argoyle
58b04fe47e
Add TLS configuration for staging-shiny and staging-shiny-api hosts in the ingress resources. Create a new namespace for ingress-nginx to better organize resources. Update kustomization files to include new certificates and secrets. Streamline setup process with improved wait commands for pod readiness.
39 lines
908 B
Markdown
39 lines
908 B
Markdown
# Certificates
|
|
|
|
This section contains the CA certificates used for testing.
|
|
The only step necessary is to [install](#install-and-trust-the-CA) the CA.
|
|
The rest of the documentation is for reference.
|
|
|
|
## Setup
|
|
|
|
First we generate a key for our CA certificate:
|
|
|
|
```shell
|
|
openssl genrsa -out local-ca.key 2048
|
|
```
|
|
|
|
Then generate the CA certificate:
|
|
|
|
```shell
|
|
openssl req -new -x509 -nodes -days 365000 \
|
|
-key local-ca.key \
|
|
-out local-ca.pem
|
|
```
|
|
|
|
Generate a k8s secret:
|
|
|
|
```shell
|
|
kubectl create secret generic ca-key-pair2 \
|
|
--from-literal=tls.crt="$(cat local-ca.pem)" \
|
|
--from-literal=tls.key="$(cat local-ca.key)"
|
|
```
|
|
|
|
The [certificates.yaml](../k8s/app/certificates.yaml) contains the secrets already and wil be used by cert-manager
|
|
to sign certificates.
|
|
|
|
## Install and trust the CA
|
|
|
|
```shell
|
|
sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" local-ca.pem
|
|
```
|