====== Gitea - SCM(Source Code Management) ======
===== Deployment gitea =====
==== Namespace ====
$ kubectl create ns scm-system
namespace/scm-system created
==== PersistentVolumeClaim ====
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-scm
namespace: scm-system
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
storageClassName: nfs-client
$ kubectl apply -f pvc-scm.yaml
persistentvolumeclaim/pvc-scm created
$ kubectl get pvc -n scm-system
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
pvc-scm Bound pvc-2ff9e861-b7bd-4fff-9d0c-28a3a9ffff36 8Gi RWO nfs-client 21s
==== Deployment gitea ====
apiVersion: apps/v1
kind: Deployment
metadata:
name: scm
namespace: scm-system
labels:
app: scm
spec:
replicas: 1
selector:
matchLabels:
app: scm
template:
metadata:
labels:
app: scm
spec:
containers:
- name: scm
image: gitea/gitea:latest
ports:
- containerPort: 22
name: ssh
protocol: TCP
- containerPort: 3000
name: http
protocol: TCP
resources:
requests:
memory: 256Mi
cpu: 0.2
limits:
memory: 512Mi
cpu: 0.5
volumeMounts:
- mountPath: /data
name: data
restartPolicy: Always
volumes:
- name: data
persistentVolumeClaim:
claimName: pvc-scm
$ kubectl apply -f scm-deployment.yaml
deployment.apps/scm created
$ kubectl get pods -n scm-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
scm-6bd59bbc7c-996js 1/1 Running 0 17s 10.244.213.129 kube-worker-02.juntotelecom.com.br
==== Service HTTP ====
apiVersion: v1
kind: Service
metadata:
labels:
app: scm
name: http-scm
namespace: scm-system
spec:
ipFamilies:
- IPv4
- IPv6
ipFamilyPolicy: PreferDualStack
ports:
- name: http
port: 3000
protocol: TCP
targetPort: 3000
selector:
app: scm
type: ClusterIP
$ kubectl apply -f http-service.yaml
service/http-scm created
$ kubectl get services -n scm-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
http-scm ClusterIP 10.96.76.204 3000/TCP 20s
==== Service SSH ====
apiVersion: v1
kind: Service
metadata:
labels:
app: scm
name: ssh-scm
namespace: scm-system
spec:
ipFamilies:
- IPv4
- IPv6
ipFamilyPolicy: PreferDualStack
ports:
- name: ssh
port: 22
protocol: TCP
targetPort: 22
selector:
app: scm
type: LoadBalancer
$ kubectl apply -f ssh-service.yaml
service/ssh-scm created
$ kubectl get services -n scm-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
http-scm ClusterIP 10.96.188.20 3000/TCP 65s
ssh-scm LoadBalancer 10.96.41.127 172.28.128.116,2804:694:4c00:4007::116 22:31838/TCP 58s
==== Ingress ====
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app: scm
name: ingress-scm
namespace: scm-system
spec:
ingressClassName: nginx
rules:
- host: scm.juntotelecom.com.br
http:
paths:
- backend:
service:
name: http-scm
port:
number: 3000
path: /
pathType: Prefix
$ kubectl apply -f ingress-scm.yaml
ingress.networking.k8s.io/ingress-scm created
$ kubectl get ingress -n scm-system
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-scm nginx scm.juntotelecom.com.br 172.28.128.99 80 58s
$ kubectl describe ingress ingress-scm -n scm-system
Name: ingress-scm
Labels: app=scm
Namespace: scm-system
Address: 172.28.128.99
Default backend: default-http-backend:80 ()
Rules:
Host Path Backends
---- ---- --------
scm.juntotelecom.com.br
/ http-scm:3000 (10.244.213.129:3000)
Annotations:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 23s (x2 over 80s) nginx-ingress-controller Scheduled for sync
===== Certificado SSL =====
Requisito: [[cert-manager_install|Cert-manager deployment]]
==== Emitindo o sertificado de teste - staging ====
$ kubectl delete -f ingress-scm.yaml
ingress.networking.k8s.io "ingress-scm" deleted
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app: scm
name: ingress-scm
namespace: scm-system
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
spec:
ingressClassName: nginx
rules:
- host: scm.juntotelecom.com.br
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: http-scm
port:
number: 3000
tls:
- hosts:
- scm.juntotelecom.com.br
secretName: ingress-scm-cert
$ kubectl apply -f ingress-scm-ssl.yaml
ingress.networking.k8s.io/ingress-scm created
$ kubectl get ingress -n scm-system
NAME CLASS HOSTS ADDRESS PORTS AGE
cm-acme-http-solver-rc6xk scm.juntotelecom.com.br 172.28.128.99 80 25s
ingress-scm nginx scm.juntotelecom.com.br 172.28.128.99 80, 443 31s
$ kubectl describe ingress ingress-scm -n scm-system
Name: ingress-scm
Labels: app=scm
Namespace: scm-system
Address: 172.28.128.99
Default backend: default-http-backend:80 ()
TLS:
ingress-scm-cert terminates scm.juntotelecom.com.br
Rules:
Host Path Backends
---- ---- --------
scm.juntotelecom.com.br
/ http-scm:3000 (10.244.213.129:3000)
Annotations: cert-manager.io/cluster-issuer: letsencrypt-staging
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CreateCertificate 68s cert-manager-ingress-shim Successfully created Certificate "ingress-scm-cert"
Normal Sync 54s (x2 over 68s) nginx-ingress-controller Scheduled for sync
$ kubectl get certificaterequest -n scm-system
NAME APPROVED DENIED READY ISSUER REQUESTOR AGE
ingress-scm-cert-vm82q True True letsencrypt-staging system:serviceaccount:cert-manager:cert-manager 108s
$ kubectl describe certificaterequest ingress-scm-cert-vm82q -n scm-system
Name: ingress-scm-cert-vm82q
Namespace: scm-system
Labels: app=scm
Annotations: cert-manager.io/certificate-name: ingress-scm-cert
cert-manager.io/certificate-revision: 1
cert-manager.io/private-key-secret-name: ingress-scm-cert-fw2pk
API Version: cert-manager.io/v1
Kind: CertificateRequest
Metadata:
Creation Timestamp: 2022-05-27T14:19:02Z
Generate Name: ingress-scm-cert-
Generation: 1
Managed Fields:
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:conditions:
.:
k:{"type":"Approved"}:
.:
f:lastTransitionTime:
f:message:
f:reason:
f:status:
f:type:
Manager: cert-manager-certificaterequests-approver
Operation: Update
Subresource: status
Time: 2022-05-27T14:19:02Z
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:cert-manager.io/certificate-name:
f:cert-manager.io/certificate-revision:
f:cert-manager.io/private-key-secret-name:
f:generateName:
f:labels:
.:
f:app:
f:ownerReferences:
.:
k:{"uid":"784f69c7-0fc9-4be6-b6dd-5fadb6e57038"}:
f:spec:
.:
f:issuerRef:
.:
f:group:
f:kind:
f:name:
f:request:
f:usages:
Manager: cert-manager-certificates-request-manager
Operation: Update
Time: 2022-05-27T14:19:02Z
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
f:certificate:
f:conditions:
k:{"type":"Ready"}:
.:
f:lastTransitionTime:
f:message:
f:reason:
f:status:
f:type:
Manager: cert-manager-certificaterequests-issuer-acme
Operation: Update
Subresource: status
Time: 2022-05-27T14:19:55Z
Owner References:
API Version: cert-manager.io/v1
Block Owner Deletion: true
Controller: true
Kind: Certificate
Name: ingress-scm-cert
UID: 784f69c7-0fc9-4be6-b6dd-5fadb6e57038
Resource Version: 2497040
UID: 9987ba12-4f7d-444c-8caa-876ed1408114
Spec:
Extra:
authentication.kubernetes.io/pod-name:
cert-manager-76578c9687-qlmbm
authentication.kubernetes.io/pod-uid:
b997afd3-f8a2-46ca-a02a-f72273bb449c
Groups:
system:serviceaccounts
system:serviceaccounts:cert-manager
system:authenticated
Issuer Ref:
Group: cert-manager.io
Kind: ClusterIssuer
Name: letsencrypt-staging
Request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2h6Q0NBVzhDQVFBd0FEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5mZQowamo4Y0pNOXhIa1pwbEpmQndIeTl3S01hY0ZsZGkveXpoTHRpdXJvYjRPMDk3Yk5rbUFRYlhTYmJjM2xuSStICndpSU5NeExBbFNoQXY0UHZLTmJQbWIrZWpMVmY2dzhLbExjNWd1ZEtLVGlLak1FTzduTmtjTHhwSCtVYnZFS2EKcXN6OHBWT0ZBdUxTYjhBT2J1K1dpWUpjV09PbGhPRkV4TSt6QmJxbitqemVhRDF3cWp1NHM1VXVsM3FET1B1RApmVHFZTlVGVDRMekJJQnVHYXBpUzF1T3dzaS85c25xand3eGRnQ2pWai9ueWh0aEoxU1FYbk9tdGNsVWRBTVpjCkI3TStmaWRsN2ZRMCsrS2JuRlZMVzZnWDI4SGFWTTZpYjZzWXowNHZoMTNqcHpXOXV1VndUK3NMdzlCNng5ZjEKUGFjdG1FWTJvZGROSUtseEZHY0NBd0VBQWFCQ01FQUdDU3FHU0liM0RRRUpEakV6TURFd0lnWURWUjBSQkJzdwpHWUlYYzJOdExtcDFiblJ2ZEdWc1pXTnZiUzVqYjIwdVluSXdDd1lEVlIwUEJBUURBZ1dnTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQ0xiK1VrNTNGcGtxMkh3M1VuWGhZZ1FFVmIxZGxUWldSeHBCcWNqY3JveWhqMS9JRzkKRmtWZXlnWGhRVmt1UjQwbDYvZWhxbUNCZlFVWFJub3RFYS85ZTdNQXVQSnQ2ZjRwTDZ6N2QwNmFSc0tuQklzSwo1aHgzQUxralUxWXphTk16MnkxeFdYMFV4T05JUnJqSTFTR01VYW5pQlBrZGpVbjRpUlNDZmRLWXdGbmpWN21TCkNuaDF5aDk5NmdEWDQ2dzhaMmFMb2dPLzF3L0VqUzErVFBnSHM5TWFVWnZadGtSc0NhSmUrMmtGb2szRUFnRWcKNXp2TFZQMHh5clYyVWNUdk0rR3AzSERHY2JkTGZCQnU3cVc2MGZZbThLektmeDhoMnhKT2VabnVzVWd4eWJIWAplN0ZXM0RRNGNzR0kxclJYb2FUOC9Oa0dzck1uemRVK0g1MmYKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
UID: 37235979-7c85-46a9-b490-75dae9c9f558
Usages:
digital signature
key encipherment
Username: system:serviceaccount:cert-manager:cert-manager
Status:
Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZaRENDQkV5Z0F3SUJBZ0lUQVBvay9FTGw4ak5rbTR4QmgvenVKU1pUSURBTkJna3Foa2lHOXcwQkFRc0YKQURCWk1Rc3dDUVlEVlFRR0V3SlZVekVnTUI0R0ExVUVDaE1YS0ZOVVFVZEpUa2NwSUV4bGRDZHpJRVZ1WTNKNQpjSFF4S0RBbUJnTlZCQU1USHloVFZFRkhTVTVIS1NCQmNuUnBabWxqYVdGc0lFRndjbWxqYjNRZ1VqTXdIaGNOCk1qSXdOVEkzTVRNeE9UVTBXaGNOTWpJd09ESTFNVE14T1RVeldqQWlNU0F3SGdZRFZRUURFeGR6WTIwdWFuVnUKZEc5MFpXeGxZMjl0TG1OdmJTNWljakNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQgpBTmZlMGpqOGNKTTl4SGtacGxKZkJ3SHk5d0tNYWNGbGRpL3l6aEx0aXVyb2I0TzA5N2JOa21BUWJYU2JiYzNsCm5JK0h3aUlOTXhMQWxTaEF2NFB2S05iUG1iK2VqTFZmNnc4S2xMYzVndWRLS1RpS2pNRU83bk5rY0x4cEgrVWIKdkVLYXFzejhwVk9GQXVMU2I4QU9idStXaVlKY1dPT2xoT0ZFeE0rekJicW4ranplYUQxd3FqdTRzNVV1bDNxRApPUHVEZlRxWU5VRlQ0THpCSUJ1R2FwaVMxdU93c2kvOXNucWp3d3hkZ0NqVmovbnlodGhKMVNRWG5PbXRjbFVkCkFNWmNCN00rZmlkbDdmUTArK0tibkZWTFc2Z1gyOEhhVk02aWI2c1l6MDR2aDEzanB6Vzl1dVZ3VCtzTHc5QjYKeDlmMVBhY3RtRVkyb2RkTklLbHhGR2NDQXdFQUFhT0NBbG93Z2dKV01BNEdBMVVkRHdFQi93UUVBd0lGb0RBZApCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWRCZ05WCkhRNEVGZ1FVQUIyakJLT0VQTm9aRFp4b3RWV2tiZFFUNCtRd0h3WURWUjBqQkJnd0ZvQVUzbko2U044eHc2WlEKMzUrRkk5OVhOMHRkTG1Vd1hRWUlLd1lCQlFVSEFRRUVVVEJQTUNVR0NDc0dBUVVGQnpBQmhobG9kSFJ3T2k4dgpjM1JuTFhJekxtOHViR1Z1WTNJdWIzSm5NQ1lHQ0NzR0FRVUZCekFDaGhwb2RIUndPaTh2YzNSbkxYSXpMbWt1CmJHVnVZM0l1YjNKbkx6QWlCZ05WSFJFRUd6QVpnaGR6WTIwdWFuVnVkRzkwWld4bFkyOXRMbU52YlM1aWNqQk0KQmdOVkhTQUVSVEJETUFnR0JtZUJEQUVDQVRBM0Jnc3JCZ0VFQVlMZkV3RUJBVEFvTUNZR0NDc0dBUVVGQndJQgpGaHBvZEhSd09pOHZZM0J6TG14bGRITmxibU55ZVhCMExtOXlaekNDQVFRR0Npc0dBUVFCMW5rQ0JBSUVnZlVFCmdmSUE4QUIxQU4yWk5QeWw1eVNBeVZab2ZZRTBtUWhKc2tuM3RXbll4N3lyUDF6QjgyNWtBQUFCZ1FYaldJNEEKQUFRREFFWXdSQUlnTEswb1Nqc1JzbnZqWUVqNEtrZ3JEQXNYWkNyUjhPbHRlRll6c3ZjKzJUVUNJSCtpMUxEegpvNDgvV0o4NU5GYWRLczhkT2tCT3JlVElHa3hOaHpOMTVVVlFBSGNBc015RDVhWDVmV3V2ZkFuTUtFa0VoeXJICjZJc1RMR05RdDhiOUp1RnNiSGNBQUFHQkJlTmFmZ0FBQkFNQVNEQkdBaUVBczN3SDZBSXdpVWdXa2xxUU5CUEcKLzN1U3dZY1RNSWZnMlNGZThtVnlMcHdDSVFEN1IzbmhRZ2JMY1JveDZEWWt4bVNLMnFNdDZNNjVqNHE3c3J0WAoyQUk5bURBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQU5ybm5Gb2xIR0ZET2tlZnhKcHovSFJQMUpIVENRQ2t4Ck1BdkdqKy8wbVFjblo1aWJvWnNDb0RtK0tlaHdOTFJDeWtJK1l5Qll3VHBaRjJmOG5ub2NVZzlEWGlTUFlJaWcKWUc2dC9MWTR5bHRRbG5xcEtnUDhiSExiV1VkU1VlUTF2anJHbXhlSlZSMkFaTG1ZSzRwaWVyVEdRNGQ5UFp0MwpuWm04aHIyUmlDQjhPUllqTld5ZVhXSXhoWUo5ZExlOW9KV0dWeFJYLzhhZHZ6Tjl4VWpBanBPbktSdHRLS3hVCkZ0Ry9FNklEUlJ2Z2JHWTZpdUQ2bVdkUE1mTUNFbm9Ocy8zcDRBMElMeDI5Z0JKSWZhR0t5NXdIV25ZVkFtdGgKZ3dpWVBWVk1KYWlJVVpzMG9XTGgvdDZTd253T1FGWDdjZmJ1UUowazh0Y2E5ckFra1dJbVZRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRld6Q0NBME9nQXdJQkFnSVFUZlFybGRIdW16cE1Mck03alJCZDFqQU5CZ2txaGtpRzl3MEJBUXNGQURCbQpNUXN3Q1FZRFZRUUdFd0pWVXpFek1ERUdBMVVFQ2hNcUtGTlVRVWRKVGtjcElFbHVkR1Z5Ym1WMElGTmxZM1Z5CmFYUjVJRkpsYzJWaGNtTm9JRWR5YjNWd01TSXdJQVlEVlFRREV4a29VMVJCUjBsT1J5a2dVSEpsZEdWdVpDQlEKWldGeUlGZ3hNQjRYRFRJd01Ea3dOREF3TURBd01Gb1hEVEkxTURreE5URTJNREF3TUZvd1dURUxNQWtHQTFVRQpCaE1DVlZNeElEQWVCZ05WQkFvVEZ5aFRWRUZIU1U1SEtTQk1aWFFuY3lCRmJtTnllWEIwTVNnd0pnWURWUVFECkV4OG9VMVJCUjBsT1J5a2dRWEowYVdacFkybGhiQ0JCY0hKcFkyOTBJRkl6TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdTZUUjgrNzRiNDZtT0UxRlV3QnJ2eHpFWUxjazNpYXNtS3JjUWtiKwpneS96OUp5N1FOSUFsMEI5cFZLcDRZVTc2Snd4RjVET1paaGk3dks3U2JDa0s2RmJIbHlVNUJpRFlJeGJiZnZPCkwvalZHcWRzU2pOYUpRVGczQzNYckpqYS9IQTRXQ0ZFTVZvVDJ3RFptOEFCQzFOK0lRZTdRNkZFcWM4TndtVFMKbm1tUlFtNFRRdnIwNkRQK3pnRksvTU51YnhXV0RTYlNLS1RINWltNWoyZlpmZytqL3RNMWJHYWN6Rld3OC9sUwpudWt5bjVKMkwrTkpZbmNsemtYb2g5bk1GbnlQbVZiZnlEUE9jNFkyNWFUelZvZUJLWGEvY1o1TU0rV2RkamRMCmJpV3ZtMTlmMXNZbjFhUmFBSXJrcHB2N2trbjgzdmN0aDhYQ0czOXFDMlp2YVFJREFRQUJvNElCRURDQ0FRd3cKRGdZRFZSMFBBUUgvQkFRREFnR0dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQVRBUwpCZ05WSFJNQkFmOEVDREFHQVFIL0FnRUFNQjBHQTFVZERnUVdCQlRlY25wSTN6SERwbERmbjRVajMxYzNTMTB1ClpUQWZCZ05WSFNNRUdEQVdnQlMxODJYeS9yQUtraC83UEgzelJLQ3NZeVhERkRBMkJnZ3JCZ0VGQlFjQkFRUXEKTUNnd0pnWUlLd1lCQlFVSE1BS0dHbWgwZEhBNkx5OXpkR2N0ZURFdWFTNXNaVzVqY2k1dmNtY3ZNQ3NHQTFVZApId1FrTUNJd0lLQWVvQnlHR21oMGRIQTZMeTl6ZEdjdGVERXVZeTVzWlc1amNpNXZjbWN2TUNJR0ExVWRJQVFiCk1Ca3dDQVlHWjRFTUFRSUJNQTBHQ3lzR0FRUUJndDhUQVFFQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQ04KRExhbTl5TjBFRnh4bi8zcCtydVdPNm4vOWdvQ0FNNVBUNmNDNmZrak1zNHVhczZVR1hKanI1ajdQb1RRZjNDMQp2dXhpSUdSSkM2cXhWN3ljNlUwWCt3ME1qODVzSEk1RG5RVldONStEMWVyN21wMTNKSkEweGJBYkhhM1JsY3puCnkyUTgyWEt1aThXSHVXcmEwZ2IyS0xwZmJvWWoxR2hna2hyM2dhdTgzcEMvV1E4SGZrd2N2U3doSVlxVHF4b1oKVXE4SElmM004MnFTOWFLT1pFMENFbVN5UjF6WnFReEpVVDdlbU9VYXBrVU45cG9KOXpHYytGZ1JadmRybzBYQgp5cGhXWERhcU1ZcGgwRHhXLzEwaWc1ajR4bW1ORGpDUm1xSUtzS29XQTUyd0JUS0tYSzFuYTJ0eS9sVzVkaHRBCnhrejVyVlpGZDRzZ1M0SjBPK3ptNmQ1R1JrV3NOSjRrbm90R1hsOHZ0UzNYNDBLWGViM0E1Ky8zcDBxYUQyMTUKWHE4b1NOT1JmQjJvSTFrUXV5RUFKNXh2UFRkZndSbHlSRzNsRllvZHJSZzZwb1VCRC84Zk5UWE10enlkcFJneQp6VVFaaC8xOEY2Qi9pVzZjYmlSTjlyMkhraDA1T20rcTAvNncwRGRaZSs4WXJOcGZoU09ici8xZVZaYktHTUlZCnFLbXlaYkJOdTV5c0VOSUs1TVBjMTRtVWVLbUZqcE44NDBWUjV6dW5vVTUybHFwTER1YS9xSU04aWRrODZ4R1cKeHgybWw0M0RPL1lhL3RWWlZvazBtTzBUVWp6SklmUHF5dnI0NTVJc0l1dDRSbENSOUlxMEVEVHZlMi9ad0N1RwpoU2pwVFVGR1NpUXJSMkpLMkV2cCtvNkFFVFVrQkNPMWF3MFBwUUJQRFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlGVkRDQ0JEeWdBd0lCQWdJUkFPMWRXOGx0Kzk5TlBzMXFTWTNSczhjd0RRWUpLb1pJaHZjTkFRRUxCUUF3CmNURUxNQWtHQTFVRUJoTUNWVk14TXpBeEJnTlZCQW9US2loVFZFRkhTVTVIS1NCSmJuUmxjbTVsZENCVFpXTjEKY21sMGVTQlNaWE5sWVhKamFDQkhjbTkxY0RFdE1Dc0dBMVVFQXhNa0tGTlVRVWRKVGtjcElFUnZZM1J2Y21WawpJRVIxY21saGJpQlNiMjkwSUVOQklGZ3pNQjRYRFRJeE1ERXlNREU1TVRRd00xb1hEVEkwTURrek1ERTRNVFF3Ck0xb3daakVMTUFrR0ExVUVCaE1DVlZNeE16QXhCZ05WQkFvVEtpaFRWRUZIU1U1SEtTQkpiblJsY201bGRDQlQKWldOMWNtbDBlU0JTWlhObFlYSmphQ0JIY205MWNERWlNQ0FHQTFVRUF4TVpLRk5VUVVkSlRrY3BJRkJ5WlhSbApibVFnVUdWaGNpQllNVENDQWlJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFMYmFnRWREClRhMVFnR0JXU1lreU1oc2NaWEVOT0JhVlJUTVgxaGNlSkVOZ3NMME1hNDlEM01pbEk0S1MzOG10a21kRjZjUFcKbkwrK2ZnZWhUMEZiUkhaZ2pPRXI4VUFONGpINm9tanJiVEQrK1ZabmVUc01WYUdhbVFtRGRGbDVnMWdZYWlnawprbXg4T2lDTzY4YTRRWGc0d1N5bjZpRGlwS1A4dXRzRSt4MUUyOFNBNzVIT1lxcGRyazRIR3h1VUx2bHIwM3daCkdUSWYvb1J0Mi9jK2RZbURvYUpoZ2UrR09yTEFFUUJ5TzcrOCt2ek93cE5BUEV4NkxXK2NyRUVaN2VCWGloNlYKUDE5c1RHeTN5ZnFLNXRQdFRkWFhDT1FNS0FwK2dDai9WQnlobUlyKzBpTkRDNTQwZ3R2VjMwM1dwY2J3bmtrTApZQzBGdDJjWVV5SHRrc3RPZlJjUk8rSzJjWm96b1N3VlB5QjgvSjlScGNSSzNqZ25YOWx1amZ3QS9wQWJQMEoyClVQUUZ4bVdGUlFuRmphcTZya3FiTkVCZ0x5K2tGTDFORXNSYnZGYktyUmk1Yll5MmxObXMyTkpQWnZkTlFiVC8KMmRCWkttSnF4SGt4Q3VPUUZqaEpRTmVPK05qbTFaMWlBVFMvM3J0czJ5WmxxWEtzeFFVek42dk5iRDhLblhSTQpFZU9YVVl2YlY0bHFmQ2Y4bVMxNFdFYlNpTXk4N0dCNVM5dWNTVjFYVXJsVEc1VUdjTVNaT0JjRVVwaXNSUEVtClFXVU9UV0lvRFE1Rk9pYS9HSStLaTUyM3IycnVFbWJtRzM3RUJTQlhkeElkbmRxcmp5K1FWQW1DZWJ5RHg5ZVYKRUdPSXBuMjZiVzVMS2VydW1KeGEvQ0ZCYUtpNGJSdm1kSlJMQWdNQkFBR2pnZkV3Z2U0d0RnWURWUjBQQVFILwpCQVFEQWdFR01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZMWHpaZkwrc0FxU0gvczhmZk5FCm9LeGpKY01VTUI4R0ExVWRJd1FZTUJhQUZBaFgyb25Ib2xONURFL2Q0SkNQZExyaUozTkVNRGdHQ0NzR0FRVUYKQndFQkJDd3dLakFvQmdnckJnRUZCUWN3QW9ZY2FIUjBjRG92TDNOMFp5MWtjM1F6TG1rdWJHVnVZM0l1YjNKbgpMekF0QmdOVkhSOEVKakFrTUNLZ0lLQWVoaHhvZEhSd09pOHZjM1JuTFdSemRETXVZeTVzWlc1amNpNXZjbWN2Ck1DSUdBMVVkSUFRYk1Ca3dDQVlHWjRFTUFRSUJNQTBHQ3lzR0FRUUJndDhUQVFFQk1BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUJBUUI3dFI4QjBlSVFTUzZNaFA1a3V2R3RoK2ROMDJEc0locjB5SnRrMmVoSWNQSXFTeFJSbUhHbAo0dTJjM1FsdkVwZVJEcDJ3N2VRZFJUbEkvV25OaFk0Sk9vZnBNZjJ6d0FCZ0JXdEF1MFZvb1FjWlpUcFFydWlnCkYvejZ4WWtCazNVSGtqZXF4ek1OM2QxRXFHdXN4Sm9xZ2RUb3VaNVg1UVRUSWVlOW5RM0xFaFduUlNYRHg3WTAKdHRSMUJHZmNkcUhvcE80SUJxQWhia0tSakY1emo3T0Q4Y0czNW9teXdVYlp0T0puZnRpSTBuRmNSYXhiWG8wdgpvRGZMRDBTNitBQzJSM3RLcHFqa05YNi85MWhyUkZnbFVha3lNY1pVL3hsZXFidjYrTHIzWUQ4UHNCVHViNmxJCm9aMmxTMzhmTDE4QW9uNDU4ZmJjMEJQSHRlbmZoS2o1Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
Conditions:
Last Transition Time: 2022-05-27T14:19:02Z
Message: Certificate request has been approved by cert-manager.io
Reason: cert-manager.io
Status: True
Type: Approved
Last Transition Time: 2022-05-27T14:19:55Z
Message: Certificate fetched from issuer successfully
Reason: Issued
Status: True
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal cert-manager.io 2m26s cert-manager-certificaterequests-approver Certificate request has been approved by cert-manager.io
Normal OrderCreated 2m25s cert-manager-certificaterequests-issuer-acme Created Order resource scm-system/ingress-scm-cert-vm82q-4264773703
Normal OrderPending 2m25s cert-manager-certificaterequests-issuer-acme Waiting on certificate issuance from order scm-system/ingress-scm-cert-vm82q-4264773703: ""
Normal CertificateIssued 93s cert-manager-certificaterequests-issuer-acme Certificate fetched from issuer successfully
$ kubectl get order -n scm-system
NAME STATE AGE
ingress-scm-cert-vm82q-4264773703 valid 3m40s
$ kubectl describe order ingress-scm-cert-vm82q-4264773703 -n scm-system
Name: ingress-scm-cert-vm82q-4264773703
Namespace: scm-system
Labels: app=scm
Annotations: cert-manager.io/certificate-name: ingress-scm-cert
cert-manager.io/certificate-revision: 1
cert-manager.io/private-key-secret-name: ingress-scm-cert-fw2pk
API Version: acme.cert-manager.io/v1
Kind: Order
Metadata:
Creation Timestamp: 2022-05-27T14:19:02Z
Generation: 1
Managed Fields:
API Version: acme.cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:cert-manager.io/certificate-name:
f:cert-manager.io/certificate-revision:
f:cert-manager.io/private-key-secret-name:
f:labels:
.:
f:app:
f:ownerReferences:
.:
k:{"uid":"9987ba12-4f7d-444c-8caa-876ed1408114"}:
f:spec:
.:
f:dnsNames:
f:issuerRef:
.:
f:group:
f:kind:
f:name:
f:request:
Manager: cert-manager-certificaterequests-issuer-acme
Operation: Update
Time: 2022-05-27T14:19:02Z
API Version: acme.cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:authorizations:
f:certificate:
f:finalizeURL:
f:state:
f:url:
Manager: cert-manager-orders
Operation: Update
Subresource: status
Time: 2022-05-27T14:19:55Z
Owner References:
API Version: cert-manager.io/v1
Block Owner Deletion: true
Controller: true
Kind: CertificateRequest
Name: ingress-scm-cert-vm82q
UID: 9987ba12-4f7d-444c-8caa-876ed1408114
Resource Version: 2497037
UID: eac4334b-b52e-468e-a811-5d487824f337
Spec:
Dns Names:
scm.juntotelecom.com.br
Issuer Ref:
Group: cert-manager.io
Kind: ClusterIssuer
Name: letsencrypt-staging
Request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2h6Q0NBVzhDQVFBd0FEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5mZQowamo4Y0pNOXhIa1pwbEpmQndIeTl3S01hY0ZsZGkveXpoTHRpdXJvYjRPMDk3Yk5rbUFRYlhTYmJjM2xuSStICndpSU5NeExBbFNoQXY0UHZLTmJQbWIrZWpMVmY2dzhLbExjNWd1ZEtLVGlLak1FTzduTmtjTHhwSCtVYnZFS2EKcXN6OHBWT0ZBdUxTYjhBT2J1K1dpWUpjV09PbGhPRkV4TSt6QmJxbitqemVhRDF3cWp1NHM1VXVsM3FET1B1RApmVHFZTlVGVDRMekJJQnVHYXBpUzF1T3dzaS85c25xand3eGRnQ2pWai9ueWh0aEoxU1FYbk9tdGNsVWRBTVpjCkI3TStmaWRsN2ZRMCsrS2JuRlZMVzZnWDI4SGFWTTZpYjZzWXowNHZoMTNqcHpXOXV1VndUK3NMdzlCNng5ZjEKUGFjdG1FWTJvZGROSUtseEZHY0NBd0VBQWFCQ01FQUdDU3FHU0liM0RRRUpEakV6TURFd0lnWURWUjBSQkJzdwpHWUlYYzJOdExtcDFiblJ2ZEdWc1pXTnZiUzVqYjIwdVluSXdDd1lEVlIwUEJBUURBZ1dnTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQ0xiK1VrNTNGcGtxMkh3M1VuWGhZZ1FFVmIxZGxUWldSeHBCcWNqY3JveWhqMS9JRzkKRmtWZXlnWGhRVmt1UjQwbDYvZWhxbUNCZlFVWFJub3RFYS85ZTdNQXVQSnQ2ZjRwTDZ6N2QwNmFSc0tuQklzSwo1aHgzQUxralUxWXphTk16MnkxeFdYMFV4T05JUnJqSTFTR01VYW5pQlBrZGpVbjRpUlNDZmRLWXdGbmpWN21TCkNuaDF5aDk5NmdEWDQ2dzhaMmFMb2dPLzF3L0VqUzErVFBnSHM5TWFVWnZadGtSc0NhSmUrMmtGb2szRUFnRWcKNXp2TFZQMHh5clYyVWNUdk0rR3AzSERHY2JkTGZCQnU3cVc2MGZZbThLektmeDhoMnhKT2VabnVzVWd4eWJIWAplN0ZXM0RRNGNzR0kxclJYb2FUOC9Oa0dzck1uemRVK0g1MmYKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
Status:
Authorizations:
Challenges:
Token: TVpYlM3TlLmEdGxaAy3EuXwsa5a43Maj7YG82pege_I
Type: http-01
URL: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2552324354/Wg4C9Q
Token: TVpYlM3TlLmEdGxaAy3EuXwsa5a43Maj7YG82pege_I
Type: dns-01
URL: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2552324354/h-t0bw
Token: TVpYlM3TlLmEdGxaAy3EuXwsa5a43Maj7YG82pege_I
Type: tls-alpn-01
URL: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2552324354/DbMZuw
Identifier: scm.juntotelecom.com.br
Initial State: pending
URL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2552324354
Wildcard: false
Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZaRENDQkV5Z0F3SUJBZ0lUQVBvay9FTGw4ak5rbTR4QmgvenVKU1pUSURBTkJna3Foa2lHOXcwQkFRc0YKQURCWk1Rc3dDUVlEVlFRR0V3SlZVekVnTUI0R0ExVUVDaE1YS0ZOVVFVZEpUa2NwSUV4bGRDZHpJRVZ1WTNKNQpjSFF4S0RBbUJnTlZCQU1USHloVFZFRkhTVTVIS1NCQmNuUnBabWxqYVdGc0lFRndjbWxqYjNRZ1VqTXdIaGNOCk1qSXdOVEkzTVRNeE9UVTBXaGNOTWpJd09ESTFNVE14T1RVeldqQWlNU0F3SGdZRFZRUURFeGR6WTIwdWFuVnUKZEc5MFpXeGxZMjl0TG1OdmJTNWljakNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQgpBTmZlMGpqOGNKTTl4SGtacGxKZkJ3SHk5d0tNYWNGbGRpL3l6aEx0aXVyb2I0TzA5N2JOa21BUWJYU2JiYzNsCm5JK0h3aUlOTXhMQWxTaEF2NFB2S05iUG1iK2VqTFZmNnc4S2xMYzVndWRLS1RpS2pNRU83bk5rY0x4cEgrVWIKdkVLYXFzejhwVk9GQXVMU2I4QU9idStXaVlKY1dPT2xoT0ZFeE0rekJicW4ranplYUQxd3FqdTRzNVV1bDNxRApPUHVEZlRxWU5VRlQ0THpCSUJ1R2FwaVMxdU93c2kvOXNucWp3d3hkZ0NqVmovbnlodGhKMVNRWG5PbXRjbFVkCkFNWmNCN00rZmlkbDdmUTArK0tibkZWTFc2Z1gyOEhhVk02aWI2c1l6MDR2aDEzanB6Vzl1dVZ3VCtzTHc5QjYKeDlmMVBhY3RtRVkyb2RkTklLbHhGR2NDQXdFQUFhT0NBbG93Z2dKV01BNEdBMVVkRHdFQi93UUVBd0lGb0RBZApCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWRCZ05WCkhRNEVGZ1FVQUIyakJLT0VQTm9aRFp4b3RWV2tiZFFUNCtRd0h3WURWUjBqQkJnd0ZvQVUzbko2U044eHc2WlEKMzUrRkk5OVhOMHRkTG1Vd1hRWUlLd1lCQlFVSEFRRUVVVEJQTUNVR0NDc0dBUVVGQnpBQmhobG9kSFJ3T2k4dgpjM1JuTFhJekxtOHViR1Z1WTNJdWIzSm5NQ1lHQ0NzR0FRVUZCekFDaGhwb2RIUndPaTh2YzNSbkxYSXpMbWt1CmJHVnVZM0l1YjNKbkx6QWlCZ05WSFJFRUd6QVpnaGR6WTIwdWFuVnVkRzkwWld4bFkyOXRMbU52YlM1aWNqQk0KQmdOVkhTQUVSVEJETUFnR0JtZUJEQUVDQVRBM0Jnc3JCZ0VFQVlMZkV3RUJBVEFvTUNZR0NDc0dBUVVGQndJQgpGaHBvZEhSd09pOHZZM0J6TG14bGRITmxibU55ZVhCMExtOXlaekNDQVFRR0Npc0dBUVFCMW5rQ0JBSUVnZlVFCmdmSUE4QUIxQU4yWk5QeWw1eVNBeVZab2ZZRTBtUWhKc2tuM3RXbll4N3lyUDF6QjgyNWtBQUFCZ1FYaldJNEEKQUFRREFFWXdSQUlnTEswb1Nqc1JzbnZqWUVqNEtrZ3JEQXNYWkNyUjhPbHRlRll6c3ZjKzJUVUNJSCtpMUxEegpvNDgvV0o4NU5GYWRLczhkT2tCT3JlVElHa3hOaHpOMTVVVlFBSGNBc015RDVhWDVmV3V2ZkFuTUtFa0VoeXJICjZJc1RMR05RdDhiOUp1RnNiSGNBQUFHQkJlTmFmZ0FBQkFNQVNEQkdBaUVBczN3SDZBSXdpVWdXa2xxUU5CUEcKLzN1U3dZY1RNSWZnMlNGZThtVnlMcHdDSVFEN1IzbmhRZ2JMY1JveDZEWWt4bVNLMnFNdDZNNjVqNHE3c3J0WAoyQUk5bURBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQU5ybm5Gb2xIR0ZET2tlZnhKcHovSFJQMUpIVENRQ2t4Ck1BdkdqKy8wbVFjblo1aWJvWnNDb0RtK0tlaHdOTFJDeWtJK1l5Qll3VHBaRjJmOG5ub2NVZzlEWGlTUFlJaWcKWUc2dC9MWTR5bHRRbG5xcEtnUDhiSExiV1VkU1VlUTF2anJHbXhlSlZSMkFaTG1ZSzRwaWVyVEdRNGQ5UFp0MwpuWm04aHIyUmlDQjhPUllqTld5ZVhXSXhoWUo5ZExlOW9KV0dWeFJYLzhhZHZ6Tjl4VWpBanBPbktSdHRLS3hVCkZ0Ry9FNklEUlJ2Z2JHWTZpdUQ2bVdkUE1mTUNFbm9Ocy8zcDRBMElMeDI5Z0JKSWZhR0t5NXdIV25ZVkFtdGgKZ3dpWVBWVk1KYWlJVVpzMG9XTGgvdDZTd253T1FGWDdjZmJ1UUowazh0Y2E5ckFra1dJbVZRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRld6Q0NBME9nQXdJQkFnSVFUZlFybGRIdW16cE1Mck03alJCZDFqQU5CZ2txaGtpRzl3MEJBUXNGQURCbQpNUXN3Q1FZRFZRUUdFd0pWVXpFek1ERUdBMVVFQ2hNcUtGTlVRVWRKVGtjcElFbHVkR1Z5Ym1WMElGTmxZM1Z5CmFYUjVJRkpsYzJWaGNtTm9JRWR5YjNWd01TSXdJQVlEVlFRREV4a29VMVJCUjBsT1J5a2dVSEpsZEdWdVpDQlEKWldGeUlGZ3hNQjRYRFRJd01Ea3dOREF3TURBd01Gb1hEVEkxTURreE5URTJNREF3TUZvd1dURUxNQWtHQTFVRQpCaE1DVlZNeElEQWVCZ05WQkFvVEZ5aFRWRUZIU1U1SEtTQk1aWFFuY3lCRmJtTnllWEIwTVNnd0pnWURWUVFECkV4OG9VMVJCUjBsT1J5a2dRWEowYVdacFkybGhiQ0JCY0hKcFkyOTBJRkl6TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdTZUUjgrNzRiNDZtT0UxRlV3QnJ2eHpFWUxjazNpYXNtS3JjUWtiKwpneS96OUp5N1FOSUFsMEI5cFZLcDRZVTc2Snd4RjVET1paaGk3dks3U2JDa0s2RmJIbHlVNUJpRFlJeGJiZnZPCkwvalZHcWRzU2pOYUpRVGczQzNYckpqYS9IQTRXQ0ZFTVZvVDJ3RFptOEFCQzFOK0lRZTdRNkZFcWM4TndtVFMKbm1tUlFtNFRRdnIwNkRQK3pnRksvTU51YnhXV0RTYlNLS1RINWltNWoyZlpmZytqL3RNMWJHYWN6Rld3OC9sUwpudWt5bjVKMkwrTkpZbmNsemtYb2g5bk1GbnlQbVZiZnlEUE9jNFkyNWFUelZvZUJLWGEvY1o1TU0rV2RkamRMCmJpV3ZtMTlmMXNZbjFhUmFBSXJrcHB2N2trbjgzdmN0aDhYQ0czOXFDMlp2YVFJREFRQUJvNElCRURDQ0FRd3cKRGdZRFZSMFBBUUgvQkFRREFnR0dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQVRBUwpCZ05WSFJNQkFmOEVDREFHQVFIL0FnRUFNQjBHQTFVZERnUVdCQlRlY25wSTN6SERwbERmbjRVajMxYzNTMTB1ClpUQWZCZ05WSFNNRUdEQVdnQlMxODJYeS9yQUtraC83UEgzelJLQ3NZeVhERkRBMkJnZ3JCZ0VGQlFjQkFRUXEKTUNnd0pnWUlLd1lCQlFVSE1BS0dHbWgwZEhBNkx5OXpkR2N0ZURFdWFTNXNaVzVqY2k1dmNtY3ZNQ3NHQTFVZApId1FrTUNJd0lLQWVvQnlHR21oMGRIQTZMeTl6ZEdjdGVERXVZeTVzWlc1amNpNXZjbWN2TUNJR0ExVWRJQVFiCk1Ca3dDQVlHWjRFTUFRSUJNQTBHQ3lzR0FRUUJndDhUQVFFQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQ04KRExhbTl5TjBFRnh4bi8zcCtydVdPNm4vOWdvQ0FNNVBUNmNDNmZrak1zNHVhczZVR1hKanI1ajdQb1RRZjNDMQp2dXhpSUdSSkM2cXhWN3ljNlUwWCt3ME1qODVzSEk1RG5RVldONStEMWVyN21wMTNKSkEweGJBYkhhM1JsY3puCnkyUTgyWEt1aThXSHVXcmEwZ2IyS0xwZmJvWWoxR2hna2hyM2dhdTgzcEMvV1E4SGZrd2N2U3doSVlxVHF4b1oKVXE4SElmM004MnFTOWFLT1pFMENFbVN5UjF6WnFReEpVVDdlbU9VYXBrVU45cG9KOXpHYytGZ1JadmRybzBYQgp5cGhXWERhcU1ZcGgwRHhXLzEwaWc1ajR4bW1ORGpDUm1xSUtzS29XQTUyd0JUS0tYSzFuYTJ0eS9sVzVkaHRBCnhrejVyVlpGZDRzZ1M0SjBPK3ptNmQ1R1JrV3NOSjRrbm90R1hsOHZ0UzNYNDBLWGViM0E1Ky8zcDBxYUQyMTUKWHE4b1NOT1JmQjJvSTFrUXV5RUFKNXh2UFRkZndSbHlSRzNsRllvZHJSZzZwb1VCRC84Zk5UWE10enlkcFJneQp6VVFaaC8xOEY2Qi9pVzZjYmlSTjlyMkhraDA1T20rcTAvNncwRGRaZSs4WXJOcGZoU09ici8xZVZaYktHTUlZCnFLbXlaYkJOdTV5c0VOSUs1TVBjMTRtVWVLbUZqcE44NDBWUjV6dW5vVTUybHFwTER1YS9xSU04aWRrODZ4R1cKeHgybWw0M0RPL1lhL3RWWlZvazBtTzBUVWp6SklmUHF5dnI0NTVJc0l1dDRSbENSOUlxMEVEVHZlMi9ad0N1RwpoU2pwVFVGR1NpUXJSMkpLMkV2cCtvNkFFVFVrQkNPMWF3MFBwUUJQRFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlGVkRDQ0JEeWdBd0lCQWdJUkFPMWRXOGx0Kzk5TlBzMXFTWTNSczhjd0RRWUpLb1pJaHZjTkFRRUxCUUF3CmNURUxNQWtHQTFVRUJoTUNWVk14TXpBeEJnTlZCQW9US2loVFZFRkhTVTVIS1NCSmJuUmxjbTVsZENCVFpXTjEKY21sMGVTQlNaWE5sWVhKamFDQkhjbTkxY0RFdE1Dc0dBMVVFQXhNa0tGTlVRVWRKVGtjcElFUnZZM1J2Y21WawpJRVIxY21saGJpQlNiMjkwSUVOQklGZ3pNQjRYRFRJeE1ERXlNREU1TVRRd00xb1hEVEkwTURrek1ERTRNVFF3Ck0xb3daakVMTUFrR0ExVUVCaE1DVlZNeE16QXhCZ05WQkFvVEtpaFRWRUZIU1U1SEtTQkpiblJsY201bGRDQlQKWldOMWNtbDBlU0JTWlhObFlYSmphQ0JIY205MWNERWlNQ0FHQTFVRUF4TVpLRk5VUVVkSlRrY3BJRkJ5WlhSbApibVFnVUdWaGNpQllNVENDQWlJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFMYmFnRWREClRhMVFnR0JXU1lreU1oc2NaWEVOT0JhVlJUTVgxaGNlSkVOZ3NMME1hNDlEM01pbEk0S1MzOG10a21kRjZjUFcKbkwrK2ZnZWhUMEZiUkhaZ2pPRXI4VUFONGpINm9tanJiVEQrK1ZabmVUc01WYUdhbVFtRGRGbDVnMWdZYWlnawprbXg4T2lDTzY4YTRRWGc0d1N5bjZpRGlwS1A4dXRzRSt4MUUyOFNBNzVIT1lxcGRyazRIR3h1VUx2bHIwM3daCkdUSWYvb1J0Mi9jK2RZbURvYUpoZ2UrR09yTEFFUUJ5TzcrOCt2ek93cE5BUEV4NkxXK2NyRUVaN2VCWGloNlYKUDE5c1RHeTN5ZnFLNXRQdFRkWFhDT1FNS0FwK2dDai9WQnlobUlyKzBpTkRDNTQwZ3R2VjMwM1dwY2J3bmtrTApZQzBGdDJjWVV5SHRrc3RPZlJjUk8rSzJjWm96b1N3VlB5QjgvSjlScGNSSzNqZ25YOWx1amZ3QS9wQWJQMEoyClVQUUZ4bVdGUlFuRmphcTZya3FiTkVCZ0x5K2tGTDFORXNSYnZGYktyUmk1Yll5MmxObXMyTkpQWnZkTlFiVC8KMmRCWkttSnF4SGt4Q3VPUUZqaEpRTmVPK05qbTFaMWlBVFMvM3J0czJ5WmxxWEtzeFFVek42dk5iRDhLblhSTQpFZU9YVVl2YlY0bHFmQ2Y4bVMxNFdFYlNpTXk4N0dCNVM5dWNTVjFYVXJsVEc1VUdjTVNaT0JjRVVwaXNSUEVtClFXVU9UV0lvRFE1Rk9pYS9HSStLaTUyM3IycnVFbWJtRzM3RUJTQlhkeElkbmRxcmp5K1FWQW1DZWJ5RHg5ZVYKRUdPSXBuMjZiVzVMS2VydW1KeGEvQ0ZCYUtpNGJSdm1kSlJMQWdNQkFBR2pnZkV3Z2U0d0RnWURWUjBQQVFILwpCQVFEQWdFR01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZMWHpaZkwrc0FxU0gvczhmZk5FCm9LeGpKY01VTUI4R0ExVWRJd1FZTUJhQUZBaFgyb25Ib2xONURFL2Q0SkNQZExyaUozTkVNRGdHQ0NzR0FRVUYKQndFQkJDd3dLakFvQmdnckJnRUZCUWN3QW9ZY2FIUjBjRG92TDNOMFp5MWtjM1F6TG1rdWJHVnVZM0l1YjNKbgpMekF0QmdOVkhSOEVKakFrTUNLZ0lLQWVoaHhvZEhSd09pOHZjM1JuTFdSemRETXVZeTVzWlc1amNpNXZjbWN2Ck1DSUdBMVVkSUFRYk1Ca3dDQVlHWjRFTUFRSUJNQTBHQ3lzR0FRUUJndDhUQVFFQk1BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUJBUUI3dFI4QjBlSVFTUzZNaFA1a3V2R3RoK2ROMDJEc0locjB5SnRrMmVoSWNQSXFTeFJSbUhHbAo0dTJjM1FsdkVwZVJEcDJ3N2VRZFJUbEkvV25OaFk0Sk9vZnBNZjJ6d0FCZ0JXdEF1MFZvb1FjWlpUcFFydWlnCkYvejZ4WWtCazNVSGtqZXF4ek1OM2QxRXFHdXN4Sm9xZ2RUb3VaNVg1UVRUSWVlOW5RM0xFaFduUlNYRHg3WTAKdHRSMUJHZmNkcUhvcE80SUJxQWhia0tSakY1emo3T0Q4Y0czNW9teXdVYlp0T0puZnRpSTBuRmNSYXhiWG8wdgpvRGZMRDBTNitBQzJSM3RLcHFqa05YNi85MWhyUkZnbFVha3lNY1pVL3hsZXFidjYrTHIzWUQ4UHNCVHViNmxJCm9aMmxTMzhmTDE4QW9uNDU4ZmJjMEJQSHRlbmZoS2o1Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
Finalize URL: https://acme-staging-v02.api.letsencrypt.org/acme/finalize/55465934/2689108194
State: valid
URL: https://acme-staging-v02.api.letsencrypt.org/acme/order/55465934/2689108194
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Created 3m53s cert-manager-orders Created Challenge resource "ingress-scm-cert-vm82q-4264773703-3719462628" for domain "scm.juntotelecom.com.br"
Normal Complete 3m3s cert-manager-orders Order completed successfully
{{:scm-staging.png|}}
==== Emitindo o sertificado de produção - production ====
$ kubectl delete -f ingress-scm-ssl.yaml
ingress.networking.k8s.io "ingress-scm" deleted
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app: scm
name: ingress-scm
namespace: scm-system
annotations:
#cert-manager.io/cluster-issuer: letsencrypt-staging
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: nginx
rules:
- host: scm.juntotelecom.com.br
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: http-scm
port:
number: 3000
tls:
- hosts:
- scm.juntotelecom.com.br
secretName: ingress-scm-cert
$ kubectl apply -f ingress-scm-ssl.yaml
ingress.networking.k8s.io/ingress-scm created
$ kubectl describe ingress ingress-scm -n scm-system
Name: ingress-scm
Labels: app=scm
Namespace: scm-system
Address: 172.28.128.99
Default backend: default-http-backend:80 ()
TLS:
ingress-scm-cert terminates scm.juntotelecom.com.br
Rules:
Host Path Backends
---- ---- --------
scm.juntotelecom.com.br
/ http-scm:3000 (10.244.213.129:3000)
Annotations: cert-manager.io/cluster-issuer: letsencrypt-prod
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CreateCertificate 40s cert-manager-ingress-shim Successfully created Certificate "ingress-scm-cert"
Normal Sync 37s (x2 over 40s) nginx-ingress-controller Scheduled for sync
$ kubectl get certificaterequest -n scm-system
NAME APPROVED DENIED READY ISSUER REQUESTOR AGE
ingress-scm-cert-mv76b True True letsencrypt-prod system:serviceaccount:cert-manager:cert-manager 77s
$ kubectl describe certificaterequest ingress-scm-cert-mv76b -n scm-system
Name: ingress-scm-cert-mv76b
Namespace: scm-system
Labels: app=scm
Annotations: cert-manager.io/certificate-name: ingress-scm-cert
cert-manager.io/certificate-revision: 1
cert-manager.io/private-key-secret-name: ingress-scm-cert-q52zf
API Version: cert-manager.io/v1
Kind: CertificateRequest
Metadata:
Creation Timestamp: 2022-05-27T14:32:13Z
Generate Name: ingress-scm-cert-
Generation: 1
Managed Fields:
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:conditions:
.:
k:{"type":"Approved"}:
.:
f:lastTransitionTime:
f:message:
f:reason:
f:status:
f:type:
Manager: cert-manager-certificaterequests-approver
Operation: Update
Subresource: status
Time: 2022-05-27T14:32:13Z
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:cert-manager.io/certificate-name:
f:cert-manager.io/certificate-revision:
f:cert-manager.io/private-key-secret-name:
f:generateName:
f:labels:
.:
f:app:
f:ownerReferences:
.:
k:{"uid":"401de434-ca12-44f3-83c0-f441ce0f9fb9"}:
f:spec:
.:
f:issuerRef:
.:
f:group:
f:kind:
f:name:
f:request:
f:usages:
Manager: cert-manager-certificates-request-manager
Operation: Update
Time: 2022-05-27T14:32:13Z
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
f:certificate:
f:conditions:
k:{"type":"Ready"}:
.:
f:lastTransitionTime:
f:message:
f:reason:
f:status:
f:type:
Manager: cert-manager-certificaterequests-issuer-acme
Operation: Update
Subresource: status
Time: 2022-05-27T14:32:46Z
Owner References:
API Version: cert-manager.io/v1
Block Owner Deletion: true
Controller: true
Kind: Certificate
Name: ingress-scm-cert
UID: 401de434-ca12-44f3-83c0-f441ce0f9fb9
Resource Version: 2499559
UID: 1d5b6891-6b8f-4ae0-97c6-014b574d77ec
Spec:
Extra:
authentication.kubernetes.io/pod-name:
cert-manager-76578c9687-qlmbm
authentication.kubernetes.io/pod-uid:
b997afd3-f8a2-46ca-a02a-f72273bb449c
Groups:
system:serviceaccounts
system:serviceaccounts:cert-manager
system:authenticated
Issuer Ref:
Group: cert-manager.io
Kind: ClusterIssuer
Name: letsencrypt-prod
Request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2h6Q0NBVzhDQVFBd0FEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5mZQowamo4Y0pNOXhIa1pwbEpmQndIeTl3S01hY0ZsZGkveXpoTHRpdXJvYjRPMDk3Yk5rbUFRYlhTYmJjM2xuSStICndpSU5NeExBbFNoQXY0UHZLTmJQbWIrZWpMVmY2dzhLbExjNWd1ZEtLVGlLak1FTzduTmtjTHhwSCtVYnZFS2EKcXN6OHBWT0ZBdUxTYjhBT2J1K1dpWUpjV09PbGhPRkV4TSt6QmJxbitqemVhRDF3cWp1NHM1VXVsM3FET1B1RApmVHFZTlVGVDRMekJJQnVHYXBpUzF1T3dzaS85c25xand3eGRnQ2pWai9ueWh0aEoxU1FYbk9tdGNsVWRBTVpjCkI3TStmaWRsN2ZRMCsrS2JuRlZMVzZnWDI4SGFWTTZpYjZzWXowNHZoMTNqcHpXOXV1VndUK3NMdzlCNng5ZjEKUGFjdG1FWTJvZGROSUtseEZHY0NBd0VBQWFCQ01FQUdDU3FHU0liM0RRRUpEakV6TURFd0lnWURWUjBSQkJzdwpHWUlYYzJOdExtcDFiblJ2ZEdWc1pXTnZiUzVqYjIwdVluSXdDd1lEVlIwUEJBUURBZ1dnTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQ0xiK1VrNTNGcGtxMkh3M1VuWGhZZ1FFVmIxZGxUWldSeHBCcWNqY3JveWhqMS9JRzkKRmtWZXlnWGhRVmt1UjQwbDYvZWhxbUNCZlFVWFJub3RFYS85ZTdNQXVQSnQ2ZjRwTDZ6N2QwNmFSc0tuQklzSwo1aHgzQUxralUxWXphTk16MnkxeFdYMFV4T05JUnJqSTFTR01VYW5pQlBrZGpVbjRpUlNDZmRLWXdGbmpWN21TCkNuaDF5aDk5NmdEWDQ2dzhaMmFMb2dPLzF3L0VqUzErVFBnSHM5TWFVWnZadGtSc0NhSmUrMmtGb2szRUFnRWcKNXp2TFZQMHh5clYyVWNUdk0rR3AzSERHY2JkTGZCQnU3cVc2MGZZbThLektmeDhoMnhKT2VabnVzVWd4eWJIWAplN0ZXM0RRNGNzR0kxclJYb2FUOC9Oa0dzck1uemRVK0g1MmYKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
UID: 37235979-7c85-46a9-b490-75dae9c9f558
Usages:
digital signature
key encipherment
Username: system:serviceaccount:cert-manager:cert-manager
Status:
Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZNekNDQkJ1Z0F3SUJBZ0lTQTBNUTd5cDFwb3NrbXRRTlI3OVlUMW1RTUEwR0NTcUdTSWIzRFFFQkN3VUEKTURJeEN6QUpCZ05WQkFZVEFsVlRNUll3RkFZRFZRUUtFdzFNWlhRbmN5QkZibU55ZVhCME1Rc3dDUVlEVlFRRApFd0pTTXpBZUZ3MHlNakExTWpjeE16TXlORFZhRncweU1qQTRNalV4TXpNeU5EUmFNQ0l4SURBZUJnTlZCQU1UCkYzTmpiUzVxZFc1MGIzUmxiR1ZqYjIwdVkyOXRMbUp5TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEEKTUlJQkNnS0NBUUVBMTk3U09QeHdrejNFZVJtbVVsOEhBZkwzQW94cHdXVjJML0xPRXUySzZ1aHZnN1QzdHMyUwpZQkJ0ZEp0dHplV2NqNGZDSWcwekVzQ1ZLRUMvZys4bzFzK1p2NTZNdFYvckR3cVV0em1DNTBvcE9JcU13UTd1CmMyUnd2R2tmNVJ1OFFwcXF6UHlsVTRVQzR0SnZ3QTV1NzVhSmdseFk0NldFNFVURXo3TUZ1cWY2UE41b1BYQ3EKTzdpemxTNlhlb000KzROOU9wZzFRVlBndk1FZ0c0WnFtSkxXNDdDeUwvMnllcVBEREYyQUtOV1ArZktHMkVuVgpKQmVjNmExeVZSMEF4bHdIc3o1K0oyWHQ5RFQ3NHB1Y1ZVdGJxQmZid2RwVXpxSnZxeGpQVGkrSFhlT25OYjI2CjVYQlA2d3ZEMEhySDEvVTlweTJZUmphaDEwMGdxWEVVWndJREFRQUJvNElDVVRDQ0FrMHdEZ1lEVlIwUEFRSC8KQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RQpBakFBTUIwR0ExVWREZ1FXQkJRQUhhTUVvNFE4MmhrTm5HaTFWYVJ0MUJQajVEQWZCZ05WSFNNRUdEQVdnQlFVCkxyTVh0MWhXeTY1UUNVRG1INitkaXhUQ3hqQlZCZ2dyQmdFRkJRY0JBUVJKTUVjd0lRWUlLd1lCQlFVSE1BR0cKRldoMGRIQTZMeTl5TXk1dkxteGxibU55TG05eVp6QWlCZ2dyQmdFRkJRY3dBb1lXYUhSMGNEb3ZMM0l6TG1rdQpiR1Z1WTNJdWIzSm5MekFpQmdOVkhSRUVHekFaZ2hkelkyMHVhblZ1ZEc5MFpXeGxZMjl0TG1OdmJTNWljakJNCkJnTlZIU0FFUlRCRE1BZ0dCbWVCREFFQ0FUQTNCZ3NyQmdFRUFZTGZFd0VCQVRBb01DWUdDQ3NHQVFVRkJ3SUIKRmhwb2RIUndPaTh2WTNCekxteGxkSE5sYm1OeWVYQjBMbTl5WnpDQ0FRTUdDaXNHQVFRQjFua0NCQUlFZ2ZRRQpnZkVBN3dCMkFFSEl5ckhmSWtaS0VNYWhPZ2xDaDE1T01Zc2JBK3ZyUzhkbzhKQmlsZ2IyQUFBQmdRWHZIbVVBCkFBUURBRWN3UlFJZ1ZHZ1ViU0ZNUlZKUHJvZ01UeTVFd0k0MDBQUkhER2VQbnp3QzlyY2FaUDhDSVFDWTRZdm4KdHlBUUtaUXFJS1hmcjhiRFBTbmxVMUlDcjJXeTNPb0hJdHpxZmdCMUFFYWxWZXQxK3BFZ01MV2lpV24wODMwUgpMRUYwdnYxSnVJV3I4dnh3L20xSEFBQUJnUVh2SG93QUFBUURBRVl3UkFJZ0ZSd3JibUpzQjY3SlBrRjRaczV4CllrTFp6TEV2YlRRbTNXVDJqL2I3UFFZQ0lIYmhZSjdxOEJvTERMclJZelVNTlZKVjV6Tjliem44aHdvZ0QyM0sKNDhWa01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQXE5azNqN0VLWnB4WHEweWJya05tM0tOM2lNRERxRzlWbwp6Sktvc2R2dGRKb1ZNR3paOHEwWHVRelEzakFhRE1XSTA4b3BGVEw1cS9nQU5hVHYxYm41ZzBvQzExVlZ3RnEyCmZzdnBLa0pEcjBOSGt1ay9jcWxyZlBSV3hldWgveXdpYml0M1JDZThDVStqTkpVanovbVZRUkM0bC9vN1YzU1QKRHZQcGNtOW9QZTIvV25JRk4vL3BrYlRRVjNHNXVZNHg2Ni9GU1Q1aWh5QkphWEZ5QkhUWlFwMnRmYTdFV0VUSAptUVB2UzVkKzYwTThEaWluZlIvVlNHVDIxWXJNNEZyWUU1dlYvTXdHcGRoNjkwdFJ4UmtZU1JhRE1OeEJTQWkzCjFjS2tUYmZkN1MvVWxFd0lKZ3Iydm1kQVgwdXhnV0hnZkUxbTRROUtXZ0lZRzg5QUhBN2MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRkZqQ0NBdjZnQXdJQkFnSVJBSkVyQ0VyUERCaW5VL2JXTGlXblgxb3dEUVlKS29aSWh2Y05BUUVMQlFBdwpUekVMTUFrR0ExVUVCaE1DVlZNeEtUQW5CZ05WQkFvVElFbHVkR1Z5Ym1WMElGTmxZM1Z5YVhSNUlGSmxjMlZoCmNtTm9JRWR5YjNWd01SVXdFd1lEVlFRREV3eEpVMUpISUZKdmIzUWdXREV3SGhjTk1qQXdPVEEwTURBd01EQXcKV2hjTk1qVXdPVEUxTVRZd01EQXdXakF5TVFzd0NRWURWUVFHRXdKVlV6RVdNQlFHQTFVRUNoTU5UR1YwSjNNZwpSVzVqY25sd2RERUxNQWtHQTFVRUF4TUNVak13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUM3QWhVb3pQYWdsTk1QRXV5TlZaTEQrSUx4bWFaNlFvaW5YU2FxdFN1NXhVeXhyNDVyK1hYSW85Y1AKUjVRVVZUVlhqSjZvb2prWjlZSThRcWxPYnZVN3d5N2JqY0N3WFBOWk9PZnR6Mm53V2dzYnZzQ1VKQ1dIK2pkeApzeFBuSEt6aG0rL2I1RHRGVWtXV3FjRlR6alRJVXU2MXJ1MlAzbUJ3NHFWVXE3WnREcGVsUURScks5TzhadXRtCk5IejZhNHVQVnltWitEQVhYYnB5Yi91QnhhM1NobGc5RjhmbkNidnhLL2VHM01IYWNWM1VSdVBNclNYQmlMeGcKWjNWbXMvRVk5NkpjNWxQL09vaTJSNlgvRXhqcW1BbDNQNTFUK2M4QjVmV21jQmNVcjJPay81bXprNTNjVTZjRwova2lGSGFGcHJpVjF1eFBNVWdQMTdWR2hpOXNWQWdNQkFBR2pnZ0VJTUlJQkJEQU9CZ05WSFE4QkFmOEVCQU1DCkFZWXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0lHQ0NzR0FRVUZCd01CTUJJR0ExVWRFd0VCL3dRSU1BWUIKQWY4Q0FRQXdIUVlEVlIwT0JCWUVGQlF1c3hlM1dGYkxybEFKUU9ZZnI1MkxGTUxHTUI4R0ExVWRJd1FZTUJhQQpGSG0wV2VaN3R1WGtBWE9BQ0lqSUdsajI2WnR1TURJR0NDc0dBUVVGQndFQkJDWXdKREFpQmdnckJnRUZCUWN3CkFvWVdhSFIwY0RvdkwzZ3hMbWt1YkdWdVkzSXViM0puTHpBbkJnTlZIUjhFSURBZU1CeWdHcUFZaGhab2RIUncKT2k4dmVERXVZeTVzWlc1amNpNXZjbWN2TUNJR0ExVWRJQVFiTUJrd0NBWUdaNEVNQVFJQk1BMEdDeXNHQVFRQgpndDhUQVFFQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQ0Z5azVIUHFQM2hVU0Z2TlZuZUxLWVk2MTFUUjZXClBUTmxjbFF0Z2FEcXcrMzRJTDlmekxkd0FMZHVPL1plbE43a0lKK203NHV5QStlaXRSWThrYzYwN1RrQzUzd2wKaWtmbVpXNC9SdlRaOE02VUsrNVV6aEs4akNkTHVNR1lMNkt2elhHUlNnaTN5TGdqZXdRdENQa0lWejZEMlFRegpDa2NoZUFtQ0o4TXF5SnU1emx6eVpNakF2bm5BVDQ1dFJBeGVrcnN1OTRzUTRlZ2RSQ25iV1NEdFk3a2grQkltCmxKTlhvQjFsQk1FS0lxNFFEVU9Yb1JnZmZ1RGdoamUxV3JHOU1MK0hiaXNxL3lGT0d3WEQ5UmlYOEY2c3c2VzQKYXZBdXZEc3p1ZTVMM3N6ODVLK0VDNFkvd0ZWRE52Wm80VFlYYW82WjBmK2xRS2MwdDhEUVl6azFPWFZ1OHJwMgp5Sk1DNmFsTGJCZk9EQUxadllIN243ZG8xQVpsczRJOWQxUDRqbmtEclFveEIzVXFROWhWbDNMRUtRNzN4RjFPCnlLNUdoRERYOG9WZkdLRjV1K2RlY0lzSDRZYVR3N21QM0dGeEpTcXYzKzBsVUZKb2k1TGM1ZGExNDlwOTBJZHMKaENFeHJvTDErN21yeUlrWFBlRk01VGdPOXIwcnZaYUJGT3ZWMnowZ3AzNVowK0w0V1BsYnVFak4vbHhQRmluKwpIbFVqcjhnUnNJM3FmSk9RRnkvOXJLSUpSMFkvOE9td3QvOG9UV2d5MW1kZUhtbWprN2oxbllzdkM5SlNRNlp2Ck1sZGxUVEtCM3poVGhWMStYV1lwNnJqZDVKVzF6YlZXRWtMTnhFN0dKVGhFVUczc3pnQlZHUDdwU1dUVVRzcVgKbkxSYndIT29xN2hId2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlGWURDQ0JFaWdBd0lCQWdJUVFBRjNJVGZVNlVLNDduYXFQR1FLdHpBTkJna3Foa2lHOXcwQkFRc0ZBREEvCk1TUXdJZ1lEVlFRS0V4dEVhV2RwZEdGc0lGTnBaMjVoZEhWeVpTQlVjblZ6ZENCRGJ5NHhGekFWQmdOVkJBTVQKRGtSVFZDQlNiMjkwSUVOQklGZ3pNQjRYRFRJeE1ERXlNREU1TVRRd00xb1hEVEkwTURrek1ERTRNVFF3TTFvdwpUekVMTUFrR0ExVUVCaE1DVlZNeEtUQW5CZ05WQkFvVElFbHVkR1Z5Ym1WMElGTmxZM1Z5YVhSNUlGSmxjMlZoCmNtTm9JRWR5YjNWd01SVXdFd1lEVlFRREV3eEpVMUpISUZKdmIzUWdXREV3Z2dJaU1BMEdDU3FHU0liM0RRRUIKQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUUN0NkNSejlCUTM4NXVlSzFjb0hJZSszTGZmT0pDTWJqem1WNkI0OTNYQwpvdjcxYW03MkFFOG8yOTVvaG14RWs3YXhZLzBVRW11L0g5THFNWnNoZnRFelBMcEk5ZDE1MzdPNC94THhJWnBMCndZcUdjV2xLWm1ac2ozNDhjTCt0S1NJRzgrVEE1b0N1NGt1UHQ1bCtsQU9mMDBlWGZKbElJMVBvT0s1UENtK0QKTHRGSlY0eUFkTGJhTDlBNGpYc0RjQ0ViZGZJd1BQcVBydDNhWTZ2ckZrL0NqaEZMZnM4TDZQKzFkeTcwc250Swo0RXdTSlF4d2pRTXBvT0ZUSk93VDJlNFp2eEN6U293L2lhTmhVZDZzaHdlVTlHTng3QzdpYjF1WWdlR0pYRFI1CmJIYnZPNUJpZWViYnBKb3ZKc1hRRU9FTzN0a1FqaGI3dC9lbzk4ZmxBZ2VZanpZSWxlZmlONVlOTm5XZSt3NXkKc1IyYnZBUDVTUVhZZ2QwRnRDcldRZW1zQVhhVkNnL1kzOVc5RWg4MUx5Z1hiTktZd2FnSlpIZHVSemU2enF4WgpYbWlkZjNMV2ljVUdRU2srV1Q3ZEp2VWt5UkduV3FOTVFCOUdvWm0xcHpwUmJvWTdubjF5cHhJRmVGbnRQbEY0CkZRc0RqNDNRTHdXeVBudEtIRXR6QlJMOHh1cmdVQk44UTVOMHM4cDA1NDRmQVFqUU1OUmJjVGEwQjdyQk1EQmMKU0xlQ081aW1mV0NLb3FNcGdzeTZ2WU1FRzZLREEwR2gxZ1h4RzhLMjhLaDhoanRHcUVncWlOeDJtbmEvSDJxbApQUm1QNnpqelpON0lLdzBLS1AvMzIrSVZRdFFpMENkZDRYbitHT2R3aUsxTzV0bUxPc2JkSjFGdS83eGs5VE5EClR3SURBUUFCbzRJQlJqQ0NBVUl3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFPQmdOVkhROEJBZjhFQkFNQ0FRWXcKU3dZSUt3WUJCUVVIQVFFRVB6QTlNRHNHQ0NzR0FRVUZCekFDaGk5b2RIUndPaTh2WVhCd2N5NXBaR1Z1ZEhKMQpjM1F1WTI5dEwzSnZiM1J6TDJSemRISnZiM1JqWVhnekxuQTNZekFmQmdOVkhTTUVHREFXZ0JURXA3R2tleXh4Cit0dmhTNUIxLzhRVllJV0pFREJVQmdOVkhTQUVUVEJMTUFnR0JtZUJEQUVDQVRBL0Jnc3JCZ0VFQVlMZkV3RUIKQVRBd01DNEdDQ3NHQVFVRkJ3SUJGaUpvZEhSd09pOHZZM0J6TG5KdmIzUXRlREV1YkdWMGMyVnVZM0o1Y0hRdQpiM0puTUR3R0ExVWRId1ExTURNd01hQXZvQzJHSzJoMGRIQTZMeTlqY213dWFXUmxiblJ5ZFhOMExtTnZiUzlFClUxUlNUMDlVUTBGWU0wTlNUQzVqY213d0hRWURWUjBPQkJZRUZIbTBXZVo3dHVYa0FYT0FDSWpJR2xqMjZadHUKTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBS2N3QnNsbTcvRGxMUXJ0Mk01MW9HclMrbzQ0Ky95UW9ERlZEQwo1V3hDdTIrYjlMUlB3a1NJQ0hYTTZ3ZWJGR0p1ZU43c0o3bzVYUFdpb1c1V2xIQVFVN0c3NUsvUW9zTXJBZFNXCjlNVWdOVFA1MkdFMjRIR050TGkxcW9KRmxjRHlxU01vNTlhaHkyY0kycUJETEtvYmt4L0ozdldyYVYwVDlWdUcKV0NMS1RWWGtjR2R0d2xmRlJqbEJ6NHBZZzFodG1mNVg2RFlPOEE0anF2MklsOURqWEE2VVNiVzFGelhTTHI5TwpoZThZNElXUzZ3WTdiQ2tqQ1dEY1JRSk1FaGc3NmZzTzN0eEUrRmlZcnVxOVJVV2hpRjFteXY0UTZXK0N5QkZDCkRmdnA3T09HQU42ZEVPTTQrcVI5c2Rqb1NZS0VCcHNyNkd0UEFRdzRkeTc1M2VjNQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
Conditions:
Last Transition Time: 2022-05-27T14:32:13Z
Message: Certificate request has been approved by cert-manager.io
Reason: cert-manager.io
Status: True
Type: Approved
Last Transition Time: 2022-05-27T14:32:46Z
Message: Certificate fetched from issuer successfully
Reason: Issued
Status: True
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal cert-manager.io 117s cert-manager-certificaterequests-approver Certificate request has been approved by cert-manager.io
Normal OrderCreated 117s cert-manager-certificaterequests-issuer-acme Created Order resource scm-system/ingress-scm-cert-mv76b-1966844343
Normal CertificateIssued 84s cert-manager-certificaterequests-issuer-acme Certificate fetched from issuer successfully
$ kubectl get order -n scm-system
NAME STATE AGE
ingress-scm-cert-mv76b-1966844343 valid 3m2s
$ kubectl describe order ingress-scm-cert-mv76b-1966844343 -n scm-system
Name: ingress-scm-cert-mv76b-1966844343
Namespace: scm-system
Labels: app=scm
Annotations: cert-manager.io/certificate-name: ingress-scm-cert
cert-manager.io/certificate-revision: 1
cert-manager.io/private-key-secret-name: ingress-scm-cert-q52zf
API Version: acme.cert-manager.io/v1
Kind: Order
Metadata:
Creation Timestamp: 2022-05-27T14:32:13Z
Generation: 1
Managed Fields:
API Version: acme.cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:cert-manager.io/certificate-name:
f:cert-manager.io/certificate-revision:
f:cert-manager.io/private-key-secret-name:
f:labels:
.:
f:app:
f:ownerReferences:
.:
k:{"uid":"1d5b6891-6b8f-4ae0-97c6-014b574d77ec"}:
f:spec:
.:
f:dnsNames:
f:issuerRef:
.:
f:group:
f:kind:
f:name:
f:request:
Manager: cert-manager-certificaterequests-issuer-acme
Operation: Update
Time: 2022-05-27T14:32:13Z
API Version: acme.cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:authorizations:
f:certificate:
f:finalizeURL:
f:state:
f:url:
Manager: cert-manager-orders
Operation: Update
Subresource: status
Time: 2022-05-27T14:32:46Z
Owner References:
API Version: cert-manager.io/v1
Block Owner Deletion: true
Controller: true
Kind: CertificateRequest
Name: ingress-scm-cert-mv76b
UID: 1d5b6891-6b8f-4ae0-97c6-014b574d77ec
Resource Version: 2499556
UID: 1af3b89f-8518-46bd-b596-800919dd9f42
Spec:
Dns Names:
scm.juntotelecom.com.br
Issuer Ref:
Group: cert-manager.io
Kind: ClusterIssuer
Name: letsencrypt-prod
Request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2h6Q0NBVzhDQVFBd0FEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5mZQowamo4Y0pNOXhIa1pwbEpmQndIeTl3S01hY0ZsZGkveXpoTHRpdXJvYjRPMDk3Yk5rbUFRYlhTYmJjM2xuSStICndpSU5NeExBbFNoQXY0UHZLTmJQbWIrZWpMVmY2dzhLbExjNWd1ZEtLVGlLak1FTzduTmtjTHhwSCtVYnZFS2EKcXN6OHBWT0ZBdUxTYjhBT2J1K1dpWUpjV09PbGhPRkV4TSt6QmJxbitqemVhRDF3cWp1NHM1VXVsM3FET1B1RApmVHFZTlVGVDRMekJJQnVHYXBpUzF1T3dzaS85c25xand3eGRnQ2pWai9ueWh0aEoxU1FYbk9tdGNsVWRBTVpjCkI3TStmaWRsN2ZRMCsrS2JuRlZMVzZnWDI4SGFWTTZpYjZzWXowNHZoMTNqcHpXOXV1VndUK3NMdzlCNng5ZjEKUGFjdG1FWTJvZGROSUtseEZHY0NBd0VBQWFCQ01FQUdDU3FHU0liM0RRRUpEakV6TURFd0lnWURWUjBSQkJzdwpHWUlYYzJOdExtcDFiblJ2ZEdWc1pXTnZiUzVqYjIwdVluSXdDd1lEVlIwUEJBUURBZ1dnTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQ0xiK1VrNTNGcGtxMkh3M1VuWGhZZ1FFVmIxZGxUWldSeHBCcWNqY3JveWhqMS9JRzkKRmtWZXlnWGhRVmt1UjQwbDYvZWhxbUNCZlFVWFJub3RFYS85ZTdNQXVQSnQ2ZjRwTDZ6N2QwNmFSc0tuQklzSwo1aHgzQUxralUxWXphTk16MnkxeFdYMFV4T05JUnJqSTFTR01VYW5pQlBrZGpVbjRpUlNDZmRLWXdGbmpWN21TCkNuaDF5aDk5NmdEWDQ2dzhaMmFMb2dPLzF3L0VqUzErVFBnSHM5TWFVWnZadGtSc0NhSmUrMmtGb2szRUFnRWcKNXp2TFZQMHh5clYyVWNUdk0rR3AzSERHY2JkTGZCQnU3cVc2MGZZbThLektmeDhoMnhKT2VabnVzVWd4eWJIWAplN0ZXM0RRNGNzR0kxclJYb2FUOC9Oa0dzck1uemRVK0g1MmYKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
Status:
Authorizations:
Challenges:
Token: q0UmZfBO0QA1DyilkkXqJNGJ6a6ctsGU2wftN9EDG-4
Type: http-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/113148616346/i408Xg
Token: q0UmZfBO0QA1DyilkkXqJNGJ6a6ctsGU2wftN9EDG-4
Type: dns-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/113148616346/TRMZVQ
Token: q0UmZfBO0QA1DyilkkXqJNGJ6a6ctsGU2wftN9EDG-4
Type: tls-alpn-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/113148616346/eA8AZQ
Identifier: scm.juntotelecom.com.br
Initial State: pending
URL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/113148616346
Wildcard: false
Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZNekNDQkJ1Z0F3SUJBZ0lTQTBNUTd5cDFwb3NrbXRRTlI3OVlUMW1RTUEwR0NTcUdTSWIzRFFFQkN3VUEKTURJeEN6QUpCZ05WQkFZVEFsVlRNUll3RkFZRFZRUUtFdzFNWlhRbmN5QkZibU55ZVhCME1Rc3dDUVlEVlFRRApFd0pTTXpBZUZ3MHlNakExTWpjeE16TXlORFZhRncweU1qQTRNalV4TXpNeU5EUmFNQ0l4SURBZUJnTlZCQU1UCkYzTmpiUzVxZFc1MGIzUmxiR1ZqYjIwdVkyOXRMbUp5TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEEKTUlJQkNnS0NBUUVBMTk3U09QeHdrejNFZVJtbVVsOEhBZkwzQW94cHdXVjJML0xPRXUySzZ1aHZnN1QzdHMyUwpZQkJ0ZEp0dHplV2NqNGZDSWcwekVzQ1ZLRUMvZys4bzFzK1p2NTZNdFYvckR3cVV0em1DNTBvcE9JcU13UTd1CmMyUnd2R2tmNVJ1OFFwcXF6UHlsVTRVQzR0SnZ3QTV1NzVhSmdseFk0NldFNFVURXo3TUZ1cWY2UE41b1BYQ3EKTzdpemxTNlhlb000KzROOU9wZzFRVlBndk1FZ0c0WnFtSkxXNDdDeUwvMnllcVBEREYyQUtOV1ArZktHMkVuVgpKQmVjNmExeVZSMEF4bHdIc3o1K0oyWHQ5RFQ3NHB1Y1ZVdGJxQmZid2RwVXpxSnZxeGpQVGkrSFhlT25OYjI2CjVYQlA2d3ZEMEhySDEvVTlweTJZUmphaDEwMGdxWEVVWndJREFRQUJvNElDVVRDQ0FrMHdEZ1lEVlIwUEFRSC8KQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RQpBakFBTUIwR0ExVWREZ1FXQkJRQUhhTUVvNFE4MmhrTm5HaTFWYVJ0MUJQajVEQWZCZ05WSFNNRUdEQVdnQlFVCkxyTVh0MWhXeTY1UUNVRG1INitkaXhUQ3hqQlZCZ2dyQmdFRkJRY0JBUVJKTUVjd0lRWUlLd1lCQlFVSE1BR0cKRldoMGRIQTZMeTl5TXk1dkxteGxibU55TG05eVp6QWlCZ2dyQmdFRkJRY3dBb1lXYUhSMGNEb3ZMM0l6TG1rdQpiR1Z1WTNJdWIzSm5MekFpQmdOVkhSRUVHekFaZ2hkelkyMHVhblZ1ZEc5MFpXeGxZMjl0TG1OdmJTNWljakJNCkJnTlZIU0FFUlRCRE1BZ0dCbWVCREFFQ0FUQTNCZ3NyQmdFRUFZTGZFd0VCQVRBb01DWUdDQ3NHQVFVRkJ3SUIKRmhwb2RIUndPaTh2WTNCekxteGxkSE5sYm1OeWVYQjBMbTl5WnpDQ0FRTUdDaXNHQVFRQjFua0NCQUlFZ2ZRRQpnZkVBN3dCMkFFSEl5ckhmSWtaS0VNYWhPZ2xDaDE1T01Zc2JBK3ZyUzhkbzhKQmlsZ2IyQUFBQmdRWHZIbVVBCkFBUURBRWN3UlFJZ1ZHZ1ViU0ZNUlZKUHJvZ01UeTVFd0k0MDBQUkhER2VQbnp3QzlyY2FaUDhDSVFDWTRZdm4KdHlBUUtaUXFJS1hmcjhiRFBTbmxVMUlDcjJXeTNPb0hJdHpxZmdCMUFFYWxWZXQxK3BFZ01MV2lpV24wODMwUgpMRUYwdnYxSnVJV3I4dnh3L20xSEFBQUJnUVh2SG93QUFBUURBRVl3UkFJZ0ZSd3JibUpzQjY3SlBrRjRaczV4CllrTFp6TEV2YlRRbTNXVDJqL2I3UFFZQ0lIYmhZSjdxOEJvTERMclJZelVNTlZKVjV6Tjliem44aHdvZ0QyM0sKNDhWa01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQXE5azNqN0VLWnB4WHEweWJya05tM0tOM2lNRERxRzlWbwp6Sktvc2R2dGRKb1ZNR3paOHEwWHVRelEzakFhRE1XSTA4b3BGVEw1cS9nQU5hVHYxYm41ZzBvQzExVlZ3RnEyCmZzdnBLa0pEcjBOSGt1ay9jcWxyZlBSV3hldWgveXdpYml0M1JDZThDVStqTkpVanovbVZRUkM0bC9vN1YzU1QKRHZQcGNtOW9QZTIvV25JRk4vL3BrYlRRVjNHNXVZNHg2Ni9GU1Q1aWh5QkphWEZ5QkhUWlFwMnRmYTdFV0VUSAptUVB2UzVkKzYwTThEaWluZlIvVlNHVDIxWXJNNEZyWUU1dlYvTXdHcGRoNjkwdFJ4UmtZU1JhRE1OeEJTQWkzCjFjS2tUYmZkN1MvVWxFd0lKZ3Iydm1kQVgwdXhnV0hnZkUxbTRROUtXZ0lZRzg5QUhBN2MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRkZqQ0NBdjZnQXdJQkFnSVJBSkVyQ0VyUERCaW5VL2JXTGlXblgxb3dEUVlKS29aSWh2Y05BUUVMQlFBdwpUekVMTUFrR0ExVUVCaE1DVlZNeEtUQW5CZ05WQkFvVElFbHVkR1Z5Ym1WMElGTmxZM1Z5YVhSNUlGSmxjMlZoCmNtTm9JRWR5YjNWd01SVXdFd1lEVlFRREV3eEpVMUpISUZKdmIzUWdXREV3SGhjTk1qQXdPVEEwTURBd01EQXcKV2hjTk1qVXdPVEUxTVRZd01EQXdXakF5TVFzd0NRWURWUVFHRXdKVlV6RVdNQlFHQTFVRUNoTU5UR1YwSjNNZwpSVzVqY25sd2RERUxNQWtHQTFVRUF4TUNVak13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUM3QWhVb3pQYWdsTk1QRXV5TlZaTEQrSUx4bWFaNlFvaW5YU2FxdFN1NXhVeXhyNDVyK1hYSW85Y1AKUjVRVVZUVlhqSjZvb2prWjlZSThRcWxPYnZVN3d5N2JqY0N3WFBOWk9PZnR6Mm53V2dzYnZzQ1VKQ1dIK2pkeApzeFBuSEt6aG0rL2I1RHRGVWtXV3FjRlR6alRJVXU2MXJ1MlAzbUJ3NHFWVXE3WnREcGVsUURScks5TzhadXRtCk5IejZhNHVQVnltWitEQVhYYnB5Yi91QnhhM1NobGc5RjhmbkNidnhLL2VHM01IYWNWM1VSdVBNclNYQmlMeGcKWjNWbXMvRVk5NkpjNWxQL09vaTJSNlgvRXhqcW1BbDNQNTFUK2M4QjVmV21jQmNVcjJPay81bXprNTNjVTZjRwova2lGSGFGcHJpVjF1eFBNVWdQMTdWR2hpOXNWQWdNQkFBR2pnZ0VJTUlJQkJEQU9CZ05WSFE4QkFmOEVCQU1DCkFZWXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0lHQ0NzR0FRVUZCd01CTUJJR0ExVWRFd0VCL3dRSU1BWUIKQWY4Q0FRQXdIUVlEVlIwT0JCWUVGQlF1c3hlM1dGYkxybEFKUU9ZZnI1MkxGTUxHTUI4R0ExVWRJd1FZTUJhQQpGSG0wV2VaN3R1WGtBWE9BQ0lqSUdsajI2WnR1TURJR0NDc0dBUVVGQndFQkJDWXdKREFpQmdnckJnRUZCUWN3CkFvWVdhSFIwY0RvdkwzZ3hMbWt1YkdWdVkzSXViM0puTHpBbkJnTlZIUjhFSURBZU1CeWdHcUFZaGhab2RIUncKT2k4dmVERXVZeTVzWlc1amNpNXZjbWN2TUNJR0ExVWRJQVFiTUJrd0NBWUdaNEVNQVFJQk1BMEdDeXNHQVFRQgpndDhUQVFFQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQ0Z5azVIUHFQM2hVU0Z2TlZuZUxLWVk2MTFUUjZXClBUTmxjbFF0Z2FEcXcrMzRJTDlmekxkd0FMZHVPL1plbE43a0lKK203NHV5QStlaXRSWThrYzYwN1RrQzUzd2wKaWtmbVpXNC9SdlRaOE02VUsrNVV6aEs4akNkTHVNR1lMNkt2elhHUlNnaTN5TGdqZXdRdENQa0lWejZEMlFRegpDa2NoZUFtQ0o4TXF5SnU1emx6eVpNakF2bm5BVDQ1dFJBeGVrcnN1OTRzUTRlZ2RSQ25iV1NEdFk3a2grQkltCmxKTlhvQjFsQk1FS0lxNFFEVU9Yb1JnZmZ1RGdoamUxV3JHOU1MK0hiaXNxL3lGT0d3WEQ5UmlYOEY2c3c2VzQKYXZBdXZEc3p1ZTVMM3N6ODVLK0VDNFkvd0ZWRE52Wm80VFlYYW82WjBmK2xRS2MwdDhEUVl6azFPWFZ1OHJwMgp5Sk1DNmFsTGJCZk9EQUxadllIN243ZG8xQVpsczRJOWQxUDRqbmtEclFveEIzVXFROWhWbDNMRUtRNzN4RjFPCnlLNUdoRERYOG9WZkdLRjV1K2RlY0lzSDRZYVR3N21QM0dGeEpTcXYzKzBsVUZKb2k1TGM1ZGExNDlwOTBJZHMKaENFeHJvTDErN21yeUlrWFBlRk01VGdPOXIwcnZaYUJGT3ZWMnowZ3AzNVowK0w0V1BsYnVFak4vbHhQRmluKwpIbFVqcjhnUnNJM3FmSk9RRnkvOXJLSUpSMFkvOE9td3QvOG9UV2d5MW1kZUhtbWprN2oxbllzdkM5SlNRNlp2Ck1sZGxUVEtCM3poVGhWMStYV1lwNnJqZDVKVzF6YlZXRWtMTnhFN0dKVGhFVUczc3pnQlZHUDdwU1dUVVRzcVgKbkxSYndIT29xN2hId2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlGWURDQ0JFaWdBd0lCQWdJUVFBRjNJVGZVNlVLNDduYXFQR1FLdHpBTkJna3Foa2lHOXcwQkFRc0ZBREEvCk1TUXdJZ1lEVlFRS0V4dEVhV2RwZEdGc0lGTnBaMjVoZEhWeVpTQlVjblZ6ZENCRGJ5NHhGekFWQmdOVkJBTVQKRGtSVFZDQlNiMjkwSUVOQklGZ3pNQjRYRFRJeE1ERXlNREU1TVRRd00xb1hEVEkwTURrek1ERTRNVFF3TTFvdwpUekVMTUFrR0ExVUVCaE1DVlZNeEtUQW5CZ05WQkFvVElFbHVkR1Z5Ym1WMElGTmxZM1Z5YVhSNUlGSmxjMlZoCmNtTm9JRWR5YjNWd01SVXdFd1lEVlFRREV3eEpVMUpISUZKdmIzUWdXREV3Z2dJaU1BMEdDU3FHU0liM0RRRUIKQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUUN0NkNSejlCUTM4NXVlSzFjb0hJZSszTGZmT0pDTWJqem1WNkI0OTNYQwpvdjcxYW03MkFFOG8yOTVvaG14RWs3YXhZLzBVRW11L0g5THFNWnNoZnRFelBMcEk5ZDE1MzdPNC94THhJWnBMCndZcUdjV2xLWm1ac2ozNDhjTCt0S1NJRzgrVEE1b0N1NGt1UHQ1bCtsQU9mMDBlWGZKbElJMVBvT0s1UENtK0QKTHRGSlY0eUFkTGJhTDlBNGpYc0RjQ0ViZGZJd1BQcVBydDNhWTZ2ckZrL0NqaEZMZnM4TDZQKzFkeTcwc250Swo0RXdTSlF4d2pRTXBvT0ZUSk93VDJlNFp2eEN6U293L2lhTmhVZDZzaHdlVTlHTng3QzdpYjF1WWdlR0pYRFI1CmJIYnZPNUJpZWViYnBKb3ZKc1hRRU9FTzN0a1FqaGI3dC9lbzk4ZmxBZ2VZanpZSWxlZmlONVlOTm5XZSt3NXkKc1IyYnZBUDVTUVhZZ2QwRnRDcldRZW1zQVhhVkNnL1kzOVc5RWg4MUx5Z1hiTktZd2FnSlpIZHVSemU2enF4WgpYbWlkZjNMV2ljVUdRU2srV1Q3ZEp2VWt5UkduV3FOTVFCOUdvWm0xcHpwUmJvWTdubjF5cHhJRmVGbnRQbEY0CkZRc0RqNDNRTHdXeVBudEtIRXR6QlJMOHh1cmdVQk44UTVOMHM4cDA1NDRmQVFqUU1OUmJjVGEwQjdyQk1EQmMKU0xlQ081aW1mV0NLb3FNcGdzeTZ2WU1FRzZLREEwR2gxZ1h4RzhLMjhLaDhoanRHcUVncWlOeDJtbmEvSDJxbApQUm1QNnpqelpON0lLdzBLS1AvMzIrSVZRdFFpMENkZDRYbitHT2R3aUsxTzV0bUxPc2JkSjFGdS83eGs5VE5EClR3SURBUUFCbzRJQlJqQ0NBVUl3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFPQmdOVkhROEJBZjhFQkFNQ0FRWXcKU3dZSUt3WUJCUVVIQVFFRVB6QTlNRHNHQ0NzR0FRVUZCekFDaGk5b2RIUndPaTh2WVhCd2N5NXBaR1Z1ZEhKMQpjM1F1WTI5dEwzSnZiM1J6TDJSemRISnZiM1JqWVhnekxuQTNZekFmQmdOVkhTTUVHREFXZ0JURXA3R2tleXh4Cit0dmhTNUIxLzhRVllJV0pFREJVQmdOVkhTQUVUVEJMTUFnR0JtZUJEQUVDQVRBL0Jnc3JCZ0VFQVlMZkV3RUIKQVRBd01DNEdDQ3NHQVFVRkJ3SUJGaUpvZEhSd09pOHZZM0J6TG5KdmIzUXRlREV1YkdWMGMyVnVZM0o1Y0hRdQpiM0puTUR3R0ExVWRId1ExTURNd01hQXZvQzJHSzJoMGRIQTZMeTlqY213dWFXUmxiblJ5ZFhOMExtTnZiUzlFClUxUlNUMDlVUTBGWU0wTlNUQzVqY213d0hRWURWUjBPQkJZRUZIbTBXZVo3dHVYa0FYT0FDSWpJR2xqMjZadHUKTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBS2N3QnNsbTcvRGxMUXJ0Mk01MW9HclMrbzQ0Ky95UW9ERlZEQwo1V3hDdTIrYjlMUlB3a1NJQ0hYTTZ3ZWJGR0p1ZU43c0o3bzVYUFdpb1c1V2xIQVFVN0c3NUsvUW9zTXJBZFNXCjlNVWdOVFA1MkdFMjRIR050TGkxcW9KRmxjRHlxU01vNTlhaHkyY0kycUJETEtvYmt4L0ozdldyYVYwVDlWdUcKV0NMS1RWWGtjR2R0d2xmRlJqbEJ6NHBZZzFodG1mNVg2RFlPOEE0anF2MklsOURqWEE2VVNiVzFGelhTTHI5TwpoZThZNElXUzZ3WTdiQ2tqQ1dEY1JRSk1FaGc3NmZzTzN0eEUrRmlZcnVxOVJVV2hpRjFteXY0UTZXK0N5QkZDCkRmdnA3T09HQU42ZEVPTTQrcVI5c2Rqb1NZS0VCcHNyNkd0UEFRdzRkeTc1M2VjNQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
Finalize URL: https://acme-v02.api.letsencrypt.org/acme/finalize/562203266/92387880686
State: valid
URL: https://acme-v02.api.letsencrypt.org/acme/order/562203266/92387880686
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Created 3m34s cert-manager-orders Created Challenge resource "ingress-scm-cert-mv76b-1966844343-302753530" for domain "scm.juntotelecom.com.br"
Normal Complete 3m4s cert-manager-orders Order completed successfully
{{:scm-prod.png|}}
===== Configuração do gitea =====
{{:initial_config.png|}}
{{:geral_config.png|}}
{{:server-config.png|}}
{{:access-adm.png|}}
===== Autenticação LDAP -FreeIPA =====
{{:aut-ldap.png|}}
**Agora execute o sincronismo: Sincronizar dados de usuário externo**
{{:external-user.png|}}
===== Grupos com permissão de acesso - FreeIPA =====
# ipa group-add gitadm --desc="Git Administrator"
# ipa group-add gitaccess --desc="Git Access"
# ipa group-add-member gitadm --users=gean.martins
# ipa group-add-member gitaccess --users=gean.martins
# ipa group-show gitadm --raw --all
dn: cn=gitadm,cn=groups,cn=accounts,dc=juntotelecom,dc=com,dc=br
cn: gitadm
description: Git Administrator
gidnumber: 187600022
member: uid=gean.martins,cn=users,cn=accounts,dc=juntotelecom,dc=com,dc=br
ipaNTSecurityIdentifier: S-1-5-21-2731924211-1883941829-2112701219-1022
ipaUniqueID: f7e4b2ba-dc72-11ec-ad64-000c29ad9330
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
objectClass: ipausergroup
objectClass: ipaobject
objectClass: posixgroup
objectClass: ipantgroupattrs
# ipa group-show gitaccess --raw --all
dn: cn=gitaccess,cn=groups,cn=accounts,dc=juntotelecom,dc=com,dc=br
cn: gitaccess
description: Git Access
gidnumber: 187600023
member: uid=gean.martins,cn=users,cn=accounts,dc=juntotelecom,dc=com,dc=br
ipaNTSecurityIdentifier: S-1-5-21-2731924211-1883941829-2112701219-1023
ipaUniqueID: 7a4ee55a-dd21-11ec-ab20-000c29ad9330
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
objectClass: ipausergroup
objectClass: ipaobject
objectClass: posixgroup
objectClass: ipantgroupattrs
===== Testando o repositório =====
{{:repo-first.png|}}
$ sudo apt install git
$ git config --global user.name "Gean Martins"
$ git config --global user.email "gean.martins@juntotelecom.com.br"
$ git clone https://scm.juntotelecom.com.br/gean.martins/primeiro.git
Cloning into 'primeiro'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (3/3), done.
$ cd primeiro/
$ touch file{1..5}.txt
$ echo "# Meu primeiro repositório" > README.md
$ git add --all
$ git status
On branch master
Your branch is up to date with 'origin/master'.
Changes to be committed:
(use "git restore --staged ..." to unstage)
modified: README.md
new file: file1.txt
new file: file2.txt
new file: file3.txt
new file: file4.txt
new file: file5.txt
$ git commit -m "Meu primeiro commit"
[master 024a5df] Meu primeiro commit
6 files changed, 1 insertion(+), 2 deletions(-)
create mode 100644 file1.txt
create mode 100644 file2.txt
create mode 100644 file3.txt
create mode 100644 file4.txt
create mode 100644 file5.txt
$ git push origin master
Username for 'https://scm.juntotelecom.com.br': gean.martins
Password for 'https://gean.martins@scm.juntotelecom.com.br':
Enumerating objects: 6, done.
Counting objects: 100% (6/6), done.
Delta compression using up to 8 threads
Compressing objects: 100% (2/2), done.
Writing objects: 100% (4/4), 343 bytes | 343.00 KiB/s, done.
Total 4 (delta 0), reused 0 (delta 0), pack-reused 0
remote: . Processing 1 references
remote: Processed 1 references in total
To https://scm.juntotelecom.com.br/gean.martins/primeiro.git
7d15c88..024a5df master -> master
{{:first-commit.png|}}
===== Referências =====
- [[http://www.jouvinio.net/wiki/index.php/Gitea_Configuration_LDAP|Gitea Configuration LDAP]]
- [[https://artifacthub.io/packages/helm/gitea/gitea|ArtifactHUB]]
- [[https://gutocarvalho.net/instalando-cert-manager-no-k8s/|K8S: Instalando Cert-Manager e issuers LetsEncrypt]]
- [[https://www.thinktecture.com/en/kubernetes/ssl-certificates-with-cert-manager-in-kubernetes/|Acquire SSL Certificates In Kubernetes From Let’s Encrypt With Cert-Manager]]
- [[https://docs.microsoft.com/pt-br/azure/application-gateway/ingress-controller-letsencrypt-certificate-application-gateway|Usar certificados com LetsEncrypt.org no Gateway de Aplicativo para clusters do AKS]]
- [[https://cert-manager.io/docs/usage/ingress/#how-it-works|Securing Ingress Resources]]
- [[https://github.com/go-gitea/gitea/issues/17729|Username or password is incorrect." with LDAPS (via BindDN) authentication]]