prod and staging for tls in loadbalancer
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>rewrite
parent
c0e81ee277
commit
ed980f816f
|
@ -2,8 +2,8 @@ include /etc/nginx/modules-enabled/*.conf;
|
||||||
|
|
||||||
events {}
|
events {}
|
||||||
|
|
||||||
# TCP Load Balancing for the K3s API
|
|
||||||
stream {
|
stream {
|
||||||
|
# TCP Load Balancing for the K3s API
|
||||||
upstream k3s_servers {
|
upstream k3s_servers {
|
||||||
{% for ip in k3s_server_ips %}
|
{% for ip in k3s_server_ips %}
|
||||||
server {{ ip }}:{{k3s.loadbalancer.default_port}};
|
server {{ ip }}:{{k3s.loadbalancer.default_port}};
|
||||||
|
@ -14,6 +14,17 @@ stream {
|
||||||
listen {{k3s.loadbalancer.default_port}};
|
listen {{k3s.loadbalancer.default_port}};
|
||||||
proxy_pass k3s_servers;
|
proxy_pass k3s_servers;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
upstream dns_servers {
|
||||||
|
{% for ip in k3s_server_ips %}
|
||||||
|
server {{ ip }}:53;
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 53 udp;
|
||||||
|
proxy_pass dns_servers;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
|
@ -43,9 +54,9 @@ http {
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443;
|
listen 443 ssl;
|
||||||
|
|
||||||
server_name staging.k3s.seyshiro.de *.staging.k3s.seyshiro.de
|
server_name staging.k3s.seyshiro.de *.staging.k3s.seyshiro.de;
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/ssl/staging_tls.crt;
|
ssl_certificate /etc/nginx/ssl/staging_tls.crt;
|
||||||
ssl_certificate_key /etc/nginx/ssl/staging_tls.key;
|
ssl_certificate_key /etc/nginx/ssl/staging_tls.key;
|
||||||
|
@ -59,9 +70,9 @@ http {
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443;
|
listen 443 ssl;
|
||||||
|
|
||||||
server_name production.k3s.seyshiro.de *.production.k3s.seyshiro.de
|
server_name k3s.seyshiro.de *.k3s.seyshiro.de;
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/ssl/production_tls.crt;
|
ssl_certificate /etc/nginx/ssl/production_tls.crt;
|
||||||
ssl_certificate_key /etc/nginx/ssl/production_tls.key;
|
ssl_certificate_key /etc/nginx/ssl/production_tls.key;
|
||||||
|
@ -74,3 +85,5 @@ http {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,13 +1,15 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
kubectl -n staging get secret k3s-seyshiro-de-staging-tls -o jsonpath='{.data.tls\.crt}' | base64 -d >staging_tls.crt
|
kubectl -n staging get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.crt}' | base64 -d >staging_tls.crt
|
||||||
kubectl -n staging get secret k3s-seyshiro-de-staging-tls -o jsonpath='{.data.tls\.key}' | base64 -d >staging_tls.key
|
kubectl -n staging get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.key}' | base64 -d >staging_tls.key
|
||||||
|
|
||||||
kubectl -n production get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.crt}' | base64 -d >production_tls.crt
|
kubectl -n production get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.crt}' | base64 -d >production_tls.crt
|
||||||
kubectl -n production get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.key}' | base64 -d >production_tls.key
|
kubectl -n production get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.key}' | base64 -d >production_tls.key
|
||||||
|
|
||||||
scp ./{production,staging}_tls.{crt,key} k3s-loadbalancer:~
|
scp ./{production,staging}_tls.{crt,key} k3s-loadbalancer:~
|
||||||
|
rm ./{production,staging}_tls.{crt,key}
|
||||||
|
|
||||||
# onsite
|
# on k3s-loadbalancer
|
||||||
# chmod 600 ./{production,staging}_tls.{crt,key}
|
# chmod 600 ./{production,staging}_tls.{crt,key}
|
||||||
|
# sudo chown root:root ./{production,staging}_tls.{crt,key}
|
||||||
# sudo mv ./{production,staging}_tls.{crt,key} /etc/nginx/ssl/
|
# sudo mv ./{production,staging}_tls.{crt,key} /etc/nginx/ssl/
|
||||||
|
|
Loading…
Reference in New Issue