-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhistory-ambassador
822 lines (787 loc) · 30.6 KB
/
history-ambassador
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
388 kubectl logs -f -n nginx-ingress nginx-ingress-64cd88d9bd-qdbg9
389 kubectl get pods -n nginx-ingress
390 kubectl -n nginx-ingress delete pod nginx-ingress-nv9xg
391 kubectl get pods -n nginx-ingress
392 kubectl logs -f -n nginx-ingress nginx-ingress-c7rh5
393 history | grep ingress
394 kubectl apply -f kubernetes-ingress/install/rbac/rbac.yaml
395 kubectl logs -f -n nginx-ingress nginx-ingress-c7rh5
396 kubectl get pods -n nginx-ingress
397 kubectl -n nginx-ingress delete pod nginx-ingress-64cd88d9bd-qdbg9
398 kubectl -n nginx-ingress delete pod nginx-ingress-c7rh5
399 kubectl get pods -n nginx-ingress
400 kubectl logs -f -n nginx-ingress nginx-ingress-64cd88d9bd-sk7bj
401 vi kubernetes-dashboard-ingress.yaml
402 kubectl apply -f kubernetes-dashboard-ingress.yaml
403 kubectl logs -f -n nginx-ingress nginx-ingress-64cd88d9bd-sk7bj
404 kubectl apply -f kubernetes-ingress/examples/customization/nginx-config.yaml
405 kubectl logs -f -n nginx-ingress nginx-ingress-64cd88d9bd-sk7bj
406 kubectl apply -f kubernetes-dashboard-ingress.yaml
407 cat kubernetes-ingress/install/common/default-server-secret.yaml |kubectl replace --force -f -
408 kubectl logs -f -n nginx-ingress nginx-ingress-64cd88d9bd-sk7bj
409 cp kubernetes-ingress/examples/customization/nginx-config.yaml nginx-config-mode.yaml
410 vi nginx-config-mode.yaml
411 kubectl apply -f nginx-config-mode.yaml
412 kubectl logs -f -n nginx-ingress nginx-ingress-64cd88d9bd-sk7bj
413 vi nginx-config-mode.yaml
414 kubectl apply -f nginx-config-mode.yaml
415 kubectl logs -f -n nginx-ingress nginx-ingress-64cd88d9bd-sk7bj
416 vi nginx-config-mode.yaml
417 kubectl apply -f nginx-config-mode.yaml
418 kubectl logs -f -n nginx-ingress nginx-ingress-64cd88d9bd-sk7bj
419 vi nginx-config-mode.yaml
420 cp kubernetes-ingress/examples/customization/nginx-config.yaml nginx-config-mode.yaml
421 kubectl apply -f nginx-config-mode.yaml
422 vi nginx-config-mode.yaml
423 kubectl logs -f -n nginx-ingress nginx-ingress-64cd88d9bd-sk7bj
424 vi nginx-config-mode.yaml
425 kubectl apply -f nginx-config-mode.yaml
426 kubectl logs -f -n nginx-ingress nginx-ingress-64cd88d9bd-sk7bj
427 vi nginx-config-mode.yaml
428 kubectl delete namespace nginx-ingress
429 vi nginx-config-mode.yaml
430 kubectl get pods -n nginx-ingress
431 kubectl get pods --all-namespaces
432 kubectl get ingresses
433 kubectl delete kubernetes-dashboard-ingress
434 kubectl delete ingress kubernetes-dashboard-ingress
435 kubectl get deplyoments
436 kubectl get deployments
437 kubectl delete deployment
438 kubectl delete deployment coffee tea
439 kubectl get pods --all-namespaces
440 cat /var/log/messages
441 kubectl get pods --all-namespaces
442 ls
443 vi ambassador.yaml
444 kubectl apply -f ambassador.yaml
445 kubectl apply -f https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml
446 kubectl get svc -o wide ambassador
447 ls
448 vi ambassador-kubernetes-dashboard.yaml
449 kubectl -f ambassador-kubernetes-dashboard.yaml
450 kubectl apply -f ambassador-kubernetes-dashboard.yaml
451 vi ambassador-kubernetes-dashboard.yaml
452 kubectl apply -f ambassador-kubernetes-dashboard.yaml
453 kubectl get services
454 ls
455 vi ambassador-kubernetes-dashboard.yaml
456 kubectl apply -f ambassador-kubernetes-dashboard.yaml
457 vi ambassador-kubernetes-dashboard.yaml
458 kubectl get services
459 vi ambassador-kubernetes-dashboard.yaml
460 kubectl apply -f ambassador-kubernetes-dashboard.yaml
461 vi ambassador-kubernetes-dashboard.yaml
462 kubectl apply -f ambassador-kubernetes-dashboard.yaml
463 vi ambassador-kubernetes-dashboard.yaml
464 kubectl apply -f ambassador-kubernetes-dashboard.yaml
465 vi ambassador-kubernetes-dashboard.yaml
466 kubectl apply -f ambassador-kubernetes-dashboard.yaml
467 kubectl get services
468 kubectl get services --all-namespaces
469 kubectl delete service amb-db
470 kubectl get services --all-namespaces
471 vi ambassador-kubernetes-dashboard.yaml
472 ls
473 cat kubernetes-dashboard-service-org.yaml
474 vi ambassador-kubernetes-dashboard.yaml
475 kubectl apply -f ambassador-kubernetes-dashboard.yaml
476 kubectl get services --all-namespaces
477 vi ambassador-kubernetes-dashboard.yaml
478 kubectl apply -f ambassador-kubernetes-dashboard.yaml
479 vi ambassador-kubernetes-dashboard.yaml
480 ls
481 vi ambassador.yaml
482 vi ambassador-https.yaml
483 cp ambassador.yaml ambassador-https.yaml
484 vi ambassador-https.yam
485 vi ambassador-https.yaml
486 kubectl apply -f ambassador.yaml
487 kubectl apply -f ambassador-https.yaml
488 vi ambassador-https.yaml
489 kubectl apply -f ambassador-https.yaml
490 vi ambassador-https.yaml
491 kubectl apply -f ambassador-https.yaml
492 kubectl get services --all-namespaces
493 curl localhost:30080
494 curl http://localhost:30080
495 curl http://localhost:30100
496 curl http://192.168.2.20:30080
497 curl http://192.168.2.20:30080/httpbin
498 curl http://192.168.2.20:30080/httpbin/
499 curl https://192.168.2.20:30100/httpbin/
500 history | grep fire
501 firewall-cmd --zone=public --add-port=30100/tcp --permanent
502 #fw
503 curl https://192.168.2.20:30100/httpbin/
504 firewall-cmd
505 firewall-cmd --list
506 iptables -L
507 curl http://192.168.2.20:30080/httpbin/
508 curl https://192.168.2.20:30100/httpbin/
509 kubectl get services --all-namespaces
510 curl https://192.168.2.20:32223
511 curl http://192.168.2.20:32223
512 curl http://192.168.2.20:32223/admin
513 curl http://192.168.2.20:32223
514 ls
515 tar xvfz /home/tv/etc-letsencryp.tar.gz
516 ls
517 ##cert
518 history -a
519 kubectl create secret tls ambassador-certs --cert=etc/letsencrypt/live/augustusburg.org/chain.pem --key=etc/letsencrypt/live/augustusburg.org/privkey.pem -n default
520 kubectl create secret tls ambassador-certs --cert=etc/letsencrypt/live/augustusburg.org/cert.pem --key=etc/letsencrypt/live/augustusburg.org/privkey.pem -n default
521 curl https://192.168.2.20:30100/httpbin/
522 kubectl detele secret ambassador-certs
523 kubectl delete secret ambassador-certs
524 kubectl create secret tls ambassador-certs --cert=etc/letsencrypt/live/augustusburg.org/fullchain.pem --key=etc/letsencrypt/live/augustusburg.org/privkey.pem -n default
525 curl https://192.168.2.20:30100/httpbin/
526 vi ambassador-https.yaml
527 kubectl apply -f ambassador-https.yaml
528 kubectl get services --all-namespaces
529 curl https://192.168.2.20:30100/httpbin/
530 vi ambassador-https.yaml
531 kubectl apply -f ambassador-https.yaml
532 curl https://192.168.2.20:30100/httpbin/
533 ls
534 vi ambassador-kubernetes-dashboard.yaml
535 kubectl apply -f ambassador-kubernetes-dashboard.yaml
536 kubectl get services --all-namespaces
537 vi ambassador-kubernetes-dashboard.yaml
538 vi ambassador-https.yaml
539 curl https://www.getambassador.io/yaml/ambassador/ambassador-https.yaml > ambassador-https-org.yaml
540 vi ambassador-https-org.yaml
541 vi ambassador-https.yaml
542 cat ambassador-https-org.yaml
543 vi ambassador-https.yaml
544 kubectl create secret tls ambassador-certs --cert=etc/letsencrypt/live/augustusburg.org/fullchain.pem --key=etc/letsencrypt/live/augustusburg.org/privkey.pem -n default --dry-run -o yaml
545 kubectl create secret tls ambassador-certs --cert=etc/letsencrypt/live/augustusburg.org/fullchain.pem --key=etc/letsencrypt/live/augustusburg.org/privkey.pem -n default --dry-run -o yaml| kubectl replace -f -
546 kubectl get services --all-namespaces
547 curl https://192.168.2.20:30100/httpbin/
548 cat /var/log/messages
549 cat /var/log/messages | grep amb
550 kubectl create secret tls ambassador-certs --cert=etc/letsencrypt/live/augustusburg.org/fullchain.pem --key=etc/letsencrypt/live/augustusburg.org/privkey.pem -n default --dry-run -o yaml| kubectl replace -f -
551 cat /var/log/messages | grep amb
552 tail /var/log/messages
553 curl https://192.168.2.20:30100/httpbin/
554 netstat -nat
555 yum -y installa net-utils
556 yum -y install net-utils
557 yum provides netstat
558 yum -y install net-tools
559 ### net-tools
560 netstat -nat
561 netstat -nat| grep 443
562 netstat -nat| grep 30080
563 netstat -nat| grep 30100
564 ### net-tools
565 curl https://192.168.2.20:30100/httpbin/
566 curl https://localhost:30100/httpbin/
567 curl https://localhost:30100
568 curl https://localhost:30080
569 curl http://192.168.2.20:30080/httpbin/
570 curl https://192.168.2.20:30100/httpbin/
571 curl http://localhost:30080/httpbin/
572 curl https://192.168.2.20:30100/httpbin/
573 history | grep fw
574 history | grep fir
575 firewall-cmd --zone=public --del-port=30100/tcp --permanent
576 firewall-cmd --zone=public --del-port=30100/tcp
577 firewall-cmd --zone=public --add-port=30080/tcp --permanent
578 curl https://192.168.2.20:30100/httpbin/
579 curl http://localhost:30080/httpbin/
580 curl http://192.168.2.20:30080/httpbin/
581 curl https://192.168.2.20:30100/httpbin/
582 kubectl create secret tls ambassador-certs --cert=etc/letsencrypt/live/augustusburg.org/fullchain.pem --key=etc/letsencrypt/live/augustusburg.org/privkey.pem -n default --dry-run -o yaml| kubectl replace -f -
583 kubectl apply -f ambassador-https.yaml
584 cat ambassador-https.yaml | kubectl replace -f -
585 vi ambassador-https.yaml
586 cat ambassador-https.yaml | kubectl replace --force -f -
587 vi ambassador-https.yaml
588 curl https://192.168.2.20:30100/httpbin/
589 netstat -nat
590 netstat -nat| grep 30100
591 curl https://192.168.2.20:30100/httpbin/
592 curl https://192.168.2.20:30100/
593 cat /var/log/messages | grep amb
594 tail /var/log/messages
595 history -a
596 reboot
597 cat /var/log/fail2ban.log
598 df -h
599 top
600 ps -ef
601 tail /var/log/messages
602 tail -1000 /var/log/messages
603 tail -10000 /var/log/messages
604 curl https://192.168.2.20:30100/
605 vi ambassador-https.yaml
606 cat ambassador-https.yaml | kubectl replace --force -f -
607 tail -10000 /var/log/messages
608 vi ambassador-https.yaml
609 cat ambassador-https.yaml | kubectl replace --force -f -
610 ls
611 vi ambassador-kubernetes-dashboard.yam
612 vi ambassador-kubernetes-dashboard.yaml
613 vi ambassador-https.yaml
614 vi ambassador-kubernetes-dashboard.yaml
615 cat ambassador-kubernetes-dashboard.yaml | kubectl replace --force -f -
616 vi ambassador-kubernetes-dashboard.yaml
617 cat ambassador-kubernetes-dashboard.yaml | kubectl replace --force -f -
618 vi ambassador-kubernetes-dashboard.yaml
619 ps -ef
620 ls
ambassador-kubernetes-dashboard.yaml
---
apiVersion: v1
kind: Service
metadata:
labels:
service: ambassador
name: ambassador
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v0
kind: Mapping
name: httpbin_mapping
prefix: /httpbin/
service: httpbin.org:80
host_rewrite: httpbin.org
---
apiVersion: ambassador/v0
kind: Mapping
name: httpbin_mapping_https
prefix: /httpbin/
service: https://httpbin.org:443
host_rewrite: httpbin.org
---
# apiVersion: ambassador/v0
# kind: Module
# name: tls
# config:
# server:
# enabled: True
# redirect_cleartext_from: 80
spec:
type: NodePort
ports:
- name: ambassador
nodePort: 30080
port: 80
targetPort: 80
- name: ambassador-https
nodePort: 30100
port: 443
targetPort: 443
selector:
service: ambassador
621 ### verschlüsseltes kubenetes-dashboard geht nicht über ambassador
622 cat kubernetes-dashboard-service-nodeport.yaml | kubectl replace --force -f -
623 cat kubernetes-dashboard-service-nodeport.yaml
624 ### nin mal grafan
625 git clone kubernetes-dashboard-service-nodeport.yaml
626 git clone https://github.com/bakins/minikube-prometheus-demo
627 ls
628 cd minikube-prometheus-demo/
629 ls
630 cat demo-script.sh
631 ls
632 alias kubectl k
633 alias k kubectl
634 alias
635 alias k=kubectl
636 ls
637 k apply -f monitoring-namespace.yaml
638 k apply -f prometheus-config.yaml
639 k apply -f prometheus-deployment.yaml
640 k apply -f prometheus-service.yaml
641 k apply -f grafana-deployment.yaml
642 cd .
643 cd
644 ls
645 cd minikube-prometheus-demo/
646 ls
647 k apply -f node-exporter-daemonset.yml
648 vi grafana-service-ambassador.yaml
649 k apply grafana-service-ambassador.yaml
650 k apply -f grafana-service-ambassador.yaml
651 vi grafana-service-ambassador.yaml
652 k get services
653 k get services --all-anemsapces
654 k get services --all-namesapces
655 k get services --all-namesapce
656 k get services --all-namespaces
657 k delete service grafana
658 k delete service grafana -n kube-system
659 k get services --all-namespaces
660 vi grafana-service-ambassador.yaml
661 k apply -f grafana-service-ambassador.yaml
662 vi grafana-service-ambassador.yaml
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: monitoring
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v0
kind: Mapping
name: grafana
## prefix geht nicht bei grafana wegens umlenkung von /grafana/ zu /login im stammverzeichnis
## deshalb nur host als unterscheidung
prefix: /
host: kube.augustusburg.org:30100
## serbicename punkt namespace
service: grafana.monitoring
spec:
ports:
- name: grafana-plain
port: 80
protocol: TCP
targetPort: 3000
- name: grafana-ssl
port: 443
protocol: TCP
targetPort: 3000
selector:
name: grafana
type: ClusterIP
663 k get services --all-namespaces
664 tail /var/log/messages
665 vi grafana-service-ambassador.yaml
666 cd ..
667 ls
668 cat ambassador-https.yaml
669 top
670 df -h
671 top
672 history -a
673 ### geht mit ambassador
674 history -a
675 history
676 kubectl get namespaces
677 kubectl get configmap --namespace=monitoring prometheus-config -o yaml
678 kubectl get deployments --namespace=monitoring
679 ubectl get services --namespace=monitoring prometheus -o yaml
680 kubectl get services --namespace=monitoring prometheus -o yaml
681 cd minikube-prometheus-demo/
682 ls
683 k get pods --all-namespaces
684 cd
685 history -a
686 history
821 kubectl get pods --all-namespaces
822 vi ambassador-service.yaml
823 history
824 history -a
825 kubectl apply -f ambassador.yaml
826 kubectl apply -f ambassador-service.yaml
827 vi ambassador-service.yaml
828 kubectl apply -f ambassador-service.yaml
829 kubectl get pods --all-namespaces
830 kubectl apply -f https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml
831 kubectl get pods --all-namespaces
832 kubectl get servcie ambassador --all-namespaces
833 kubectl get service ambassador --all-namespaces
834 kubectl get services --all-namespaces
835 kubectl delete deployment coffee-svc
836 kubectl delete service coffee-svc
837 kubectl delete service tea-svc coffee-svc
838 kubectl get services --all-namespaces
839 kubectl apply -f ambassador-service.yaml
840 vi ambassador-service.yaml
841 kubectl apply -f ambassador-service.yaml
842 vi ambassador-service.yaml
843 kubectl apply -f ambassador-service.yaml
844 kubectl get services --all-namespaces
845 kubectl delete service coffee-svc
846 kubectl delete service tea-svc
847 kubectl delete service qotm
848 kubectl get services --all-namespaces
849 kubectl apply -f ambassador-service.yaml
850 kubectl get services --all-namespaces
851 vi ambassador-service.yaml
852 # geht
853 vi ambassador-service.yaml
854 # noch nicht
855 vi ambassador-service.yaml
856 kubectl get services --all-namespaces
857 firewall-cmd --status
858 firewall-cmd --state
859 firewall-cmd --list-all --zone=external
860 firewall-cmd --list-all --zone=public
861 history |grep firewall
862 firewall-cmd --zone=public --add-port=30080/tcp --permanent
863 firewall-cmd --zone=public --add-port=30100/tcp --permanent
864 firewall-cmd --list-all --zone=public
865 firewall-cmd --relaod
866 firewall-cmd --reload
867 firewall-cmd --list-all --zone=public
868 kubectl get services --all-namespaces
869 kubectl get pods --all-namespaces
870 ## trort fw freischaltung gehts nicht
871 kubectl get pods --all-namespaces
872 reboot?
873 reboot
874 kubectl get pods --all-namespaces
875 firewall-cmd --list-all --zone=public
876 vi ambassador-service.yaml
877 kubectl get services --all-namespaces
878 kubectl delete service ambassador
879 ls
880 kubectl -f ambassador-service.yaml
881 kubectl apply -f ambassador-service.yaml
882 kubectl get services --all-namespaces
883 vi ambassador-service.yaml
884 curl httpbin.org
885 curl portal.augustusbugr.org:30080
886 curl portal.augustusburg.org:30080
887 curl portal.augustusburg.org:30080/httpbin/
888 ls
889 vi ambassadir-service-org.yaml
HTTP allein - geht wenn kein Zertifikat angelehgt wurde
[root@portal ~]# cat ambassadir-service-org.yaml
---
apiVersion: v1
kind: Service
metadata:
labels:
service: ambassador
name: ambassador
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v0
kind: Mapping
name: httpbin_mapping
prefix: /httpbin/
service: httpbin.org:80
host_rewrite: httpbin.org
spec:
type: NodePort
ports:
- name: ambassador
nodePort: 30080
port: 80
targetPort: 80
selector:
service: ambassador
893 kubectl apply -f ambassadir-service-org.yaml
896 kubectl get services --all-namespaces
897 curl portal.augustusburg.org:30080
898 vi ambassadir-service-org.yaml
899 kubectl apply -f https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml
900 kubectl get services --all-namespaces
901 # aha- nach korrektur service muss man das deplyoment nocheinmal machen!!!!
902 # jetzt gehte smit port 80 ambassadir-service-org.yaml
903 # jetzt mal mit erweiterung port 443
904 kubectl apply -f ambassador-service.yaml
---
apiVersion: v1
kind: Service
metadata:
labels:
service: ambassador
name: ambassador
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v0
kind: Mapping
name: httpbin_mapping
prefix: /httpbin/
service: httpbin.org:80
host_rewrite: httpbin.org
---
apiVersion: ambassador/v0
kind: Module
name: tls
config:
server:
enabled: True
redirect_cleartext_from: 80
spec:
type: NodePort
ports:
- name: ambassador-http
nodePort: 30080
port: 80
targetPort: 80
- name: ambassador-https
nodePort: 30100
port: 443
targetPort: 443
selector:
service: ambassador
905 kubectl get services --all-namespaces
906 ## erstmal geht port 80 noch 44 noch nicht - weil noch kein tzertifikat
907 ls
908 ls certs/
909 ls /etc/letsencrypt/live/augustusburg.org/
910 # so jetzt cert installieren ud schaune ob gelich https geht
911 kubectl create secret tls ambassador-certs --cert=etc/letsencrypt/live/augustusburg.org/fullchain.pem --key=etc/letsencrypt/live/augustusburg.org/privkey.pem -n default --dry-run -o yaml| kubectl replace -f -
912 # nein - das war das austauschkomandpo -a ber wir wolenja initinal das zert erzeugen
913 # oder importieren
914 kubectl create secret tls ambassador-certs --cert=/etc/letsencrypt/live/augustusburg.org/fullchain.pem --key=/etc/letsencrypt/live/augustusburg.org/privkey.pem -n default
915 # geht noch nicht -. mals ehen ob weiderholiung des deplay hilft
916 kubectl apply -f https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml
917 ## geht imme rnoch nicht
918 schauen fw
919 firewall-cmd --list-all --zone=public
920 # nö - 30100 is offen
921 curl https://portal.augustusburg.org:30100/httpbin/
922 kubectl describe secret ambassador-certs
923 ## mal reboot
924 reboot
925 kubectl get services --all-namespaces
926 curl https://portal.augustusburg.org:30100/httpbin/
927 # mhh iergednwoie anders
928 ls
929 # nicht merh refused - aber timeout
930 curl https://portal.augustusburg.org:30100/httpbin/
931 vi ambassador-service.yaml
932 kubectl apply -f ambassador-service.yaml
933 curl https://portal.augustusburg.org:30100/httpbin/
934 kubectl apply -f https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml
935 curl https://portal.augustusburg.org:30100/httpbin/
936 vi ambassador-service.yaml
937 kubectl apply -f ambassador-service.yaml
938 curl https://portal.augustusburg.org:30100/httpbin/
939 vi ambassador-service.yaml
940 kubectl apply -f ambassador-service.yaml
941 curl https://portal.augustusburg.org:30100/httpbin/
942 kubectl apply -f https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml
943 curl https://portal.augustusburg.org:30100/httpbin/
944 reboot
945 curl https://portal.augustusburg.org:30100/httpbin/
946 vi ambassador-service.yaml
947 kubectl apply -f ambassador-service.yaml
948 curl https://portal.augustusburg.org:30100/httpbin/
949 kubectl apply -f https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml
950 curl https://portal.augustusburg.org:30100/httpbin/
951 vi ambassador-service.yaml
952 ##geht irgendwie
953 vi ambassador-service.yaml
954 # nochmal mit ohne redirekt 80>443 bzw, 30080>80100
955 kubectl apply -f ambassador-service.yaml
956 kubectl apply -f https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml
957 curl http://portal.augustusburg.org:30080/httpbin/
958 vi ambassador-service.yaml
959 kubectl apply -f ambassador-service.yaml
960 curl https://portal.augustusburg.org:30100/httpbin/
961 curl http://portal.augustusburg.org:30080/httpbin/
962 vi ambassador-service.yaml
963 kubectl apply -f https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml
964 curl http://portal.augustusburg.org:30080/httpbin/
965 curl https://portal.augustusburg.org:30100/httpbin/
966 reboot
967 curl https://portal.augustusburg.org:30100/httpbin/
968 curl http://portal.augustusburg.org:30080/httpbin/
969 vi ambassador-service.yaml
970 curl http://portal.augustusburg.org:30080/httpbin/
971 curl http://portal.augustusburg.org:30080/httpsbin/
972 curl http://portal.augustusburg.org:30080/httpbin/
973 curl https://portal.augustusburg.org:30100/httpsbin/
974 vi ambassador-service.yaml
975 kubectl apply -f ambassador-service.yaml
976 curl https://portal.augustusburg.org:30100/httpbin/
977 curl http://portal.augustusburg.org:30080/httpbin/
978 vi ambassador-service.yaml
979 curl http://portal.augustusburg.org:30080/httpbin/
980 kubectl apply -f ambassador-service.yaml
981 curl http://portal.augustusburg.org:30080/httpbin/
982 curl https://portal.augustusburg.org:30100/httpbin/
983 curl http://portal.augustusburg.org:30080/httpbin/
984 vi ambassador-service.yaml
985 kubectl apply -f ambassador-service.yaml
986 curl http://portal.augustusburg.org:30080/httpbin/
987 kubectl apply -f https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml
988 curl http://portal.augustusburg.org:30080/httpbin/
989 vi ambassador-service.yaml
990 kubectl apply -f ambassador-service.yaml
991 curl http://portal.augustusburg.org:30080/httpbin/
992 curl https://portal.augustusburg.org:30100/httpbin/
993 vi ambassador-service.yaml
994 vi ambassadir-service-org.yaml
995 kubectl apply -f ambassadir-service-org.yaml
996 curl https://portal.augustusburg.org:30100/httpbin/
997 curl http://portal.augustusburg.org:30080/httpbin/
998 reboot
999 curl http://portal.augustusburg.org:30080/httpbin/
1000 curl https://portal.augustusburg.org:30100/httpbin/
1001 curl http://portal.augustusburg.org:30080/httpbin/
1002 kubectl apply -f https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml
1003 curl http://portal.augustusburg.org:30080/httpbin/
1004 vi ambassadir-service-org.yaml
1005 kubectl get pods
1006 kubcectl delete pod ambassador-6867b6595b-dkj2k
1007 kubectl delete pod ambassador-6867b6595b-dkj2k
1008 kubectl delete pod ambassador-ambassador-6867b6595b-dlc6d
1009 kubectl delete pod ambassador-ambassador-ambassador-6867b6595b-f5jdh
1010 kubectl delete pod ambassador-6867b6595b-f5jdh
1011 kubectl delete ambassador-6867b6595b-dlc6d
1012 kubectl delete pod ambassador-6867b6595b-dlc6d
1013 kubectl get pods
1014 curl http://portal.augustusburg.org:30080/httpbin/
1015 curl https://portal.augustusburg.org:30100/httpbin/
1016 kubectl delete service ambassador
1017 kubectl apply -f ambassadir-service-org.yaml
1018 cat ambassadir-service-org.yaml
1019 curl http://portal.augustusburg.org:30080/httpbin/
1020 kubectl apply -f ambassador-service.yaml
1021 curl http://portal.augustusburg.org:30080/httpbin/
1022 curl https://portal.augustusburg.org:30100/httpbin/
1023 vi ambassador-service.yaml
1024 kubectl apply -f ambassador-service.yaml
1025 curl https://portal.augustusburg.org:30100/httpbin/
1026 curl http://portal.augustusburg.org:30080/httpbin/
1027 ### einmal httpos mit zertfikat aktiviert = kein weg zurück
1028 ### höchstens zertifikat lsöschen???
1029 vi ambassador-service.yaml
1030 ls
1031 cat deployment-kubernetes-dashboard-insecuressl.yaml
1032 ca deployment-kubernetes-dashboard-insecuressl.yaml
1033 vi deployment-kubernetes-dashboard-insecuressl.yaml
1034 cat deployment-kubernetes-dashboard-insecuressl.yaml| kubectl replace --force -f -
1035 kubectl get pods
1036 kubectl get pods --all-namespaces
1037 ls
1038 kubectl get services --all-namespaces
1039 cat kubernetes-dashboard.yaml
1040 q
1041 ls
1042 mv kubernetes-dashboard.yaml kubernetes-dashboard-nodeport.yaml
1043 vi service-kubernetes-dashboard.yaml
1044 cat service-kubernetes-dashboard.yaml | kubectl replace --force -f -
1045 kubectl get services --all-namespaces
1046 cat ambassador-service.yaml
1047 vi service-kubernetes-dashboard.yaml
1048 cat service-kubernetes-dashboard.yaml | kubectl replace --force -f -
1049 kubectl get services --all-namespaces
1050 curl https://portal.augustusburg.org:30100/db/
1051 vi service-kubernetes-dashboard.yaml
1052 cat service-kubernetes-dashboard.yaml | kubectl replace --force -f -
1053 vi service-kubernetes-dashboard.yaml
1054 cat service-kubernetes-dashboard.yaml | kubectl replace --force -f -
1055 kubectl get pods --all-namespaces
1056 kubectl log pod kubernetes-dashboard-79f4d545d8-5vns4
1057 kubectl logs pod kubernetes-dashboard-79f4d545d8-5vns4
1058 kubectl logs kubernetes-dashboard-79f4d545d8-5vns4
1059 kubectl logs pod kubernetes-dashboard-79f4d545d8-5vns4 -n kube-system
1060 kubectl logs kubernetes-dashboard-79f4d545d8-5vns4 -n kube-system
1061 ls
1062 vi deployment-kubernetes-dashboard-insecuressl.yaml
---unvershclüsselten port 9090 zlassen wegens interner verarbeitung ambassador > dashboard
--- auto-gen-certificate aktivitr zwangsweisse 8443 verschlüsselung deshalb weg
---- service konfig raus , damit das späte rangepasstw erdne kann mit ambassador -> saiehe unten
[root@portal ~]# diff deployment-kubernetes-dashboard-org.yaml deployment-kubernetes-dashboard-insecuressl.yaml
119c119
< - containerPort: 8443
---
> - containerPort: 9090
122c122,124
< - --auto-generate-certificates
---
> - --enable-insecure-login=true
> - --insecure-port=9090
> #- --auto-generate-certificates
135c137
< scheme: HTTPS
---
> scheme: HTTP
137c139
< port: 8443
---
> port: 9090
153,167d154
< # ------------------- Dashboard Service ------------------- #
<
< kind: Service
< apiVersion: v1
< metadata:
< labels:
< k8s-app: kubernetes-dashboard
< name: kubernetes-dashboard
< namespace: kube-system
< spec:
< ports:
< - port: 443
< targetPort: 8443
< selector:
< k8s-app: kubernetes-dashboard
1063 kubectl describe kubernetes-dashboard-79f4d545d8-5vns4 -n kube-system
1064 kubectl describe pod kubernetes-dashboard-79f4d545d8-5vns4 -n kube-system
1065 kubectl get pods --all-namespaces
1066 ### vorsicht - da sdb brauch etwas!
1067 ### wenn es geht abe rnich nicht startet = leere seite unter url abe rkeien feherlemdlung
1068 ls
1069 vi service-kubernetes-dashboard.yaml
1070 cat service-kubernetes-dashboard.yaml | kubectl replace --force -f -
1071 vi service-kubernetes-dashboard.yaml
1072 cp service-kubernetes-dashboard.yaml service-kubernetes-dashboard-unterverzeichnis.yaml
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v0
kind: Mapping
name: db_mapping
prefix: /db/
#host: portal.augustusburg.org:30100
service: kubernetes-dashboard.kube-system
spec:
ports:
- name: db-http
port: 80
targetPort: 9090
- name: db-https
port: 443
targetPort: 9090
selector:
k8s-app: kubernetes-dashboard
1073 vi service-kubernetes-dashboard.yaml
1074 cat service-kubernetes-dashboard.yaml | kubectl replace --force -f -
1075 host db.augustusburg.org
1076 host portal.augustusburg.org
1077 cp service-kubernetes-dashboard.yaml service-kubernetes-dashboard-unterdomaene.yaml
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v0
kind: Mapping
name: db_mapping
prefix: /
host: portal.augustusburg.org:30100
service: kubernetes-dashboard.kube-system
spec:
ports:
- name: db-http
port: 80
targetPort: 9090
- name: db-https
port: 443
targetPort: 9090
selector:
k8s-app: kubernetes-dashboard
1078 cat service-kubernetes-dashboard-unterverzeichnis.yaml | kubectl replace --force -f -
1079 vi service-kubernetes-dashboard-unterdomaene.yaml
1080 cat service-kubernetes-dashboard-unterdomaene.yaml | kubectl replace --force -f -
1081 history -a
1082 history