXZCV2xwem03OUNnMCtsbzRWNmxBZjlmNnM5engraWZaR0YKcHF6N1hBb3JhZEg3blVMakhwd1RtUU11TXYvdFhMcEIvSUUvRHdRTFlBMGFjUkNDNHFIMVFhZ2tvT3JqV01USgpyQVZXVmVwdmYvYll2bmRnc1A5SHk2d21NRzZudEhrbEhVQ2tLaDZkQ3p1T1Y0bFJEbkRHMEltMitQND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= | |
| namespace: ZGVmYXVsdA== | |
| token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklqaGxiRU5PZVUxaFJWQnZNVGRSY1VkRU1YSnNka2czTUdreFoxWnJPREkxYjNScExWRllhbU5tYjI4aWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUprWldaaGRXeDBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbVJsWm1GMWJIUXRkRzlyWlc0dFptZHhjRzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1dVlXMWxJam9pWkdWbVlYVnNkQ0lzSW10MVltVnlibVYwWlhNdWFXOHZjMlZ5ZG1salpXRmpZMjkxYm5RdmMyVnlkbWxqWlMxaFkyTnZkVzUwTG5WcFpDSTZJbVZsTWpNNU9UZzNMVGMxTldFdE5HSXlaUzA1TWpFd0xXWmpaV1F4TVdVd1kyWXhOQ0lzSW5OMVlpSTZJbk41YzNSbGJUcHpaWEoyYVdObFlXTmpiM1Z1ZERwa1pXWmhkV3gwT21SbFptRjFiSFFpZlEuUzlBX1lIT3k0UW84QV9LcXZBYWtmak5XVk1nTi1nSEtuV2RZWEdrQjNKa0N4UnZIeTE2d2FySzdEQ0NhMng5YjRnSThxUHJUTG02QngzNzBYWXdDMVRxcUJBelB0dk14ZVp0T05iaURFd3JkZ3F2eVk0V1VqU0JtaG1zQktoZUMtX1k2eHBvSTBKMDExeGxQbU1WbFAwT1pSaVdVMkg2dHVxU2t1MVpTTlN0UlFxamV0d3ZvS2hNUkVWc3pVZ2xUbEg0MmJyNjJhV1VwOFdYRDBkSU9DaEYtaVdDTDcxYXZTR0o0bFlLX3ZFZDlXS2ZBWnVRaTVVemlDTVk5X3ppSWdOYWM2UC1vWHZwWmxvNW5RMW4wc09ub0NJTHVXbFdKb3JNQzZWM3NDdXVlZ1FwTkgzZjQzeE83VkNiekZwWGphRmI0aS1QTkNIRm1WSXcwS0pEMHhn | |
| kind: Secret | |
| metadata: | |
| annotations: | |
| kubernetes.io/service-account.name: default | |
| kubernetes.io/service-account.uid: ee239987-755a-4b2e-9210-fced11e0cf14 | |
| creationTimestamp: "2021-01-31T10:03:43Z" | |
| managedFields: | |
| - apiVersion: v1 | |
| fieldsType: FieldsV1 | |
| fieldsV1: | |
| f:data: | |
| .: {} | |
| f:ca.crt: {} | |
| f:namespace: {} | |
| f:token: {} | |
| f:metadata: | |
| f:annotations: | |
| .: {} | |
| f:kubernetes.io/service-account.name: {} | |
| f:kubernetes.io/service-account.uid: {} | |
| f:type: {} | |
| manager: kube-controller-manager | |
| operation: Update | |
| time: "2021-01-31T10:03:43Z" | |
| name: default-token-fgqpm | |
| namespace: default | |
| resourceVersion: "374" | |
| selfLink: /api/v1/namespaces/default/secrets/default-token-fgqpm | |
| uid: 10721fa7-b33f-4891-a1a0-5bfce139db7b | |
| type: kubernetes.io/service-account-token | |
| - apiVersion: v1 | |
| data: | |
| ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZIVENDQXdXZ0F3SUJBZ0lVZWY1VStBblVMdEZrMm5EMnBDYjRodnhQQzlVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hqRWNNQm9HQTFVRUF3d1RSbVZ5YmlCRFpYSjBJRUYxZEdodmNtbDBlVEFlRncweU1UQXlNREV3TmpJMQpOVFZhRncweU1qQXhNak13TmpJMU5UVmFNQjR4SERBYUJnTlZCQU1NRTBabGNtNGdRMlZ5ZENCQmRYUm9iM0pwCmRIa3dnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFENW1YU29VRTRxOWpFdEx3WlUKR0VrY3hEM3ZYZjQvTVJFbzE4UjcyVFlEN2k5UkxEWVE2RERXMzd4KzlxRFVwSENnd2pYUXU0bE5mWmVhSythdwpsQkZWaDFlZjlsSnVOckxpN08wR05RUHVYVnFhTGZCMldLUmZLZEw3eFpJbmtVRXNpSDFESUIwWnB2QzAxZnJZCkNISTUzZXdqajBHY2tCNko3SzVOWEpWUnV4cEtsRlN3T0U4MkJIQjBkbWFoMU9jcVBiczJpemllQlhuWk5VM3oKclFvY0NBaFJFV21seUlEVTFLTGpiUVUzWlg2bzJRL3NzZE5adW5aZlcrZmNkWGczd3JEOFRwMk52cVg1N3RxSQplMXRoa0N6M05xS2JDYVMyNWU4MXlKNVgzZ3JBVlB3dEJNZTloZHRFeHZQOUFQM2czcEJNdzZEa3BVYjhPb2NxCmwwTlJ1cWdhOGd6Qi9PSnE0TThneVh0SzludmR6VjBqb1hybE1mVURHbDV2YnhpckFSSHBmdkV0ZXJzcTB5QVMKUXFuTC9FczJCUU1wV0hGVjZNd0dNZWs2aWJ2WHFwUFZkKy9NNFV4bW9kOGZKVm9mK1ZZTEc5TW1HbGFtV0JzbApZZ0RmeGJBYlA3TjlCeEJ1YzRENUwvaDk5N3RCUzMrcW15ekU1SGxXQ2tJbHJkdUpRMUt3Qm9rc2NNUU1CNFJZCnBFaW1zR1dTWkFLOExweW53cXBEM2MzWm9kRTVlNVNWMHROUUQzS0RQa3VaUXA2OHdvNkVYZDBsMEMzT1VsMXAKU1psd1ZHSUlmaFAvVHg4S2lCVkZaSzE5YU1FOFdSYlNHVThiWTgrdlB6K2J0Y0ZXbmJPb0FXRG9VUSsrU0Y4VwpVa21UaDBYTU9RZnE4K1ZUbXhoNzZpV1Btd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVSEN0TXkxZ0ZHZC85CktscXhRaVF6NzN1T2QyQXdId1lEVlIwakJCZ3dGb0FVSEN0TXkxZ0ZHZC85S2xxeFFpUXo3M3VPZDJBd0R3WUQKVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFLdGl6NCtDRE1zeGtVakVMbXo1eApXY1g1MGdic0l1Uk1pRFVRcG9XRlprYm85ZGZ0cXNXYnVZUEFYaTVXYnpFNnVDYkZRUVQ0cFA0UXBleUlMdkkrCklDbFdkNzN2VUZSMEFpQmdWa1NNOW9LbUU4cFp6RXQyT2R4VTFuNGQ0NW5JakFzdzliWWwzaE5adFBvNWJSQUwKaEpSVEF3UWp0ODJHWU83RGpLTy9pcFVRb0xZWGVlS242SXJCdm5yTVJ1aVlBTVc5LzhBZ3REUHZvbHhTT2xMbAp2NWFSb1RDazlTT3kxRVRQd3o1b25JWm5GTGZ5MThKTW9pcmtaYTM4dXFxbkN2czZqbGtLalAyYWMxdE4zbVBwCkE4Z0k5OExQZmdKK3VKSWpJd3RCMzBpQzZTZWJ1SExTU2JidzcrZVhEaXZDMW54dzJmK2s2dlRLKytyR2hsc1kKNHJ6c3NjRGh5ODAyeTJlVW5KZCs4T2NFWVRwZWFiMkxGdTVNTURBcExKVmFQbWNKMklTRWpDQXJhTXFUWWtpLwpBRFJQeHRTNFp6a0pZZjVBNVNBdCthNzcyNFQ3QnFheUE4a0FBaHJGcUlCSW9qL0kza2d3RGUvS3RSR0lqQjQ0CmFQUFFwdDFQUjJlOUZNOFA5ek85WFlkUTJDQ0VmRjNSVXhwR2JsbUxibk51bERhUVYwR2piVXZoR3RKcjN5UDcKWnZVeWRraFFNYWpUT2w3TmR3Zk51eERrY09nclIvWXpITE83aUJtSU0rZXZMZ3JreEp6SUh3clhkbWxRdVh4UwpvUVJOYTdKcDVHNDIycmUxSjMyNVBYTUNlbkUzRXoyNVVDUUFtQWo1OTBaeENWVjhUNlZ4cGIrajRDT0NMaElRCkU0VHQwYjJlcDRETlBiZzY0SUk2cDNFPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
| tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVwakNDQW82Z0F3SUJBZ0lVYkl3NXNZZFZkbkZkbUova0t3V0RBeGRhRk5jd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hqRWNNQm9HQTFVRUF3d1RSbVZ5YmlCRFpYSjBJRUYxZEdodmNtbDBlVEFlRncweU1UQXlNREV3TmpReApORFZhRncwME9EQTJNVGt3TmpReE5EVmFNQll4RkRBU0JnTlZCQU1NQzJadmJ5NWlZWEl1WTI5dE1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdISkZUSXMyUllodmQrekVkNllHVDM3NFlSVVYKeVJFa0dkSlU4UzFCN0s2TUxqVUpqelVVc01lTzFpUXRpWThrNmlERkV5QWhKV0RlbEZ4MHo2OVR3dU9HeFhOYQpMd3VET3grbjlXUUNUb2dxOEY3T2QyQnRVSEVQMnhYRGRVUHNWSkY0Sm8xK1lVd2dnVmd0VGd4QXRueXZKSnh2Cit6Z1NVV0xTTE1Sa0tPM0h3OHBsKzRMN2EyMlJ2aWhtalkwYmZrc1hzYmoxUFhUQnZhRmZ1ZHZyVlcxc3J1czcKbUppdG9xUDg0NThNTXRyVHFyeUNidGFxSEZDcFZGRU9WcGFBcTBwUW9hclNvb3ZKTUtCck83UUlLZTdyUVpsbQpwdy9Bbm9tczREeDZkZEQwbkJVenhJdlhtekNQeHNIS3BuZWxkclkyeGZPV0ZXTkh4NEtTS0pXTXF3SURBUUFCCm80SGpNSUhnTUZrR0ExVWRJd1JTTUZDQUZCd3JUTXRZQlJuZi9TcGFzVUlrTSs5N2puZGdvU0trSURBZU1Sd3cKR2dZRFZRUUREQk5HWlhKdUlFTmxjblFnUVhWMGFHOXlhWFI1Z2hSNS9sVDRDZFF1MFdUYWNQYWtKdmlHL0U4TAoxVEFKQmdOVkhSTUVBakFBTUFzR0ExVWREd1FFQXdJRU1EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJCkt3WUJCUVVIQXdJd1RBWURWUjBSQkVVd1E0SUxabTl2TG1KaGNpNWpiMjJDSW1oMGRIQXRjM1pqTG1SbFptRjEKYkhRdWMzWmpMbU5zZFhOMFpYSXViRzlqWVd5SEJNQ29BaDZIQk1Db0FoK0hCTUNvQWlBd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnSUJBQkYwZDgrOVRqYWVQMUl4YmJmY0hxN0lCSURJeVZBNjRLN3FzUlc1S2ZiL2QyazhleXdUCmZGWlYyOHE1NFhmWFVOb1Nxa2hSZ1hkbnU5ejNqcFhUcFkzelMvY1R2bzlRNDdVQVFGeW14cnc4RlEvWjVBZnEKSFRqV0hBZWlUNHJ4TXQxVGxSTVp3VVpYUUxuM1Q1QWttLzMxbjRLaDEwd3RmZ2hJblMxdzJvcmxoVTFxcWUwagpaU0dIQXRwelprUmljcVRhWjJTdUlFVWJzMlpJcXQ2YzlhZnpISU5pNFd2YmcwVk9Wb3FvczlRTk9ISVhqT3E2CjdrUTNjRlUzRzBISExzdlpsTytoT3NlbGxObC9CdmFjYTRBdEVsTUREZ25JclNiS1ZCak5YSDdRbFQraWdSTFAKV01EbjZiYzJiS2dMUW5QMUQzSlR0bEVtTk9uZlMyRHRaQ3Y4QlRBQlo3anZlREFNczE3K2Viclk2ZjZVaENyWgpPMjZiWUJoZUQ5aEZBS2pRU0dJY2dNSHM3dG1NcHNnY0Q2cHljdW5kbE5wa0NYNVFja3N2RjN6dGFURklJaFpYCjk4MjFBem9JK1RjTjJUYjI5d3ZWMWVoaFlWby9OcG9lajBnUVNEMGpCbCtNeWc4OFd6UGRtVEhSNXNzNjdvdlAKdCszUW5ibFdQMytHQU0zOTlKVEhYeFhPRFV3UkJYL3ExcGdLMGI1NkZBdTJqWlJkL3dUQzUyMzRmQk9jUHIwRgo0bC9FU0ZrY3FJVXhrYVJEdVlKSjNmOWw4UGo1Z2pCcUl2STRiZXIzeXF5alRDOUg3b2poZ1VzMkpudFVZNHlXCnZvckJaQVUyKzl5ZEZuNHNFVTM1Mmg5dDl0Tnp2OXBZZTRMZ3lPNGlOeG5vZVQ3VGczcjhNUmVECi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K | |
| tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBd0hKRlRJczJSWWh2ZCt6RWQ2WUdUMzc0WVJVVnlSRWtHZEpVOFMxQjdLNk1MalVKCmp6VVVzTWVPMWlRdGlZOGs2aURGRXlBaEpXRGVsRngwejY5VHd1T0d4WE5hTHd1RE94K245V1FDVG9ncThGN08KZDJCdFVIRVAyeFhEZFVQc1ZKRjRKbzErWVV3Z2dWZ3RUZ3hBdG55dkpKeHYremdTVVdMU0xNUmtLTzNIdzhwbAorNEw3YTIyUnZpaG1qWTBiZmtzWHNiajFQWFRCdmFGZnVkdnJWVzFzcnVzN21KaXRvcVA4NDU4TU10clRxcnlDCmJ0YXFIRkNwVkZFT1ZwYUFxMHBRb2FyU29vdkpNS0JyTzdRSUtlN3JRWmxtcHcvQW5vbXM0RHg2ZGREMG5CVXoKeEl2WG16Q1B4c0hLcG5lbGRyWTJ4Zk9XRldOSHg0S1NLSldNcXdJREFRQUJBb0lCQUJTYUp5RVNwalM3Ym5PQQpQV2d4dGVzOHhJcGdIM3p2QU5aaTFnVWJ1enNEVks1OXJ4Qk50bkZXYTh3eEEwNytyQTBFaFJTUEUvMVVhWCtvCmhqalZwRG53OGJTaHJMM3NsWmYydzV4Wm9JV1h2a0VOWlQwU2JhRjIrU09US09HYzYrZ0J5c01WMHJuSDFKTUUKUlpWZGFuQWUyUUVxWGpLZXhoZEFaUSsxMXFNcTRZd29Zam5Tc1M5SHFiQlFxNzNRbE5mNlRWWmZWeUJHMEZORQplZ1lyeEJDZ0tvazFqbTFranUyUkJ2cEViZWxCRGJnQmQ3QWltK0hadExDUHZoamdzNWFaR2xjUTc2L2w2TTA3Ck5uZitpZUViMUhDZEJ0Sit3VjNnaFRINVVlaUxPUzdEKzc2OUEvRzBGSGpBRFFudTREbFhuU2FyVG00bDVNQ3AKTTVJUTFJRUNnWUVBL2RFU0ZpSTVSTjJFK0k3YmR4cExYUnpjRlVRb3NKK1VqSUxTbkVLQzNjQjE0dFhxWmtIdAp0eXJiMXJZbDdzUHBLcHo1UGMvYU5MTHBTYlVRdGo3Nnd4b0pjVnYrNmsrZ3djVFphbk9PQ3l4MlhPWVJyWW5sClpBZi9qdzRyb3BSM3ZHR3krcU1GanZtM1F4SUUrM0tWeWdtdyt5VkNxSnBrbEZMdi9HUVdERE1DZ1lFQXdob08KZTQzTUZhU2xiTkR0NnlCOWZLNkhDeWtXVitWM3J5dDBGSVRiS1NjT2U4azhyOTRBbi95WmtnL2QwTDlCWXovLwovc3dsd3kvOGx3QkxNWW5KYUJDazlnalYvTG9NUjlFMnF0aFA5RDd3NlBwRnhmbWtQSm41T0VyMzQ4ZkQvbHZECm9LaGJScUpaUWJxejEwMjRDVDh5aUhZT2NWNDdCUE1Lc2ZhTGhha0NnWUFWNEx5UFhkblQzc2hFYUlQd1N6cnQKeHJ3TnRUZFFxaUN5ejkvNWloNGZvU1JJTGlvck1FbWVQVHAvMG1tSW9DaHIvT1hhOXh5VzZFa0ZpbTdyVnBoawowc3kza2JkeVdQVEJYd2RpanAxU3h6MVltcGd4Zmk1Z3BmUFlUOTlnL3kwbTlzRG5xNytoNkZKc25KUURYSWdlCnh5RVROTTMvSEhmSTlURXNiekFiVXdLQmdIOVYvTDVOamQ5OC9oRmZGMVl6SUYvVlZ6NlpHOUZaOXFSeVMxclMKdGJ4UHBRN01QQVhjREdqb25BN1lYZHArUGZWUW5TNlkyd1VyeS9kNzk5aHQzalZwQmU5cWFJZTl2aVMzT2JmbQo1TDBGTmFLQjNaZzlaK05oMTc5NFh4dU5pQ1NzS3JDUkFpQmFqVmV6bGh2ZkhxYmlVTko1TUl4ckZ5anVFTXdqClEvRFJBb0dBRndOMi8vaDBybjVMYWNDc21BV1ZSUDBqN3R3RWRxMzRtNHR2dWlLdk1mZDl0U2hlVmlzbEZCZ2YKV0dHeWJzQXhwZ1Zsc2pVVi9kaDViYjJqUXhaUVhaSFBlSGZyUzdOeDlZT0hnbzVqZDEwVjFvT3JXcjFrTktEYQpLdGRyR0Z2R3ZFcWVOZi8zWlQrY3RQRVI2ZjFSVEJleVN6VlF3TlV0bHRoVklJL0RjbG89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== | |
| kind: Secret | |
| metadata: | |
| creationTimestamp: "2021-02-01T06:42:31Z" | |
| managedFields: | |
| - apiVersion: v1 | |
| fieldsType: FieldsV1 | |
| fieldsV1: | |
| f:data: | |
| .: {} | |
| f:ca.crt: {} | |
| f:tls.crt: {} | |
| f:tls.key: {} | |
| f:type: {} | |
| manager: kubectl | |
| operation: Update | |
| time: "2021-02-01T06:42:31Z" | |
| name: my-certs | |
| namespace: default | |
| resourceVersion: "93274" | |
| selfLink: /api/v1/namespaces/default/secrets/my-certs | |
| uid: 40b2ce65-27fa-4512-983b-550a7793eb21 | |
| type: Opaque | |
| kind: List | |
| metadata: | |
| resourceVersion: "" | |
| selfLink: "" | |
| apiVersion: v1 | |
| --- | |
| kind: Service | |
| metadata: | |
| annotations: | |
| kubectl.kubernetes.io/last-applied-configuration: | | |
| {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"ingress-nginx","app.kubernetes.io/version":"0.43.0","helm.sh/chart":"ingress-nginx-3.19.0"},"name":"ingress-nginx-controller","namespace":"ingress-nginx"},"spec":{"ports":[{"name":"http","port":80,"protocol":"TCP","targetPort":"http"},{"name":"https","port":443,"protocol":"TCP","targetPort":"https"}],"selector":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx"},"type":"NodePort"}} | |
| creationTimestamp: "2021-01-31T11:54:45Z" | |
| labels: | |
| app.kubernetes.io/component: controller | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/managed-by: Helm | |
| app.kubernetes.io/name: ingress-nginx | |
| app.kubernetes.io/version: 0.43.0 | |
| helm.sh/chart: ingress-nginx-3.19.0 | |
| managedFields: | |
| - apiVersion: v1 | |
| fieldsType: FieldsV1 | |
| fieldsV1: | |
| f:metadata: | |
| f:annotations: | |
| .: {} | |
| f:kubectl.kubernetes.io/last-applied-configuration: {} | |
| f:labels: | |
| .: {} | |
| f:app.kubernetes.io/component: {} | |
| f:app.kubernetes.io/instance: {} | |
| f:app.kubernetes.io/managed-by: {} | |
| f:app.kubernetes.io/name: {} | |
| f:app.kubernetes.io/version: {} | |
| f:helm.sh/chart: {} | |
| f:spec: | |
| f:externalTrafficPolicy: {} | |
| f:ports: | |
| .: {} | |
| k:{"port":80,"protocol":"TCP"}: | |
| .: {} | |
| f:name: {} | |
| f:port: {} | |
| f:protocol: {} | |
| f:targetPort: {} | |
| k:{"port":443,"protocol":"TCP"}: | |
| .: {} | |
| f:name: {} | |
| f:port: {} | |
| f:protocol: {} | |
| f:targetPort: {} | |
| f:selector: | |
| .: {} | |
| f:app.kubernetes.io/component: {} | |
| f:app.kubernetes.io/instance: {} | |
| f:app.kubernetes.io/name: {} | |
| f:sessionAffinity: {} | |
| f:type: {} | |
| manager: kubectl | |
| operation: Update | |
| time: "2021-01-31T11:54:45Z" | |
| name: ingress-nginx-controller | |
| namespace: ingress-nginx | |
| resourceVersion: "17290" | |
| selfLink: /api/v1/namespaces/ingress-nginx/services/ingress-nginx-controller | |
| uid: d1fd8489-19a3-4ace-ab3a-b5f7e54d1247 | |
| spec: | |
| clusterIP: 10.106.34.219 | |
| externalTrafficPolicy: Cluster | |
| ports: | |
| - name: http | |
| nodePort: 31631 | |
| port: 80 | |
| protocol: TCP | |
| targetPort: http | |
| - name: https | |
| nodePort: 31449 | |
| port: 443 | |
| protocol: TCP | |
| targetPort: https | |
| selector: | |
| app.kubernetes.io/component: controller | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/name: ingress-nginx | |
| sessionAffinity: None | |
| type: NodePort | |
| status: | |
| loadBalancer: {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1 kubectl get po -A | |
| 2 docker ps | |
| 3 sudo docker ps | |
| 4 docker ps | |
| 5 sudo docker ps | |
| 6 kubectl get po -A | |
| 7 kubectl -v8 get po -A | |
| 8 cat /etc/hosts | |
| 9 ./shared/vagrant-scripts/setup-hosts | |
| 10 cat /etc/hosts | |
| 11 sudo ./shared/vagrant-scripts/setup-hosts | |
| 12 cat /etc/hosts | |
| 13 kubectl get po -A | |
| 14 docker ps | |
| 15 sudo docker ps | |
| 16 kubectl get po -A | |
| 17 kubectl get po -n kube-system | |
| 18 kubectl get po -n kube-system weave-net-65ck2 | |
| 19 kubectl get po -n kube-system weave-net-65ck2 -o yaml | |
| 20 kubectl get po -n kube-system -lname=weave-net | |
| 21 kubectl get po -n kube-system -lname=weave-net | grep -v Running | |
| 22 kubectl get po -n kube-system -lname=weave-net | grep -v Running | tail -n +2 | |
| 23 kubectl get po -n kube-system -lname=weave-net | grep -v Running | tail -n +2 |cut -d ' ' -f1 | xargs -I {} kubectl -n kube-system delete {} | |
| 24 kubectl get po -n kube-system -lname=weave-net | grep -v Running | tail -n +2 |cut -d ' ' -f1 | xargs -I {} kubectl -n kube-system delete po {} | |
| 25 kubectl get po -A | |
| 26 kubectl get po -A -o wide | |
| 27 kubectl get po -n kube-system -lname=weave-net | grep -v Running | tail -n +2 |cut -d ' ' -f1 | xargs -I {} kubectl -n kube-system delete po {} | |
| 28 kubectl get po -A -o wide | |
| 29 source <(kubectl completion bash) | |
| 30 kubectl get po -n kube-system weave-net-t4927 -o yaml | |
| 31 kubectl describe po -n kube-system weave-net-t4927 | |
| 32 kubectl get po -A -o wide | |
| 33 kubectl -n kube-system drain worker-0 | |
| 34 kubectl -n kube-system | |
| 35 kubectl get po -A -o wide | |
| 36 vim ~/.bashrc | |
| 37 kubectl get svc -n ingress-nginx | |
| 38 curl http://worker-0:31631 | |
| 39 curl https://worker-0:31449 | |
| 40 curl -k https://worker-0:31449 | |
| 41 kubectl get svc -n blog | |
| 42 kubectl get svc,epo -n blog | |
| 43 kubectl get svc,ep -n blog | |
| 44 kubectl get svc,ep,po -n blog -o wide | |
| 45 kubectl get svc,ep,po,ingress -n blog -o wide | |
| 46 kubectl delete ns blog | |
| 47 ls | |
| 48 rm *cert* | |
| 49 ls | |
| 50 rm *key* | |
| 51 ls | |
| 52 rm bla | |
| 53 ls -ahtlr ./shared/ | |
| 54 ls -ahtlr ./shared/vagrant-scripts/ | |
| 55 source ./shared/vagrant-scripts/new-ca | |
| 56 vim ./shared/vagrant-scripts/new-ca | |
| 57 new-ca hello-stephan.com server | |
| 58 ls | |
| 59 kubectl create secret tls tls-hello-stephan --key=server.key --cert=server.crt | |
| 60 kubectl get secrets tls-hello-stephan | |
| 61 kubectl get secrets tls-hello-stephan -o yaml | |
| 62 kubectl create -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/http-svc.yaml | |
| 63 kubectl get deployments.apps http-svc | |
| 64 kubectl get deploy,svc http-svc | |
| 65 kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/http-svc.yaml | |
| 66 kubectl get po | |
| 67 kubectl delete po bla | |
| 68 openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc" | |
| 69 ls | |
| 70 kubectl create -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/http-svc.yaml | |
| 71 kubectl create secret tls tls-secret --key tls.key --cert tls.crt | |
| 72 kubectl get ingress | |
| 73 kubectl edit ingress meow-ingress | |
| 74 kubectl get -n ingress-nginx svc | |
| 75 curl -k https://worker-0:31449 | |
| 76 curl -k https://worker-0:31631 | |
| 77 curl -k http://worker-0:31631 | |
| 78 curl http://worker-0:31631 | |
| 79 curl -H "Host:meow.com" http://worker-0:31631 | |
| 80 kubectl edit ingress meow-ingress | |
| 81 curl -H "Host: meow.com" http://worker-0:31631 | |
| 82 curl -H "Host: meow.com" http://worker-0:31631/ | |
| 83 kubectl get -n ingress-nginx svc | |
| 84 curl -H "Host: meow.com" http://worker-0:31631/ | |
| 85 kubectl edit ingress meow-ingress | |
| 86 curl -H "Host: meow.com" http://worker-0:31631/ | |
| 87 curl -H "Host: meow.com" http://worker-0:31631 | |
| 88 source <(kubectl completion bash) | |
| 89 curl -H "Host: meow.com" http://worker-0:31631 | |
| 90 kubectl get svc | |
| 91 kubectl edit ingress meow-ingress | |
| 92 curl -H "Host: meow.com" http://worker-0:31631 | |
| 93 kubectl edit ingress meow-ingress | |
| 94 curl -H "Host: meow.com" http://worker-0:31631 | |
| 95 curl http://worker-0:31631 | |
| 96 curl http://worker-0:31631 -k | |
| 97 curl http://worker-0:31631 | |
| 98 kubectl get po | |
| 99 kubectl logs http-svc-64f85bcc78-p9s6t | |
| 100 kubectl logs http-svc-64f85bcc78-p9s6t | |
| 101 kubectl logs http-svc-64f85bcc78-p9s6t -f | |
| 102 kubectl delete po bla | |
| 103 kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/http-svc.yaml | |
| 104 kubectl get po | |
| 105 kubectl get po -w | |
| 106 kubectl create -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/http-svc.yaml | |
| 107 kubectl get po -w | |
| 108 kubectl get po,ep,svc -w | |
| 109 kubectl get po,ep,svc | |
| 110 curl http://worker-0:31631 | |
| 111 kubectl run bla --image=tutum/dnsutils -- sh | |
| 112 kubectl exec bla -it -- sh | |
| 113 kubectl get po | |
| 114 kubectl run bla2 --image=alpine -- sh | |
| 115 kubectl exec bla2 -it -- sh | |
| 116 kubectl get po | |
| 117 kubectl delete po bla2 | |
| 118 kubectl run -it bla2 --image=alpine -- sh | |
| 119 kubectl get po | |
| 120 kubectl delete po bla | |
| 121 kubectl run -it bla --image=tutum/dnsutils -- sh | |
| 122 kubectl exec bla2 -it -- sh | |
| 123 kubectl get svc | |
| 124 curl http://worker-0:31631 | |
| 125 curl http://worker-0:31631 / | |
| 126 curl http://worker-0:31631/ | |
| 127 curl http://worker-0:31631/ -k | |
| 128 curl -H"Host: foo.bar.com" http://worker-0:31631/ | |
| 129 curl -H"Host: foo.bar.com" http://worker-0:31631/ -k | |
| 130 curl -H"Host: foo.bar.com" http://worker-0:31631/ -l | |
| 131 curl -H"Host: foo.bar.com" http://worker-0:31631/ -L | |
| 132 dig | |
| 133 cat /etc/hosts | |
| 134 curl -H"Host: foo.bar.com" http://192.168.2.30:31631/ -L | |
| 135 curl -H"Host: foo.bar.com" http://192.168.2.30:31631/ | |
| 136 curl -H"Host: foo.bar.com" http://192.168.2.31:31631/ | |
| 137 curl -H"Host: foo.bar.com" http://192.168.2.32:31631/ | |
| 138 kubectl get secrets | |
| 139 #openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc | |
| 140 rm *key *crt | |
| 141 ls | |
| 142 openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc | |
| 143 openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc" | |
| 144 kubectl create secret tls tls-secret --key tls.key --cert tls.crt | |
| 145 kubectl delete secrets my-certs | |
| 146 kubectl delete secrets tls-hello-stephan | |
| 147 kubectl delete secrets tls-secret | |
| 148 kubectl create secret tls tls-secret --key tls.key --cert tls.crt | |
| 149 curl -H"Host: foo.bar.com" http://192.168.2.32:31631/ | |
| 150 echo 'curl -H"Host: foo.bar.com" http://192.168.2.32:31631/ ' > do-http | |
| 151 curl -H"Host: foo.bar.com" http://192.168.2.32:31449 | |
| 152 echo 'curl -H"Host: foo.bar.com" http://192.168.2.32:31631/ ' > do-http | |
| 153 curl -H"Host: foo.bar.com" http://192.168.2.32:31449 | |
| 154 curl -H"Host: foo.bar.com" http://192.168.2.32:31449 --key tls.key --cert tls.cert | |
| 155 openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=foo.bar.com/O=nginxsvc" | |
| 156 kubectl delete secrets tls-secret | |
| 157 ls -ahtlr | |
| 158 kubectl create secret tls tls-secret --key tls.key --cert tls.crt | |
| 159 curl -H"Host: foo.bar.com" http://192.168.2.32:31449 --key tls.key --cert tls.cert | |
| 160 openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=foo.bar.com/O=nginxsvc" -addext "subjectAltName=DNS:foo.bar.com,DNS:http-svc.default.svc.cluster.local" | |
| 161 openssl x509 -in tls.crt -noout -text | |
| 162 kubectl create secret tls tls-secret --key tls.key --cert tls.crt | |
| 163 kubectl delete secrets tls-secret | |
| 164 kubectl create secret tls tls-secret --key tls.key --cert tls.crt | |
| 165 curl -H"Host: foo.bar.com" http://192.168.2.32:31449 --key tls.key --cert tls.cert | |
| 166 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --key tls.key --cert tls.cert | |
| 167 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 | |
| 168 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 -k | |
| 169 man curl | |
| 170 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --cacert tls.crt | |
| 171 openssl s_client -connect 192.168.2.32:31449 | |
| 172 curl --resolve foo.bar.com:192.168.2.32:31449 https://foo.bar.com/ | |
| 173 curl --resolve foo.bar.com:192.168.2.32:31449 https://foo.bar.com -k | |
| 174 curl --resolve foo.bar.com:192.168.2.32 https://192.168.2.32:31449 | |
| 175 curl --resolve foo.bar.com:192.168.2.32 https://192.168.2.32:31449 -k | |
| 176 curl --resolve foo.bar.com:192.168.2.32 https://192.168.2.32:31449/ -k | |
| 177 curl --resolve foo.bar.com:443:192.168.2.32 https://192.168.2.32:31449/ -k | |
| 178 curl --resolve foo.bar.com:192.168.2.32 https://192.168.2.32:31449/ -k | |
| 179 curl --resolve foo.bar.com:443:192.168.2.32 https://192.168.2.32:31449/ -k | |
| 180 curl -vvv --resolve foo.bar.com:443:192.168.2.32 https://192.168.2.32:31449/ -k | |
| 181 curl -vvv --resolve foo.bar.com:443:192.168.2.32 https://192.168.2.32:31449 -k | |
| 182 curl -vvv --resolve foo.bar.com:192.168.2.32 https://192.168.2.32:31449 -k | |
| 183 kubectl get ingress -A | |
| 184 openssl s_client -connect 192.168.2.32:31449 -showcerts | |
| 185 kubectl edit ingress meow-ingress | |
| 186 kubectl edit ingress nginx-test | |
| 187 openssl x509 -in tls.crt -noout -text | |
| 188 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --cacert tls.crt | |
| 189 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 | |
| 190 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 -l | |
| 191 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 -k | |
| 192 openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=foo.bar.com/O=nginxsvc" -addext "subjectAltName=DNS:foo.bar.com,DNS:http-svc.default.svc.cluster.local,IP:192.168.2.32,IP:192.168.2.30,IP:192.168.2.31" | |
| 193 openssl x509 -in tls.crt -noout -text | |
| 194 kubectl delete secrets tls-secret | |
| 195 kubectl create secret tls tls-secret --key tls.key --cert tls.crt | |
| 196 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 -k | |
| 197 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 | |
| 198 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --cert tls.crt | |
| 199 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --cert tls.crt --key tls.key | |
| 200 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --cert tls.crt --key tls.key --cacert tls.crt | |
| 201 openssl s_client -connect 192.168.2.32:31449 -showcerts | |
| 202 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --cert tls.crt --key tls.key --cacert tls.crt -k | |
| 203 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --cert tls.crt --key tls.key --cacert tls.crt | |
| 204 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --cert tls.crt --key tls.key --cacert tls.crt -k | |
| 205 ls | |
| 206 rm tls* | |
| 207 kubectl delete secrets tls-secret | |
| 208 openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 356 -nodes -subj '/CN=Fern Cert Authority' | |
| 209 openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj "/CN=foo.bar.com/O=nginxsvc" -addext "subjectAltName=DNS:foo.bar.com,DNS:http-svc.default.svc.cluster.local,IP:192.168.2.32,IP:192.168.2.30,IP:192.168.2.31" | |
| 210 openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -nodes -subj "/CN=foo.bar.com/O=nginxsvc" -addext "subjectAltName=DNS:foo.bar.com,DNS:http-svc.default.svc.cluster.local,IP:192.168.2.32,IP:192.168.2.30,IP:192.168.2.31" | |
| 211 ls | |
| 212 ls -ahtlr | |
| 213 openssl x509 -req -sha256 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt | |
| 214 openssl x509 -req -sha256 -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out client.crt | |
| 215 kubectl create secret generic my-certs --from-file=tls.crt=server.crt --from-file=tls.key=server.key --from-file=ca.crt=ca.crt | |
| 216 kubectl edit ingress nginx-test | |
| 217 kubectl delete secrets my-certs | |
| 218 kubectl create secret generic my-certs --from-file=tls.crt=server.crt --from-file=tls.key=server.key --from-file=ca.crt=ca.crt | |
| 219 openssl x509 -in server.crt -noout -text | |
| 220 ls | |
| 221 rm *crt *key | |
| 222 ls | |
| 223 rm *csr | |
| 224 openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 356 -nodes -subj '/CN=Fern Cert Authority' | |
| 225 openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj "/CN=foo.bar.com/O=nginxsvc" -addext "subjectAltName=DNS:foo.bar.com,DNS:http-svc.default.svc.cluster.local,IP:192.168.2.32,IP:192.168.2.30,IP:192.168.2.31" | |
| 226 openssl req -in server.csr -noout -text | |
| 227 openssl x509 -req -sha256 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -addext "subjectAltName=DNS:foo.bar.com,DNS:http-svc.default.svc.cl | |
| 228 uster.local,IP:192.168.2.32,IP:192.168.2.30,IP:192.168.2.31" | |
| 229 openssl x509 -req -sha256 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt #-addext "subjectAltName=DNS:foo.bar.com,DNS:http-svc.default.svc.cl | |
| 230 uster.local,IP:192.168.2.32,IP:192.168.2.30,IP:192.168.2.31" | |
| 231 openssl x509 -req -sha256 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt | |
| 232 ls | |
| 233 rm server.crt | |
| 234 openssl x509 -req -sha256 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt | |
| 235 openssl x509 -in server.crt -noout -text | |
| 236 openssl x509 -req -sha256 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -extensions SAN | |
| 237 openssl x509 -in server.crt -noout -text | |
| 238 cfssl | |
| 239 sudo apt update && sudo apt install cfssl | |
| 240 curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssl_1.5.0_linux_amd64 -o cfssl | |
| 241 { curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssl_1.5.0_linux_amd64 -o cfssl; chmod +x cfssl; curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssljson_1.5.0_linux_amd64 -o cfssljson; chmod +x cfssljson; curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssl-certinfo_1.5.0_linux_amd64 -o cfssl-certinfo; chmod +x cfssl-certinf; } | |
| 242 { curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssl_1.5.0_linux_amd64 -o cfssl; chmod +x cfssl; curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssljson_1.5.0_linux_amd64 -o cfssljson; chmod +x cfssljson; curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssl-certinfo_1.5.0_linux_amd64 -o cfssl-certinfo; chmod +x cfssl-certinfo; } | |
| 243 cat <<"EOF" > csr.conf | |
| 244 [ req ] | |
| 245 default_bits = 2048 | |
| 246 prompt = no | |
| 247 default_md = sha256 | |
| 248 req_extensions = req_ext | |
| 249 distinguished_name = dn | |
| 250 [ dn ] | |
| 251 C = <country> | |
| 252 ST = <state> | |
| 253 L = <city> | |
| 254 O = <organization> | |
| 255 OU = <organization unit> | |
| 256 CN = <MASTER_IP> | |
| 257 [ req_ext ] | |
| 258 subjectAltName = @alt_names | |
| 259 [ alt_names ] | |
| 260 DNS.1 = kubernetes | |
| 261 DNS.2 = kubernetes.default | |
| 262 DNS.3 = kubernetes.default.svc | |
| 263 DNS.4 = kubernetes.default.svc.cluster | |
| 264 DNS.5 = kubernetes.default.svc.cluster.local | |
| 265 IP.1 = <MASTER_IP> | |
| 266 IP.2 = <MASTER_CLUSTER_IP> | |
| 267 [ v3_ext ] | |
| 268 authorityKeyIdentifier=keyid,issuer:always | |
| 269 basicConstraints=CA:FALSE | |
| 270 keyUsage=keyEncipherment,dataEncipherment | |
| 271 extendedKeyUsage=serverAuth,clientAuth | |
| 272 subjectAltName=@alt_names | |
| 273 EOF | |
| 274 vim csr.conf | |
| 275 kubectl edit ingress nginx-test | |
| 276 vim csr.conf | |
| 277 cat /etc/hosts | |
| 278 vim csr.conf | |
| 279 ls | |
| 280 rm server.* | |
| 281 ls | |
| 282 openssl genrsa -out server.key 2048 | |
| 283 openssl req -new -key server.key -out server.csr -config csr.conf | |
| 284 openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 10000 -extensions v3_ext -extfile csr.conf | |
| 285 openssl x509 -in server.crt -noout -text | |
| 286 kubectl delete secrets my-certs | |
| 287 kubectl create secret generic my-certs --from-file=tls.crt=server.crt --from-file=tls.key=server.key --from-file=ca.crt=ca.crt | |
| 288 kubectl delete secrets my-certs | |
| 289 kubectl create secret generic my-certs --from-file=tls.crt=server.crt --from-file=tls.key=server.key --from-file=ca.crt=ca.crt | |
| 290 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --cert tls.crt --key tls.key --cacert tls.crt -k | |
| 291 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --cert tls.crt --key tls.key --cacert tls.crt | |
| 292 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 #--cert tls.crt --key tls.key --cacert tls.crt | |
| 293 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 -k #--cert tls.crt --key tls.key --cacert tls.crt | |
| 294 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --cacert ca.crt #--cert tls.crt --key tls.key --cacert tls.crt | |
| 295 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --cacert ca.crt -k #--cert tls.crt --key tls.key --cacert tls.crt | |
| 296 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --cacert ca.crt --cert server.crt --key server.key #--cert tls.crt --key tls.key --cacert tls.crt | |
| 297 curl -H"Host: foo.bar.com" https://192.168.2.32:31449 --cacert ca.crt --cert server.crt --key server.key | |
| 298 kubectl edit ingress nginx-test | |
| 299 kubectl edit secrets my-certs | |
| 300 openssl s_client -connect 192.168.2.32:31449 -showcerts | |
| 301 curl -vvv -H"Host: foo.bar.com" https://192.168.2.32:31449 --cacert ca.crt --cert server.crt --key server.key | |
| 302 sudo vim /etc/hosts | |
| 303 curl https://foo.bar.com:31449 --cacert ca.crt --cert server.crt --key server.key | |
| 304 curl https://foo.bar.com:31449 --cacert ca.crt --cert server.crt --key server.key -k | |
| 305 curl http://foo.bar.com:31449 --cacert ca.crt --cert server.crt --key server.key -k | |
| 306 kubectl edit ingress nginx-test | |
| 307 curl http://foo.bar.com:31449 --cacert ca.crt --cert server.crt --key server.key -k | |
| 308 curl https://foo.bar.com:31449 --cacert ca.crt --cert server.crt --key server.key -k | |
| 309 curl https://foo.bar.com:31449 --cacert ca.crt --cert server.crt --key server.key | |
| 310 curl https://192.168.2.30:31449 --cacert ca.crt --cert server.crt --key server.key | |
| 311 cat /etc/hosts | |
| 312 curl https://192.168.2.31:31449 --cacert ca.crt --cert server.crt --key server.key | |
| 313 curl https://192.168.2.31:31449 --cacert ca.crt --cert server.crt --key server.key -k | |
| 314 curl https://192.168.2.30:31449 --cacert ca.crt --cert server.crt --key server.key -k | |
| 315 kubectl edit ingress nginx-test | |
| 316 curl https://192.168.2.32:31449 --cacert ca.crt --cert server.crt --key server.key -k | |
| 317 curl https://192.168.2.32:31449 --cacert ca.crt --cert server.crt --key server.key | |
| 318 sudo vim /etc/hosts | |
| 319 curl https://192.168.2.32:31449 --cacert ca.crt --cert server.crt --key server.key | |
| 320 curl https://foo.bar.com:31449 --cacert ca.crt --cert server.crt --key server.key -k | |
| 321 curl https://foo.bar.com:31449 --cacert ca.crt --cert server.crt --key server.key | |
| 322 openssl s_client -connect foo.bar.com:31449 #--cacert ca.crt --cert server.crt --key server.key | |
| 323 curl https://foo.bar.com:31449 --cacert ca.crt --cert server.crt --key server.key | |
| 324 curl https://foo.bar.com:31449 --cacert ca.crt #--cert server.crt --key server.key | |
| 325 curl https://foo.bar.com:31449 # --cacert ca.crt #--cert server.crt --key server.key | |
| 326 curl -k https://foo.bar.com:31449 # --cacert ca.crt #--cert server.crt --key server.key | |
| 327 curl -k https://foo.bar.com:31449 --cert server.crt --key server.key | |
| 328 openssl x509 -in server.crt -noout -text | |
| 329 openssl verify -CAfile ca.crt server.crt | |
| 330 openssl verify -CAfile ca.crt ca.crt | |
| 331 openssl verify -CAfile server.crt server.crt | |
| 332 kubectl get secrets my-certs -o yaml | |
| 333 kubectl get secrets my-certs -o jsonpath="{.data['ca\.crt']} | |
| 334 kubectl get secrets my-certs -o jsonpath="{.data['ca\.crt']}" | |
| 335 kubectl get secrets my-certs -o jsonpath="{.data['ca\.crt']}" | base64 -d | |
| 336 kubectl get secrets my-certs -o jsonpath="{.data['tls\.crt']}" | base64 -d | openssl x509 -in - -noout -text | |
| 337 kubectl get secrets my-certs -o jsonpath="{.data['ca\.crt']}" | base64 -d | openssl x509 -in - -noout -text | |
| 338 kubectl edit ingress nginx-test | |
| 339 openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -nodes -subj '/CN=Fern' | |
| 340 openssl x509 -req -sha256 -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out client.crt | |
| 341 curl -k https://foo.bar.com:31449 --cert client.crt --key client.key | |
| 342 curl https://foo.bar.com:31449 --cert client.crt --key client.key | |
| 343 curl https://foo.bar.com:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 344 curl https://worker-0:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 345 curl -H "Host: foo.bar.com" https://worker-0:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 346 curl https://foo.bar.com:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 347 curl -H "Host: foo.bar.com" https://worker-2:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 348 curl https://foo.bar.com:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 349 curl -H "Host: foo.bar.com" https://192.168.2.32:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 350 curl -H "Host: foo.bar.com" https://192.168.2.32:31449 --cert client.crt --key client.key --cacert ca.crt -k | |
| 351 curl -H "Host: foo.bar.com" https://192.168.2.32:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 352 curl https://foo.bar.com:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 353 curl --resolve foo.bar.com:192.158.2.32 https://192.168.2.32:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 354 curl --resolve foo.bar.com:192.168.2.32 https://192.168.2.32:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 355 curl --resolve foo.bar.com:31449:192.168.2.32 https://192.168.2.32:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 356 curl https://foo.bar.com:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 357 curl -H "Host: foo.bar.com" https://192.168.2.32:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 358 curl -H "Host: foo.bar.com" https://192.168.2.32:31449 --cert client.crt --key client.key --cacert ca.crt -k | |
| 359 curl https://foo.bar.com:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 360 kubectl edit ingress nginx-test | |
| 361 curl -H "Host: foo.bar.com" https://192.168.2.32:31449 --cert client.crt --key client.key --cacert ca.crt -k | |
| 362 curl https://192.168.2.32:31449 --cert client.crt --key client.key --cacert ca.crt -k | |
| 363 curl https://foo.bar.com:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 364 cat /etc/hosts | |
| 365 curl https://foo.bar.com:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 366 cat csr.conf | |
| 367 curl https://foo.bar.com:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 368 curl https://foo.bar.com:31449 --cacert ca.crt | |
| 369 curl https://foo.bar.com:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 370 kubectl edit ingress nginx-test | |
| 371 curl https://foo.bar.com:31449 --cert client.crt --key client.key --cacert ca.crt | |
| 372 curl https://foo.bar.com:31449 --cacert ca.crt | |
| 373 kubectl edit ingress nginx-test | |
| 374 curl https://foo.bar.com:31449 --cacert ca.crt | |
| 375 curl https://foo.bar.com:31449 # --cacert ca.crt | |
| 376 curl https://foo.bar.com:31449 --cacert ca.crt | |
| 377 curl https://192.168.2.32:31449 --cacert ca.crt | |
| 378 curl https://foo.bar.com:31449 --cacert ca.crt | |
| 379 curl https://foo.bar.com:31449 --cacert ca.crt --cert client.crt | |
| 380 curl https://foo.bar.com:31449 --cacert ca.crt --cert client.crt --key client.key | |
| 381 history | |
| 382 history > ./shared/tls-hackathon |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Also be skeptical of the default
auth-tls-verify-clientFor some reason mine was "default on" not "off"