ofilter/home_setup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Finished part 4

Browse Source
This commit is contained in:
savagebidoof 2023-07-27 16:21:39 +02:00
parent 9a9eaed74d
commit 7f000d27b7
8 changed files with 310 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Migrations/Forget_Traefik_2023/P3_Certificate_Manager/Issuer.yaml
View File

@ -18,7 +18,6 @@ spec:
solvers:
- http01:
ingress:
# ingressClassName: istio
class: istio
podTemplate:
metadata:
@ -29,9 +28,7 @@ apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: filterhome-domain-cert-public
# namespace: istio-ingress
namespace: istio-system
# namespace: istio-ingress
spec:
secretName: filterhome-domain-cert-public
duration: 20h # 90d

42
Migrations/Forget_Traefik_2023/P4_Local_CA/Issuer.yaml Normal file
View File

@ -0,0 +1,42 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: ca-issuer
namespace: cert-manager
spec:
ca:
secretName: local-ca
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: local-wildcard-certificate
namespace: istio-system
spec:
secretName: domain-cert-local
privateKey:
rotationPolicy: Always
algorithm: RSA
encoding: PKCS1
size: 4096
duration: 20h # 1 Year
renewBefore: 2h #9 months
subject:
organizations:
- FilterHome
commonName: filterhome
isCA: false
usages:
- server auth
- client auth
dnsNames:
# - demoapi.default
# - demoapi.default.svc
# - demoapi.default.svc.cluster
# - demoapi.default.svc.cluster.local
- "filter.home"
- "*.filter.home"
# - jelly.filter.home
issuerRef:
name: ca-issuer
kind: ClusterIssuer

8
Migrations/Forget_Traefik_2023/P4_Local_Certs/Secret.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: local-ca
namespace: cert-manager
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZnRENDQTJpZ0F3SUJBZ0lVT3YrL25TS1ZLSXIxZlNxblArMno0eDRNT0ZVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1NURUxNQWtHQTFVRUJoTUNSVk14RERBS0JnTlZCQWdNQTBKQlVqRVRNQkVHQTFVRUNnd0tSbWxzZEdWeQpTRzl0WlRFWE1CVUdBMVVFQXd3T1kyRXVabWxzZEdWeUxtaHZiV1V3SGhjTk1qTXdOekkzTVRNek5ERTNXaGNOCk1qTXdPREF4TVRNek5ERTNXakJKTVFzd0NRWURWUVFHRXdKRlV6RU1NQW9HQTFVRUNBd0RRa0ZTTVJNd0VRWUQKVlFRS0RBcEdhV3gwWlhKSWIyMWxNUmN3RlFZRFZRUUREQTVqWVM1bWFXeDBaWEl1YUc5dFpUQ0NBaUl3RFFZSgpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFLQ1JvdUMvWWxkam83dno2QmVzeFpZVzlSNHY4Q2JxCjNOQkdsalFEeHUxTnVnT0hqU0tmQ1NRSFRlOUY0VitnM1pqREtxTnl6V08xVmVDSmdJYVdKQWE1M1JDdGFTUUYKYkVTWXNrUG83TkNXY1RpaWY1VFhhUnlWL24yMkRpdWU5R3AwUVZ0TnVZai95ZEw4akZ2V0w5Q2Q4SGVUcXVhbgovZkFzcEhHaGlwK3FmWjlRekkrQnUzR09EeEpKMi9xQnhyWDdGT1J3OFRwOWRSU2R2dWc0NGRFbG1WNXp1WWNZCmZJY1lTZVp1MFZmV3lXZWR0SjFZaGVBaWVELzJVczBOeG5rbG9wNlQ5N3cvRUpDdjlhNkhrTlNaaWNJYkd1Q2IKaXM3OS9DVmNqWjRndEdQWWg5SlgwS1JDa1VHcEhabSs4cFFTVUJBNWxOUG9nMUQvdVRCc1Y5c0dwMDBWc2VmYwpaVkhOVEVzeXdYREtFZDhzUFRmZ3UyTGtBeGpNRjRscjlTSk4vZ094YjVOWTFTR1R6R2U1NmlPMDN0VDJPc1prClU0Y01FOEZLRTVsZVNwTGZzalZ0UndkcEhRelF0eHBmU2x4eFNYa2Q3OXhLOTlTWHRFdC9WMlorbEx3d005TVEKWmxxYTFsbEFoaXg5aEIydktMNDlmQVdMQXBVU0UySCtRc3o3clUwdDdrZmVsbGJDZWJsK3hLQUhHcEFNQ0pTNgp2Y3p5ZDU2azFPNm5sV3lqTkRET3JoT1JJUHFRNTY1UFdMNXFhMm5WWXU2VlVHMjJONmdGTDVya1RjOGFTZHNyCjUvQmhLYm5kTHROQTdrQ2xrcnMyVjFsdjUxbkJQbnpkRFJ1MWdQK0ZkM3pZNFB5d3crV3JOZ0grWUZCemxlckcKejlwZlZwYWt1dDZmQWdNQkFBR2pZREJlTUE0R0ExVWREd0VCL3dRRUF3SUJCakFTQmdOVkhSTUJBZjhFQ0RBRwpBUUgvQWdFQk1Ca0dBMVVkRVFRU01CQ0NEbU5oTG1acGJIUmxjaTVvYjIxbE1CMEdBMVVkRGdRV0JCUThLSWNOClF4S2JzL2pnTnA3MS9RaDE3WElwVHpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVNKVzNROXJNbmtkQWNBU04KYnU4QnBVa1NLbE84ZjRaS3E0aEhlMWNlaWJVVUxLVzdMdG9ROVBXUjdJOEVTQ2lLTi9qWVc1eE5lejdHQ2xTQgoxcnNncEFuMTRKaWZkZTJoZlZ4ZllsYjRIOW13ejJqejY4Mk9FMnZhK3ZPNy9BNUQyVmpRZ1ZXdlNkYW0rUkNyCkFBandIZHpvWUIzOFovNjFaWDdLRFExTWw0MVhOK05TYWc2Ty9yaEpxUG13MUF4Z3JMa2s2Y2YrbFkvbU5zR0cKSVNlQm85UC9qcXAxNkJCZk9YOTlEQlZpd1gwNVlRcDRweUxpMENZRHlidStPUEhOMzdISG8zTVdkb0tabm9mZQo0TkJORmhtQUtScG1PaXdJb1REUm05Zm9IZWJFcXZ4N3d6VzlJZzRqRXpkTFlrWE1aMzhTZDBlc0tibWFpWHdzCkkwUVcxN0J3SXhlY241ZUdScFRSQ0RyZ2M5ZGFvUXEvQVkraEduZ1VwakdTcmNnMEUvNWoyQ2NZL2RpVEZpZHgKQ0dTNUxxY0FYbFN0eWh3VnErR1NrazJVTjRybExVSU1DbklzYTYxOWo2WEIwdXVuTVlpdUZpYmVlVVIwdGtrUQpmbU5hWUF2UXNLZEdBSVlvcUdJZUVpM21acjBYU1NjYU1HNXUzZXdXN1FkaDczWHN3L3Q0Rlh4d3RPNzQ1YnhSCjFvQkVPaEpxYU90NmhBN0xJQ1F4YTYwTUNqYzdFNzBPdFhFZ1VmVGlZWEhqTmFkYmhLbGZ0aGZZQkdXY002R20KM0RIYTJSUm5oUlBORWhxTnhzK1RFQjdUdHFuQ0lPZThOckxNZFVvM09mT1FHc25adE16Mlc4WDh4RnhDN0J2TApDOFAwNG1vdGxEZ0JhaXQ0NEtqeWpPSTA0Qk09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRQ2drYUxndjJKWFk2TzcKOCtnWHJNV1dGdlVlTC9BbTZ0elFScFkwQThidFRib0RoNDBpbndra0IwM3ZSZUZmb04yWXd5cWpjczFqdFZYZwppWUNHbGlRR3VkMFFyV2trQld4RW1MSkQ2T3pRbG5FNG9uK1UxMmtjbGY1OXRnNHJudlJxZEVGYlRibUkvOG5TCi9JeGIxaS9RbmZCM2s2cm1wLzN3TEtSeG9ZcWZxbjJmVU15UGdidHhqZzhTU2R2NmdjYTEreFRrY1BFNmZYVVUKbmI3b09PSFJKWmxlYzdtSEdIeUhHRW5tYnRGWDFzbG5uYlNkV0lYZ0luZy85bExORGNaNUphS2VrL2U4UHhDUQpyL1d1aDVEVW1ZbkNHeHJnbTRyTy9md2xYSTJlSUxSajJJZlNWOUNrUXBGQnFSMlp2dktVRWxBUU9aVFQ2SU5RCi83a3diRmZiQnFkTkZiSG4zR1ZSelV4TE1zRnd5aEhmTEQwMzRMdGk1QU1ZekJlSmEvVWlUZjREc1crVFdOVWgKazh4bnVlb2p0TjdVOWpyR1pGT0hEQlBCU2hPWlhrcVMzN0kxYlVjSGFSME0wTGNhWDBwY2NVbDVIZS9jU3ZmVQpsN1JMZjFkbWZwUzhNRFBURUdaYW10WlpRSVlzZllRZHJ5aStQWHdGaXdLVkVoTmgva0xNKzYxTkxlNUgzcFpXCndubTVmc1NnQnhxUURBaVV1cjNNOG5lZXBOVHVwNVZzb3pRd3pxNFRrU0Q2a09ldVQxaSthbXRwMVdMdWxWQnQKdGplb0JTK2E1RTNQR2tuYksrZndZU201M1M3VFFPNUFwWks3TmxkWmIrZFp3VDU4M1EwYnRZRC9oWGQ4Mk9EOApzTVBscXpZQi9tQlFjNVhxeHMvYVgxYVdwTHJlbndJREFRQUJBb0lDQUJFM0hCbnhtd2NZa1R6OURSVEF1dHg1Ck1LV2dhU1NiQ0xxeDNyZkw4ZCtPZGxPYmpHZTZXbDRKQkhPVGIvTHpTZDd2aWRwRlhEMEUrNlNieVhKa2xZODkKRFRVVkNwRkluWStMT1kycll2eUlMTEp3UmJKOUYvRnZLWDVyN3dBQlJsNUZnWjVhNm5vRVJxeSsxQU9pcHJTOAp3a1BueXFwNU4zSXhMeDVadmdXWlgyZWQzNWpCUllvS3U1WHY0a3hzN3BPalRGMmp1RkZYa3g1M1BUa2pwQjVxCjVCTXE0Q2phV0x1WlFJOGFzWW96NXBzYjN2b0J2RFRJTFZGYVJRMWtIVFB1ODQwQiswMHRDOGNmZm4xTVhweFUKcTk3cVRncm4wazJZRUprbTM2NGsvb0kzL0hQeVkxWEJKMWE5WFlXVzRlWTdRbWRDN1RCOUhOc3AxNzZYMXlGaQplVEVKUDcrd2k2Z2dSY1I0eFpSODlyUXhkd3dhUnlJanFjQTc3V0h0RW5lSVI4ZVBFM01pZDZzUmh1Z2dYdkk1Ck1JQnQ0YlYxeFZwVndkbzhQZGRhU0h4dTE5c2sxdHJVN3BRbEFQT1Ntb3ZtTldxcm1adFpldkJ3S1ovQmVnUDUKRmxadEYrK01zdzcrbmVodFhmcmpjeDIrakNyZmZLckJJVHM0WEdBQmZrZDNYbzJtdGxJYUJlTGVCYks0a2poegpVcnIzaGZuM1J0Q0QvSUhGR1cwRVNxbnY0R2x2UDMxSVltbHF4QjJNay9XczlEaGx5N1B2K2pIelVTdml6N04xClducjVQZkZmZlJGY3RLWTRjekZ1Rkl0NlB6OEdPTUxGKzBKOEJpRlYwaXBkOGlVckFiblNaWitTZ0tjcjE1UlAKbFRQTGg0cEJGVlpESXV2azdYWWxBb0lCQVFEWDRhWEUrTW9Tek1CRi84TnZMVE01S1lQSzhnSWFkQXZCbTJXTApCVTBDSTJOaXE5c2tDRTBkWjJYSWJHbkNoeWtIMHNxY25IVXlzbmdoNDdBQklMT1F1c25iT3RTUkZJa083NEVHCkFhZnB3enUxV1g5eDBhQ3NzU1U1S2J0OFlSdDdXT1h3R08zMHd2WkMzTWdQLzNQbjNLblEzQXA2OU9GOFh0S28KUmhRUVh4Sk94K00xVUNpc0h3MGJ5QmM4MUs5bTZRWGE1ZGRUVitITHMvYnZlYzZWSmNPMENBZ29PUU5GVDJSUgpoejJhTHYwU0luakFxYkx2OGRxWE5IdGxBMEM0eGJiTTZzeUFVcURrRUE5N1hnZFNyU0dYOTl3aXhmMGUyOFN6ClJ3UWpwclc2R2xvd0k5YmhpcTllNjQ4MUN3Q3RzRWFTdDk5LzE3aEJFT1ZTemZPVkFvSUJBUUMrYUl3aldsK08KdFBHa2hjSXFXeWh1Mm9HcVh1RzE2Vk9rNmZRbmF2VDRDcGl4QkJaWFEwNkt3R1plZFRvcG9EUEgwVVRVZ092TQoxN2tPSkF0endXR1FKQUhPSnRNSkhxcmh1MldwUW1NbnJ1NXRxcTdrVjlZSjJvMnFJM1Z0L210bDlRdlBaeTUyClBwTEtPOS9nT3U0VytZTVN5UWpPNmZDUTJvR1lRRS9HSVZiNFBXc1hSd2pMMVU3djlaTE15WmZIOUQrRElhRUgKL0oxMjJDTytEbkplREIyQWRPTU9jUGE1ZFU3ZUs4T2Zqc2F2ZmdmZW1SSnFOdjRJNlRuc3JqRC9pbGVHUStrQQpJUng5Y2lwTDUyMGFQNjRaUVdyUmZEcTNVQmpBVjBkU2VhN2Mrb0hPRzVDdlBMb1JzaGd0djAxWWt6UzNPdGthCmtseW1UdWpDVS94akFvSUJBSEdxMndpeVlsdXh1VTlpRXJvWUY0OXlmM1U5SmNSZDg4NjJEcW83V1VmVjhEK0UKODNhdWRFUVdMQzV5ZnVFeEgzYUNFN0tRWXRrVnhWRTZ2SEpya0lDVkNUSEljU0lPcVBmWFBaMDNBLzEra1pLMApFL21QQWNYTDVDaU1BNjdDeHFDVXQwVkxLd2VrRzl3cXVhQkt4ZkdBYTEyUWJtZzlSZmloU05QWFNqc3dnOGc5ClVUSENDaGhPcFMxS2xvbXVCc2p0eXVwdCtJbG1qWG9mUU5ibzBOQVJPVkV5cFhEZ1RBdVRlT1BBakx3Qkg3a0wKczM3bUcxUmhpTkh5alVJcmkwbCt1UGgrYkx6b1JOU3diQ1p0NVBjd042NzNqODR6WjBwM05zT2FrZUJmcC9IYwpiRDVLc0pyQzFnSHBqOWJDKzFGNHJrQVVWcmJPazdLV3ZkaHlubDBDZ2dFQkFJK3ZOeWtxZG5lckpicEFVYkJDCnovVXZJTEFmSDNaMTEyL1lPQzFTc2Y5SGg4ZjB6S01YSUhybUM1bjJIbWp4QW9Jajhpdm1DWXF2czI3dlZsRUkKdWdYYWxoNHFBQkNldXRiUzRqbGk1bzQ0bktYWEtsa1h5Mlh1TGY4WStQR0REeXFHUzE0OGY3d3RKZnBFU29IYwpGblR4M3E1YlZERklLZ2cxUzV4SDA2c3cxMzlHWWJ6VUZ0Z3laSG9CdDhDZjA5REpDUEI4ZlJjWTB2NnV4ZklTCjFzMFBtV2VwVFBwRjFubEhBN2YyRUk0a1lOeG5YNnJqbWhqYTNNSit0UDVjeUk3ZHA0U2pWSDJMZndOUEZvbm0KM3RieS9QOEQ5WWFWbDMxampQb0FJc3NqRmdpZFpUelNZbEZLb3lMZFlRK01qK0pxVzFwMXB3VTlNM3N3aXNheQpOLzhDZ2dFQWZQZDM2R24ydmVFUkx1ZUlCVjRaNjlHVDFqL2xnT2xjMGdRU1lUMW9RQ21BM1dLOFMwUEZHTlJGCm9Td1NKa2Z3TDIzaXkvRUFibVdieTNGVndablBQLzA3Q3NPMDZmbzhFU0VzbDI2MWZqMTBDU3ZMMnpPN3plL3kKcWZtYWNxYnZMQ2lqTGRjak1CYStxRStzMzNFQ3RwZGZ3WFZJanY1MU5hcDVNelBFTVVMbFdJWEVKWXZyakdNRwplOWdUdlVvM1lzMkF0ZTNHTXA1V0tLY2lYSTd6akEzcHdpQ25ielhGNGRXN1VkUTZpYnhjbnFLUDZPYzNVZVBoCkZpRGQ1YlNiU3BIc1ZVV3BtWnQwMm9vZ21LVDRzcEZYM2dESHBFbUpJVFlqNXBWTzRDN25LOWJ0RFNackV2aksKRHVrU1Q1RHY4Wi9pVGV6WUNZbFhuZEZEdTlBZjVnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=

32
Migrations/Forget_Traefik_2023/P4_Local_Certs/ca.filter.home.cer Normal file
View File

@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIIFgDCCA2igAwIBAgIUOv+/nSKVKIr1fSqnP+2z4x4MOFUwDQYJKoZIhvcNAQEL
BQAwSTELMAkGA1UEBhMCRVMxDDAKBgNVBAgMA0JBUjETMBEGA1UECgwKRmlsdGVy
SG9tZTEXMBUGA1UEAwwOY2EuZmlsdGVyLmhvbWUwHhcNMjMwNzI3MTMzNDE3WhcN
MjMwODAxMTMzNDE3WjBJMQswCQYDVQQGEwJFUzEMMAoGA1UECAwDQkFSMRMwEQYD
VQQKDApGaWx0ZXJIb21lMRcwFQYDVQQDDA5jYS5maWx0ZXIuaG9tZTCCAiIwDQYJ
KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKCRouC/Yldjo7vz6BesxZYW9R4v8Cbq
3NBGljQDxu1NugOHjSKfCSQHTe9F4V+g3ZjDKqNyzWO1VeCJgIaWJAa53RCtaSQF
bESYskPo7NCWcTiif5TXaRyV/n22Diue9Gp0QVtNuYj/ydL8jFvWL9Cd8HeTquan
/fAspHGhip+qfZ9QzI+Bu3GODxJJ2/qBxrX7FORw8Tp9dRSdvug44dElmV5zuYcY
fIcYSeZu0VfWyWedtJ1YheAieD/2Us0Nxnklop6T97w/EJCv9a6HkNSZicIbGuCb
is79/CVcjZ4gtGPYh9JX0KRCkUGpHZm+8pQSUBA5lNPog1D/uTBsV9sGp00Vsefc
ZVHNTEsywXDKEd8sPTfgu2LkAxjMF4lr9SJN/gOxb5NY1SGTzGe56iO03tT2OsZk
U4cME8FKE5leSpLfsjVtRwdpHQzQtxpfSlxxSXkd79xK99SXtEt/V2Z+lLwwM9MQ
Zlqa1llAhix9hB2vKL49fAWLApUSE2H+Qsz7rU0t7kfellbCebl+xKAHGpAMCJS6
vczyd56k1O6nlWyjNDDOrhORIPqQ565PWL5qa2nVYu6VUG22N6gFL5rkTc8aSdsr
5/BhKbndLtNA7kClkrs2V1lv51nBPnzdDRu1gP+Fd3zY4Pyww+WrNgH+YFBzlerG
z9pfVpakut6fAgMBAAGjYDBeMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG
AQH/AgEBMBkGA1UdEQQSMBCCDmNhLmZpbHRlci5ob21lMB0GA1UdDgQWBBQ8KIcN
QxKbs/jgNp71/Qh17XIpTzANBgkqhkiG9w0BAQsFAAOCAgEASJW3Q9rMnkdAcASN
bu8BpUkSKlO8f4ZKq4hHe1ceibUULKW7LtoQ9PWR7I8ESCiKN/jYW5xNez7GClSB
1rsgpAn14Jifde2hfVxfYlb4H9mwz2jz682OE2va+vO7/A5D2VjQgVWvSdam+RCr
AAjwHdzoYB38Z/61ZX7KDQ1Ml41XN+NSag6O/rhJqPmw1AxgrLkk6cf+lY/mNsGG
ISeBo9P/jqp16BBfOX99DBViwX05YQp4pyLi0CYDybu+OPHN37HHo3MWdoKZnofe
4NBNFhmAKRpmOiwIoTDRm9foHebEqvx7wzW9Ig4jEzdLYkXMZ38Sd0esKbmaiXws
I0QW17BwIxecn5eGRpTRCDrgc9daoQq/AY+hGngUpjGSrcg0E/5j2CcY/diTFidx
CGS5LqcAXlStyhwVq+GSkk2UN4rlLUIMCnIsa619j6XB0uunMYiuFibeeUR0tkkQ
fmNaYAvQsKdGAIYoqGIeEi3mZr0XSScaMG5u3ewW7Qdh73Xsw/t4FXxwtO745bxR
1oBEOhJqaOt6hA7LICQxa60MCjc7E70OtXEgUfTiYXHjNadbhKlfthfYBGWcM6Gm
3DHa2RRnhRPNEhqNxs+TEB7TtqnCIOe8NrLMdUo3OfOQGsnZtMz2W8X8xFxC7BvL
C8P04motlDgBait44KjyjOI04BM=
-----END CERTIFICATE-----

52
Migrations/Forget_Traefik_2023/P4_Local_Certs/ca.filter.home.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCgkaLgv2JXY6O7
8+gXrMWWFvUeL/Am6tzQRpY0A8btTboDh40inwkkB03vReFfoN2Ywyqjcs1jtVXg
iYCGliQGud0QrWkkBWxEmLJD6OzQlnE4on+U12kclf59tg4rnvRqdEFbTbmI/8nS
/Ixb1i/QnfB3k6rmp/3wLKRxoYqfqn2fUMyPgbtxjg8SSdv6gca1+xTkcPE6fXUU
nb7oOOHRJZlec7mHGHyHGEnmbtFX1slnnbSdWIXgIng/9lLNDcZ5JaKek/e8PxCQ
r/Wuh5DUmYnCGxrgm4rO/fwlXI2eILRj2IfSV9CkQpFBqR2ZvvKUElAQOZTT6INQ
/7kwbFfbBqdNFbHn3GVRzUxLMsFwyhHfLD034Lti5AMYzBeJa/UiTf4DsW+TWNUh
k8xnueojtN7U9jrGZFOHDBPBShOZXkqS37I1bUcHaR0M0LcaX0pccUl5He/cSvfU
l7RLf1dmfpS8MDPTEGZamtZZQIYsfYQdryi+PXwFiwKVEhNh/kLM+61NLe5H3pZW
wnm5fsSgBxqQDAiUur3M8neepNTup5VsozQwzq4TkSD6kOeuT1i+amtp1WLulVBt
tjeoBS+a5E3PGknbK+fwYSm53S7TQO5ApZK7NldZb+dZwT583Q0btYD/hXd82OD8
sMPlqzYB/mBQc5Xqxs/aX1aWpLrenwIDAQABAoICABE3HBnxmwcYkTz9DRTAutx5
MKWgaSSbCLqx3rfL8d+OdlObjGe6Wl4JBHOTb/LzSd7vidpFXD0E+6SbyXJklY89
DTUVCpFInY+LOY2rYvyILLJwRbJ9F/FvKX5r7wABRl5FgZ5a6noERqy+1AOiprS8
wkPnyqp5N3IxLx5ZvgWZX2ed35jBRYoKu5Xv4kxs7pOjTF2juFFXkx53PTkjpB5q
5BMq4CjaWLuZQI8asYoz5psb3voBvDTILVFaRQ1kHTPu840B+00tC8cffn1MXpxU
q97qTgrn0k2YEJkm364k/oI3/HPyY1XBJ1a9XYWW4eY7QmdC7TB9HNsp176X1yFi
eTEJP7+wi6ggRcR4xZR89rQxdwwaRyIjqcA77WHtEneIR8ePE3Mid6sRhuggXvI5
MIBt4bV1xVpVwdo8PddaSHxu19sk1trU7pQlAPOSmovmNWqrmZtZevBwKZ/BegP5
FlZtF++Msw7+nehtXfrjcx2+jCrffKrBITs4XGABfkd3Xo2mtlIaBeLeBbK4kjhz
Urr3hfn3RtCD/IHFGW0ESqnv4GlvP31IYmlqxB2Mk/Ws9Dhly7Pv+jHzUSviz7N1
Wnr5PfFffRFctKY4czFuFIt6Pz8GOMLF+0J8BiFV0ipd8iUrAbnSZZ+SgKcr15RP
lTPLh4pBFVZDIuvk7XYlAoIBAQDX4aXE+MoSzMBF/8NvLTM5KYPK8gIadAvBm2WL
BU0CI2Niq9skCE0dZ2XIbGnChykH0sqcnHUysngh47ABILOQusnbOtSRFIkO74EG
Aafpwzu1WX9x0aCssSU5Kbt8YRt7WOXwGO30wvZC3MgP/3Pn3KnQ3Ap69OF8XtKo
RhQQXxJOx+M1UCisHw0byBc81K9m6QXa5ddTV+HLs/bvec6VJcO0CAgoOQNFT2RR
hz2aLv0SInjAqbLv8dqXNHtlA0C4xbbM6syAUqDkEA97XgdSrSGX99wixf0e28Sz
RwQjprW6GlowI9bhiq9e6481CwCtsEaSt99/17hBEOVSzfOVAoIBAQC+aIwjWl+O
tPGkhcIqWyhu2oGqXuG16VOk6fQnavT4CpixBBZXQ06KwGZedTopoDPH0UTUgOvM
17kOJAtzwWGQJAHOJtMJHqrhu2WpQmMnru5tqq7kV9YJ2o2qI3Vt/mtl9QvPZy52
PpLKO9/gOu4W+YMSyQjO6fCQ2oGYQE/GIVb4PWsXRwjL1U7v9ZLMyZfH9D+DIaEH
/J122CO+DnJeDB2AdOMOcPa5dU7eK8OfjsavfgfemRJqNv4I6TnsrjD/ileGQ+kA
IRx9cipL520aP64ZQWrRfDq3UBjAV0dSea7c+oHOG5CvPLoRshgtv01YkzS3Otka
klymTujCU/xjAoIBAHGq2wiyYluxuU9iEroYF49yf3U9JcRd8862Dqo7WUfV8D+E
83audEQWLC5yfuExH3aCE7KQYtkVxVE6vHJrkICVCTHIcSIOqPfXPZ03A/1+kZK0
E/mPAcXL5CiMA67CxqCUt0VLKwekG9wquaBKxfGAa12Qbmg9RfihSNPXSjswg8g9
UTHCChhOpS1KlomuBsjtyupt+IlmjXofQNbo0NAROVEypXDgTAuTeOPAjLwBH7kL
s37mG1RhiNHyjUIri0l+uPh+bLzoRNSwbCZt5PcwN673j84zZ0p3NsOakeBfp/Hc
bD5KsJrC1gHpj9bC+1F4rkAUVrbOk7KWvdhynl0CggEBAI+vNykqdnerJbpAUbBC
z/UvILAfH3Z112/YOC1Ssf9Hh8f0zKMXIHrmC5n2HmjxAoIj8ivmCYqvs27vVlEI
ugXalh4qABCeutbS4jli5o44nKXXKlkXy2XuLf8Y+PGDDyqGS148f7wtJfpESoHc
FnTx3q5bVDFIKgg1S5xH06sw139GYbzUFtgyZHoBt8Cf09DJCPB8fRcY0v6uxfIS
1s0PmWepTPpF1nlHA7f2EI4kYNxnX6rjmhja3MJ+tP5cyI7dp4SjVH2LfwNPFonm
3tby/P8D9YaVl31jjPoAIssjFgidZTzSYlFKoyLdYQ+Mj+JqW1p1pwU9M3swisay
N/8CggEAfPd36Gn2veERLueIBV4Z69GT1j/lgOlc0gQSYT1oQCmA3WK8S0PFGNRF
oSwSJkfwL23iy/EAbmWby3FVwZnPP/07CsO06fo8ESEsl261fj10CSvL2zO7ze/y
qfmacqbvLCijLdcjMBa+qE+s33ECtpdfwXVIjv51Nap5MzPEMULlWIXEJYvrjGMG
e9gTvUo3Ys2Ate3GMp5WKKciXI7zjA3pwiCnbzXF4dW7UdQ6ibxcnqKP6Oc3UePh
FiDd5bSbSpHsVUWpmZt02oogmKT4spFX3gDHpEmJITYj5pVO4C7nK9btDSZrEvjK
DukST5Dv8Z/iTezYCYlXndFDu9Af5g==
-----END PRIVATE KEY-----

1
Migrations/Forget_Traefik_2023/P4_Local_Certs/tls.crt Normal file
View File

@ -0,0 +1 @@
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZnRENDQTJpZ0F3SUJBZ0lVT3YrL25TS1ZLSXIxZlNxblArMno0eDRNT0ZVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1NURUxNQWtHQTFVRUJoTUNSVk14RERBS0JnTlZCQWdNQTBKQlVqRVRNQkVHQTFVRUNnd0tSbWxzZEdWeQpTRzl0WlRFWE1CVUdBMVVFQXd3T1kyRXVabWxzZEdWeUxtaHZiV1V3SGhjTk1qTXdOekkzTVRNek5ERTNXaGNOCk1qTXdPREF4TVRNek5ERTNXakJKTVFzd0NRWURWUVFHRXdKRlV6RU1NQW9HQTFVRUNBd0RRa0ZTTVJNd0VRWUQKVlFRS0RBcEdhV3gwWlhKSWIyMWxNUmN3RlFZRFZRUUREQTVqWVM1bWFXeDBaWEl1YUc5dFpUQ0NBaUl3RFFZSgpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFLQ1JvdUMvWWxkam83dno2QmVzeFpZVzlSNHY4Q2JxCjNOQkdsalFEeHUxTnVnT0hqU0tmQ1NRSFRlOUY0VitnM1pqREtxTnl6V08xVmVDSmdJYVdKQWE1M1JDdGFTUUYKYkVTWXNrUG83TkNXY1RpaWY1VFhhUnlWL24yMkRpdWU5R3AwUVZ0TnVZai95ZEw4akZ2V0w5Q2Q4SGVUcXVhbgovZkFzcEhHaGlwK3FmWjlRekkrQnUzR09EeEpKMi9xQnhyWDdGT1J3OFRwOWRSU2R2dWc0NGRFbG1WNXp1WWNZCmZJY1lTZVp1MFZmV3lXZWR0SjFZaGVBaWVELzJVczBOeG5rbG9wNlQ5N3cvRUpDdjlhNkhrTlNaaWNJYkd1Q2IKaXM3OS9DVmNqWjRndEdQWWg5SlgwS1JDa1VHcEhabSs4cFFTVUJBNWxOUG9nMUQvdVRCc1Y5c0dwMDBWc2VmYwpaVkhOVEVzeXdYREtFZDhzUFRmZ3UyTGtBeGpNRjRscjlTSk4vZ094YjVOWTFTR1R6R2U1NmlPMDN0VDJPc1prClU0Y01FOEZLRTVsZVNwTGZzalZ0UndkcEhRelF0eHBmU2x4eFNYa2Q3OXhLOTlTWHRFdC9WMlorbEx3d005TVEKWmxxYTFsbEFoaXg5aEIydktMNDlmQVdMQXBVU0UySCtRc3o3clUwdDdrZmVsbGJDZWJsK3hLQUhHcEFNQ0pTNgp2Y3p5ZDU2azFPNm5sV3lqTkRET3JoT1JJUHFRNTY1UFdMNXFhMm5WWXU2VlVHMjJONmdGTDVya1RjOGFTZHNyCjUvQmhLYm5kTHROQTdrQ2xrcnMyVjFsdjUxbkJQbnpkRFJ1MWdQK0ZkM3pZNFB5d3crV3JOZ0grWUZCemxlckcKejlwZlZwYWt1dDZmQWdNQkFBR2pZREJlTUE0R0ExVWREd0VCL3dRRUF3SUJCakFTQmdOVkhSTUJBZjhFQ0RBRwpBUUgvQWdFQk1Ca0dBMVVkRVFRU01CQ0NEbU5oTG1acGJIUmxjaTVvYjIxbE1CMEdBMVVkRGdRV0JCUThLSWNOClF4S2JzL2pnTnA3MS9RaDE3WElwVHpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVNKVzNROXJNbmtkQWNBU04KYnU4QnBVa1NLbE84ZjRaS3E0aEhlMWNlaWJVVUxLVzdMdG9ROVBXUjdJOEVTQ2lLTi9qWVc1eE5lejdHQ2xTQgoxcnNncEFuMTRKaWZkZTJoZlZ4ZllsYjRIOW13ejJqejY4Mk9FMnZhK3ZPNy9BNUQyVmpRZ1ZXdlNkYW0rUkNyCkFBandIZHpvWUIzOFovNjFaWDdLRFExTWw0MVhOK05TYWc2Ty9yaEpxUG13MUF4Z3JMa2s2Y2YrbFkvbU5zR0cKSVNlQm85UC9qcXAxNkJCZk9YOTlEQlZpd1gwNVlRcDRweUxpMENZRHlidStPUEhOMzdISG8zTVdkb0tabm9mZQo0TkJORmhtQUtScG1PaXdJb1REUm05Zm9IZWJFcXZ4N3d6VzlJZzRqRXpkTFlrWE1aMzhTZDBlc0tibWFpWHdzCkkwUVcxN0J3SXhlY241ZUdScFRSQ0RyZ2M5ZGFvUXEvQVkraEduZ1VwakdTcmNnMEUvNWoyQ2NZL2RpVEZpZHgKQ0dTNUxxY0FYbFN0eWh3VnErR1NrazJVTjRybExVSU1DbklzYTYxOWo2WEIwdXVuTVlpdUZpYmVlVVIwdGtrUQpmbU5hWUF2UXNLZEdBSVlvcUdJZUVpM21acjBYU1NjYU1HNXUzZXdXN1FkaDczWHN3L3Q0Rlh4d3RPNzQ1YnhSCjFvQkVPaEpxYU90NmhBN0xJQ1F4YTYwTUNqYzdFNzBPdFhFZ1VmVGlZWEhqTmFkYmhLbGZ0aGZZQkdXY002R20KM0RIYTJSUm5oUlBORWhxTnhzK1RFQjdUdHFuQ0lPZThOckxNZFVvM09mT1FHc25adE16Mlc4WDh4RnhDN0J2TApDOFAwNG1vdGxEZ0JhaXQ0NEtqeWpPSTA0Qk09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K

1
Migrations/Forget_Traefik_2023/P4_Local_Certs/tls.key Normal file
View File

@ -0,0 +1 @@
LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRQ2drYUxndjJKWFk2TzcKOCtnWHJNV1dGdlVlTC9BbTZ0elFScFkwQThidFRib0RoNDBpbndra0IwM3ZSZUZmb04yWXd5cWpjczFqdFZYZwppWUNHbGlRR3VkMFFyV2trQld4RW1MSkQ2T3pRbG5FNG9uK1UxMmtjbGY1OXRnNHJudlJxZEVGYlRibUkvOG5TCi9JeGIxaS9RbmZCM2s2cm1wLzN3TEtSeG9ZcWZxbjJmVU15UGdidHhqZzhTU2R2NmdjYTEreFRrY1BFNmZYVVUKbmI3b09PSFJKWmxlYzdtSEdIeUhHRW5tYnRGWDFzbG5uYlNkV0lYZ0luZy85bExORGNaNUphS2VrL2U4UHhDUQpyL1d1aDVEVW1ZbkNHeHJnbTRyTy9md2xYSTJlSUxSajJJZlNWOUNrUXBGQnFSMlp2dktVRWxBUU9aVFQ2SU5RCi83a3diRmZiQnFkTkZiSG4zR1ZSelV4TE1zRnd5aEhmTEQwMzRMdGk1QU1ZekJlSmEvVWlUZjREc1crVFdOVWgKazh4bnVlb2p0TjdVOWpyR1pGT0hEQlBCU2hPWlhrcVMzN0kxYlVjSGFSME0wTGNhWDBwY2NVbDVIZS9jU3ZmVQpsN1JMZjFkbWZwUzhNRFBURUdaYW10WlpRSVlzZllRZHJ5aStQWHdGaXdLVkVoTmgva0xNKzYxTkxlNUgzcFpXCndubTVmc1NnQnhxUURBaVV1cjNNOG5lZXBOVHVwNVZzb3pRd3pxNFRrU0Q2a09ldVQxaSthbXRwMVdMdWxWQnQKdGplb0JTK2E1RTNQR2tuYksrZndZU201M1M3VFFPNUFwWks3TmxkWmIrZFp3VDU4M1EwYnRZRC9oWGQ4Mk9EOApzTVBscXpZQi9tQlFjNVhxeHMvYVgxYVdwTHJlbndJREFRQUJBb0lDQUJFM0hCbnhtd2NZa1R6OURSVEF1dHg1Ck1LV2dhU1NiQ0xxeDNyZkw4ZCtPZGxPYmpHZTZXbDRKQkhPVGIvTHpTZDd2aWRwRlhEMEUrNlNieVhKa2xZODkKRFRVVkNwRkluWStMT1kycll2eUlMTEp3UmJKOUYvRnZLWDVyN3dBQlJsNUZnWjVhNm5vRVJxeSsxQU9pcHJTOAp3a1BueXFwNU4zSXhMeDVadmdXWlgyZWQzNWpCUllvS3U1WHY0a3hzN3BPalRGMmp1RkZYa3g1M1BUa2pwQjVxCjVCTXE0Q2phV0x1WlFJOGFzWW96NXBzYjN2b0J2RFRJTFZGYVJRMWtIVFB1ODQwQiswMHRDOGNmZm4xTVhweFUKcTk3cVRncm4wazJZRUprbTM2NGsvb0kzL0hQeVkxWEJKMWE5WFlXVzRlWTdRbWRDN1RCOUhOc3AxNzZYMXlGaQplVEVKUDcrd2k2Z2dSY1I0eFpSODlyUXhkd3dhUnlJanFjQTc3V0h0RW5lSVI4ZVBFM01pZDZzUmh1Z2dYdkk1Ck1JQnQ0YlYxeFZwVndkbzhQZGRhU0h4dTE5c2sxdHJVN3BRbEFQT1Ntb3ZtTldxcm1adFpldkJ3S1ovQmVnUDUKRmxadEYrK01zdzcrbmVodFhmcmpjeDIrakNyZmZLckJJVHM0WEdBQmZrZDNYbzJtdGxJYUJlTGVCYks0a2poegpVcnIzaGZuM1J0Q0QvSUhGR1cwRVNxbnY0R2x2UDMxSVltbHF4QjJNay9XczlEaGx5N1B2K2pIelVTdml6N04xClducjVQZkZmZlJGY3RLWTRjekZ1Rkl0NlB6OEdPTUxGKzBKOEJpRlYwaXBkOGlVckFiblNaWitTZ0tjcjE1UlAKbFRQTGg0cEJGVlpESXV2azdYWWxBb0lCQVFEWDRhWEUrTW9Tek1CRi84TnZMVE01S1lQSzhnSWFkQXZCbTJXTApCVTBDSTJOaXE5c2tDRTBkWjJYSWJHbkNoeWtIMHNxY25IVXlzbmdoNDdBQklMT1F1c25iT3RTUkZJa083NEVHCkFhZnB3enUxV1g5eDBhQ3NzU1U1S2J0OFlSdDdXT1h3R08zMHd2WkMzTWdQLzNQbjNLblEzQXA2OU9GOFh0S28KUmhRUVh4Sk94K00xVUNpc0h3MGJ5QmM4MUs5bTZRWGE1ZGRUVitITHMvYnZlYzZWSmNPMENBZ29PUU5GVDJSUgpoejJhTHYwU0luakFxYkx2OGRxWE5IdGxBMEM0eGJiTTZzeUFVcURrRUE5N1hnZFNyU0dYOTl3aXhmMGUyOFN6ClJ3UWpwclc2R2xvd0k5YmhpcTllNjQ4MUN3Q3RzRWFTdDk5LzE3aEJFT1ZTemZPVkFvSUJBUUMrYUl3aldsK08KdFBHa2hjSXFXeWh1Mm9HcVh1RzE2Vk9rNmZRbmF2VDRDcGl4QkJaWFEwNkt3R1plZFRvcG9EUEgwVVRVZ092TQoxN2tPSkF0endXR1FKQUhPSnRNSkhxcmh1MldwUW1NbnJ1NXRxcTdrVjlZSjJvMnFJM1Z0L210bDlRdlBaeTUyClBwTEtPOS9nT3U0VytZTVN5UWpPNmZDUTJvR1lRRS9HSVZiNFBXc1hSd2pMMVU3djlaTE15WmZIOUQrRElhRUgKL0oxMjJDTytEbkplREIyQWRPTU9jUGE1ZFU3ZUs4T2Zqc2F2ZmdmZW1SSnFOdjRJNlRuc3JqRC9pbGVHUStrQQpJUng5Y2lwTDUyMGFQNjRaUVdyUmZEcTNVQmpBVjBkU2VhN2Mrb0hPRzVDdlBMb1JzaGd0djAxWWt6UzNPdGthCmtseW1UdWpDVS94akFvSUJBSEdxMndpeVlsdXh1VTlpRXJvWUY0OXlmM1U5SmNSZDg4NjJEcW83V1VmVjhEK0UKODNhdWRFUVdMQzV5ZnVFeEgzYUNFN0tRWXRrVnhWRTZ2SEpya0lDVkNUSEljU0lPcVBmWFBaMDNBLzEra1pLMApFL21QQWNYTDVDaU1BNjdDeHFDVXQwVkxLd2VrRzl3cXVhQkt4ZkdBYTEyUWJtZzlSZmloU05QWFNqc3dnOGc5ClVUSENDaGhPcFMxS2xvbXVCc2p0eXVwdCtJbG1qWG9mUU5ibzBOQVJPVkV5cFhEZ1RBdVRlT1BBakx3Qkg3a0wKczM3bUcxUmhpTkh5alVJcmkwbCt1UGgrYkx6b1JOU3diQ1p0NVBjd042NzNqODR6WjBwM05zT2FrZUJmcC9IYwpiRDVLc0pyQzFnSHBqOWJDKzFGNHJrQVVWcmJPazdLV3ZkaHlubDBDZ2dFQkFJK3ZOeWtxZG5lckpicEFVYkJDCnovVXZJTEFmSDNaMTEyL1lPQzFTc2Y5SGg4ZjB6S01YSUhybUM1bjJIbWp4QW9Jajhpdm1DWXF2czI3dlZsRUkKdWdYYWxoNHFBQkNldXRiUzRqbGk1bzQ0bktYWEtsa1h5Mlh1TGY4WStQR0REeXFHUzE0OGY3d3RKZnBFU29IYwpGblR4M3E1YlZERklLZ2cxUzV4SDA2c3cxMzlHWWJ6VUZ0Z3laSG9CdDhDZjA5REpDUEI4ZlJjWTB2NnV4ZklTCjFzMFBtV2VwVFBwRjFubEhBN2YyRUk0a1lOeG5YNnJqbWhqYTNNSit0UDVjeUk3ZHA0U2pWSDJMZndOUEZvbm0KM3RieS9QOEQ5WWFWbDMxampQb0FJc3NqRmdpZFpUelNZbEZLb3lMZFlRK01qK0pxVzFwMXB3VTlNM3N3aXNheQpOLzhDZ2dFQWZQZDM2R24ydmVFUkx1ZUlCVjRaNjlHVDFqL2xnT2xjMGdRU1lUMW9RQ21BM1dLOFMwUEZHTlJGCm9Td1NKa2Z3TDIzaXkvRUFibVdieTNGVndablBQLzA3Q3NPMDZmbzhFU0VzbDI2MWZqMTBDU3ZMMnpPN3plL3kKcWZtYWNxYnZMQ2lqTGRjak1CYStxRStzMzNFQ3RwZGZ3WFZJanY1MU5hcDVNelBFTVVMbFdJWEVKWXZyakdNRwplOWdUdlVvM1lzMkF0ZTNHTXA1V0tLY2lYSTd6akEzcHdpQ25ielhGNGRXN1VkUTZpYnhjbnFLUDZPYzNVZVBoCkZpRGQ1YlNiU3BIc1ZVV3BtWnQwMm9vZ21LVDRzcEZYM2dESHBFbUpJVFlqNXBWTzRDN25LOWJ0RFNackV2aksKRHVrU1Q1RHY4Wi9pVGV6WUNZbFhuZEZEdTlBZjVnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=

200
Migrations/Forget_Traefik_2023/README.md
View File

@ -182,27 +182,31 @@ Current Issue? For X and y, I need to wait for a while for the DNS provider to r
### Part 4
- [ ] Update local DNS records accordingly.
> Completed 27/July/2023\
- [ ] Deploy locally a Certificate Authorization Service (on the SRV host.)
- [ ] Update local DNS records accordingly.
> **Notes**:\
> Since the `VirtualService` files from Part
> **Additional Notes**:\
> - https://www.reddit.com/r/selfhosted/comments/owplv5/any_self_hosted_certificate_authority/ \
> - https://github.com/minio/certgen \
> - https://github.com/rabbitmq/tls-gen \
> - https://smallstep.com/blog/private-acme-server/ \
> - https://www.reddit.com/r/selfhosted/comments/owplv5/any_self_hosted_certificate_authority/
> - https://github.com/minio/certgen
> - https://github.com/rabbitmq/tls-gen
> - https://smallstep.com/blog/private-acme-server/
> - https://hub.docker.com/r/smallstep/step-ca
> - https://smallstep.com/docs/tutorials/kubernetes-acme-ca/
> - https://smallstep.com/blog/automate-docker-ssl-tls-certificates/
> - https://systemweakness.com/create-internal-ssl-certificates-with-cert-manager-851fc886628e
#### Rollback plan
- As much, delete the deployed configurations.
### Part 8
### Part 5
- [ ] Explore Pi4 Storage options.
@ -212,24 +216,30 @@ Current Issue? For X and y, I need to wait for a while for the DNS provider to r
- Return the acquired drives to Amazon?
### Part 9
### Part 6
- [ ] ~~Wipe~~ (**don't wipe** just use a different drive) and recreate the current `Kluster`, this time using the Pi4 as a _master_, and the 2 Orange Pi5 as _slaves_ (this will require updating the DNS/DHCP local services).
- [ ] Deploy Istio security.
> **Note**:\
> I can make a new cluster on the Pi4, and remove the taint that prevents from scheduling pods on that node. Deploy everything inside (a well a LB with the same exact IP than the current one, and proceed to stop the Orange PI 5), then "reformat" the OPi5s with a new distro, install stuff etc, and join them to the cluster running on the Pi4.
> I can make a new cluster on the Pi4, and remove the taint that prevents from scheduling pods on that node. Deploy everything inside (a well a LB with the same exact IP than the current one, and proceed to stop the Orange PI 5), then "reformat" the OPi5s with a new distro, install stuff etc., and join them to the cluster running on the Pi4.
> **Notes:**\
> https://istio.io/latest/docs/setup/platform-setup/prerequisites/ \
> https://istio.io/latest/docs/ops/deployment/requirements/
### Part 7
- [ ] Deploy NFS service on the `media SRV` host.
### Part 8
- [ ] Deploy Istio security.
### Part 10
- [ ] Update the `Current Setup` documentation with the new container and architecture rearrangement.
- [ ] Deploy NFS service on the `media SRV` host.
- [ ] Migrate some lightweight/not data heavy services from the `media SRV` to the `Kluster`.
- [ ] Update the `Current Setup` documentation with the new container and architecture rearrangement.
@ -246,7 +256,7 @@ Current Issue? For X and y, I need to wait for a while for the DNS provider to r
### Part 11
- Set wildcards certificates.
- Set wildcards certificates through `ACME DNS01` challenge.
### Extras?
@ -593,6 +603,7 @@ cd /scripts/docker/dhcpd/ && docker-compose up
```
<!--suppress SpellCheckingInspection, SpellCheckingInspection -->
<pre>[+] Running 0/1
<span style="color:#FF7F7F"> ⠿ isc_dhcp Error 1.4s</span>
[+] Building 4.2s (8/8) FINISHED
@ -833,6 +844,7 @@ cd /scripts/docker/gitea/ && docker-compose up -d
docker-compose logs -f
```
<!--suppress SpellCheckingInspection, SpellCheckingInspection -->
<pre>docker-compose logs -f
<span style="color:#CC3980">gitea-db-1 | </span>
<span style="color:#CC3980">gitea-db-1 | </span>PostgreSQL Database directory appears to contain a database; Skipping initialization
@ -1091,7 +1103,7 @@ transfer-encoding: chunked
```
### Test HTTPS access towards services works correclt
### Test HTTPS access towards services works correctly
```shell
@ -1128,13 +1140,151 @@ x-envoy-upstream-service-time: 3
## Part 4
### Update local DNS
I updated the Local DNS to point towards the new-architecture/new-resources.
### Certificate Generation
> **Note:**\
> Basically I followed [this post from Medium](https://systemweakness.com/create-internal-ssl-certificates-with-cert-manager-851fc886628e).
First, let's generate a certificate, and it's key.
```shell
openssl req -x509 -newkey rsa:4096 -sha256 -days 5 -nodes \
-keyout ca.filter.home.key -out ca.filter.home.cer \
-subj /C=ES/ST=BAR/O=FilterHome/CN=ca.filter.home \
-extensions ext \
-config <(cat <<EOF
[req]
distinguished_name=req
[ext]
keyUsage=critical,keyCertSign,cRLSign
basicConstraints=critical,CA:true,pathlen:1
subjectAltName=DNS:ca.filter.home
EOF
)
```
```text
cmdsubst heredoc> [req]
cmdsubst heredoc> distinguished_name=req
cmdsubst heredoc> [ext]
cmdsubst heredoc> keyUsage=critical,keyCertSign,cRLSign
cmdsubst heredoc> basicConstraints=critical,CA:true,pathlen:1
cmdsubst heredoc> subjectAltName=DNS:ca.filter.home
cmdsubst heredoc> EOF
cmdsubst> )
........+.+..+............+++++++++++++++++++++++++++++++++++++++++++++*..+...+..........+..+...+.+.....................+.....+.......+..+.+.....+++++++++++++++++++++++++++++++++++++++++++++*.......+.........+.+..+.+.....................+......+.......................+......+......+............+..........+.....+.......+.....+..........+.....+...+...+....+...+........+....+......+.....+...................+.......................+.+.....+......+.+...+......+.....+....+.....+.+...........+....+...+...+............+..+......+.......+..+....+..............+..........+..................+..+.+......+......+........+.+......+.....+............+................+..+....+......+.........+......+........+.+.....+...+.+..+....+...+..+.+.....+...+........................................+.................+.........+................+..+......+.+..............+......+.+.....+...............+++++
.+............+.....+++++++++++++++++++++++++++++++++++++++++++++*........+............+....................+.+..+...+...+.+...+..+..........+...+..+.+.....+.........+...+...+.......+......+..+...+.+......+++++++++++++++++++++++++++++++++++++++++++++*...+...........+.......+......+...............+..+...+.........+..........+...+..+.......+..............+....+...+........+..........+..+...+....+.....+................+..+..........+++++
-----
```
Now we obtain the base64 contents (don't need to store, preferably **don't store the output**).
```shell
cat ca.filter.home.cer | base64 | tr -d '\n' > tls.crt
```
```shell
cat ca.filter.home.key | base64 | tr -d '\n' > tls.key
```
Modify the file `Secret.yaml` and set the output from the files as value from the data fields, each one according to their filename.
```shell
kubectl apply -f P4_Local_Certs/Secret.yaml
```
```text
secret/local-ca created
```
Let's deploy the Issuer service configuration.
```shell
kubectl apply -f P4_Local_CA/Issuer.yaml
```
```text
clusterissuer.cert-manager.io/ca-issuer created
certificate.cert-manager.io/local-wildcard-certificate created
```
### Monitor Certificate Provisioning process
```shell
kubectl get events -n istio-system --field-selector involvedObject.name=local-wildcard-certificate,involvedObject.kind=Certificate --sort-by=.metadata.creationTimestamp --watch
```
```text
LAST SEEN TYPE REASON OBJECT MESSAGE
3m48s Normal Issuing certificate/local-wildcard-certificate Issuing certificate as Secret does not exist
3m43s Normal Generated certificate/local-wildcard-certificate Stored new private key in temporary Secret resource "local-wildcard-certificate-f7g4f"
3m43s Normal Requested certificate/local-wildcard-certificate Created new CertificateRequest resource "local-wildcard-certificate-8rndg"
3m42s Normal Issuing certificate/local-wildcard-certificate The certificate has been successfully issued
```
### Check status of the certificate provisioned.
```shell
kubectl get -n istio-system certificate local-wildcard-certificate -o jsonpath='{.metadata.name}{"\t"}{.status.conditions[].reason}{"\t"}{.status.conditions[].message}{"\n"}'
```
```text
local-wildcard-certificate Ready Certificate is up to date and has not expired
```
### Test local Gateway
Now that the certificate is provisioned, let's check the status of the local gateway deployed in the [Part 3](#part-3)
#### HTTP
```shell
curl jelly.filter.home/web/index.html -I
```
```text
HTTP/1.1 200 OK
accept-ranges: bytes
content-type: text/html
date: Thu, 27 Jul 2023 14:18:24 GMT
etag: "1d975f47df7d992"
last-modified: Sun, 23 Apr 2023 15:01:33 GMT
server: istio-envoy
x-response-time-ms: 0
content-length: 7442
x-envoy-upstream-service-time: 2
```
#### HTTPS
```shell
curl https://jelly.filter.home/web/index.html -I -k
```
```text
HTTP/2 200
accept-ranges: bytes
content-type: text/html
date: Thu, 27 Jul 2023 14:18:59 GMT
etag: "1d975f47df7d992"
last-modified: Sun, 23 Apr 2023 15:01:33 GMT
server: istio-envoy
x-response-time-ms: 0
content-length: 7442
x-envoy-upstream-service-time: 2
```
> **Note:**\
> It's extremely possible that I set HTTP to HTTPS redirect also locally, still need to decide if there is any reason for which I would like to maintain the local HTTP traffic.
# I am here <----
---
@ -1156,9 +1306,6 @@ x-envoy-upstream-service-time: 3
@ -1238,7 +1385,7 @@ gitea.<span style="color:#FF7F7F"><b>filterhome.xyz</b></span>
jelly.<span style="color:#FF7F7F"><b>filterhome.xyz</b></span> 443 - outbound EDS jelly.default
tube.<span style="color:#FF7F7F"><b>filterhome.xyz</b></span> 443 - outbound EDS tube.external</pre>
Alright, we got the output, but why does it say `jelly.default`? All the other entries mantain the format `$SERVICE.external`, could it be ...?
Alright, we got the output, but why does it say `jelly.default`? All the other entries maintain the format `$SERVICE.external`, could it be ...?
```shell
kubectl get dr -n default
@ -1282,16 +1429,16 @@ Did _some_ ~~lots of~~ tests in order to determine what was happening, since it
This issue popped out 2 questions:
- Which is the difference between LE `stagging` and `production`?
- Which is the difference between LE `staging` and `production`?
- Which is the difference between the default `istio: ingressgateway` and `istio: whateveriwannaputhere`.
### Which is the difference between LE `stagging` and `production`?
### Which is the difference between LE `staging` and `production`?
As far I understood by reading through `The Internet`, the `staging` environment is intended for testing (duh), therefore is a lot more generous when performing the validations.
How much generous? I suspect a whole a lot bunch.
### Which is the difference between LE `stagging` and `production`?
### Which is the difference between LE `staging` and `production`?
Let's check the "access logs" differences when using one selector or another.
@ -1385,3 +1532,4 @@ This left me some questions, especially **how many things can be affected by thi
As well the hassle of this issue, provided more reasons to use the `ACME DNS01` challenge instead of the `ACME HTTP01`, which will be configured as soon as available.