prod and staging for tls in loadbalancer
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>rewrite
Tuan-Dat Tran
parent
c0e81ee277
commit
ed980f816f
|
|
@ -2,8 +2,8 @@ include /etc/nginx/modules-enabled/*.conf;
|
|||
|
||||
events {}
|
||||
|
||||
# TCP Load Balancing for the K3s API
|
||||
stream {
|
||||
# TCP Load Balancing for the K3s API
|
||||
upstream k3s_servers {
|
||||
{% for ip in k3s_server_ips %}
|
||||
server {{ ip }}:{{k3s.loadbalancer.default_port}};
|
||||
|
|
@ -14,6 +14,17 @@ stream {
|
|||
listen {{k3s.loadbalancer.default_port}};
|
||||
proxy_pass k3s_servers;
|
||||
}
|
||||
|
||||
upstream dns_servers {
|
||||
{% for ip in k3s_server_ips %}
|
||||
server {{ ip }}:53;
|
||||
{% endfor %}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 53 udp;
|
||||
proxy_pass dns_servers;
|
||||
}
|
||||
}
|
||||
|
||||
http {
|
||||
|
|
@ -43,9 +54,9 @@ http {
|
|||
}
|
||||
|
||||
server {
|
||||
listen 443;
|
||||
listen 443 ssl;
|
||||
|
||||
server_name staging.k3s.seyshiro.de *.staging.k3s.seyshiro.de
|
||||
server_name staging.k3s.seyshiro.de *.staging.k3s.seyshiro.de;
|
||||
|
||||
ssl_certificate /etc/nginx/ssl/staging_tls.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/staging_tls.key;
|
||||
|
|
@ -59,9 +70,9 @@ http {
|
|||
}
|
||||
|
||||
server {
|
||||
listen 443;
|
||||
listen 443 ssl;
|
||||
|
||||
server_name production.k3s.seyshiro.de *.production.k3s.seyshiro.de
|
||||
server_name k3s.seyshiro.de *.k3s.seyshiro.de;
|
||||
|
||||
ssl_certificate /etc/nginx/ssl/production_tls.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/production_tls.key;
|
||||
|
|
@ -74,3 +85,5 @@ http {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,13 +1,15 @@
|
|||
#!/bin/bash
|
||||
|
||||
kubectl -n staging get secret k3s-seyshiro-de-staging-tls -o jsonpath='{.data.tls\.crt}' | base64 -d >staging_tls.crt
|
||||
kubectl -n staging get secret k3s-seyshiro-de-staging-tls -o jsonpath='{.data.tls\.key}' | base64 -d >staging_tls.key
|
||||
kubectl -n staging get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.crt}' | base64 -d >staging_tls.crt
|
||||
kubectl -n staging get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.key}' | base64 -d >staging_tls.key
|
||||
|
||||
kubectl -n production get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.crt}' | base64 -d >production_tls.crt
|
||||
kubectl -n production get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.key}' | base64 -d >production_tls.key
|
||||
|
||||
scp ./{production,staging}_tls.{crt,key} k3s-loadbalancer:~
|
||||
rm ./{production,staging}_tls.{crt,key}
|
||||
|
||||
# onsite
|
||||
# on k3s-loadbalancer
|
||||
# chmod 600 ./{production,staging}_tls.{crt,key}
|
||||
# sudo chown root:root ./{production,staging}_tls.{crt,key}
|
||||
# sudo mv ./{production,staging}_tls.{crt,key} /etc/nginx/ssl/
|
||||
|
|
|
|||
Loading…
Reference in New Issue