Table of Contents
Gitea - SCM(Source Code Management)
Deployment gitea
Namespace
$ kubectl create ns scm-system
namespace/scm-system created
PersistentVolumeClaim
- pvc-scm.yaml
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc-scm namespace: scm-system spec: accessModes: - ReadWriteOnce resources: requests: storage: 8Gi storageClassName: nfs-client
$ kubectl apply -f pvc-scm.yaml persistentvolumeclaim/pvc-scm created
$ kubectl get pvc -n scm-system
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
pvc-scm Bound pvc-2ff9e861-b7bd-4fff-9d0c-28a3a9ffff36 8Gi RWO nfs-client 21s
Deployment gitea
- scm-deployment.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: scm namespace: scm-system labels: app: scm spec: replicas: 1 selector: matchLabels: app: scm template: metadata: labels: app: scm spec: containers: - name: scm image: gitea/gitea:latest ports: - containerPort: 22 name: ssh protocol: TCP - containerPort: 3000 name: http protocol: TCP resources: requests: memory: 256Mi cpu: 0.2 limits: memory: 512Mi cpu: 0.5 volumeMounts: - mountPath: /data name: data restartPolicy: Always volumes: - name: data persistentVolumeClaim: claimName: pvc-scm
</file>
$ kubectl apply -f scm-deployment.yaml deployment.apps/scm created
$ kubectl get pods -n scm-system -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES scm-6bd59bbc7c-996js 1/1 Running 0 17s 10.244.213.129 kube-worker-02.juntotelecom.com.br <none> <none>
Service HTTP
- http-service.yaml
apiVersion: v1 kind: Service metadata: labels: app: scm name: http-scm namespace: scm-system spec: ipFamilies: - IPv4 - IPv6 ipFamilyPolicy: PreferDualStack ports: - name: http port: 3000 protocol: TCP targetPort: 3000 selector: app: scm type: ClusterIP
$ kubectl apply -f http-service.yaml service/http-scm created
$ kubectl get services -n scm-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE http-scm ClusterIP 10.96.76.204 <none> 3000/TCP 20s
Service SSH
- ssh-service.yaml
apiVersion: v1 kind: Service metadata: labels: app: scm name: ssh-scm namespace: scm-system spec: ipFamilies: - IPv4 - IPv6 ipFamilyPolicy: PreferDualStack ports: - name: ssh port: 22 protocol: TCP targetPort: 22 selector: app: scm type: LoadBalancer
$ kubectl apply -f ssh-service.yaml service/ssh-scm created
$ kubectl get services -n scm-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE http-scm ClusterIP 10.96.188.20 <none> 3000/TCP 65s ssh-scm LoadBalancer 10.96.41.127 172.28.128.116,2804:694:4c00:4007::116 22:31838/TCP 58s
Ingress
- ingress-scm.yaml
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: labels: app: scm name: ingress-scm namespace: scm-system spec: ingressClassName: nginx rules: - host: scm.juntotelecom.com.br http: paths: - backend: service: name: http-scm port: number: 3000 path: / pathType: Prefix
$ kubectl apply -f ingress-scm.yaml ingress.networking.k8s.io/ingress-scm created
$ kubectl get ingress -n scm-system NAME CLASS HOSTS ADDRESS PORTS AGE ingress-scm nginx scm.juntotelecom.com.br 172.28.128.99 80 58s
$ kubectl describe ingress ingress-scm -n scm-system
Name: ingress-scm
Labels: app=scm
Namespace: scm-system
Address: 172.28.128.99
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
scm.juntotelecom.com.br
/ http-scm:3000 (10.244.213.129:3000)
Annotations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 23s (x2 over 80s) nginx-ingress-controller Scheduled for sync
Certificado SSL
Requisito: Cert-manager deployment
Emitindo o sertificado de teste - staging
$ kubectl delete -f ingress-scm.yaml ingress.networking.k8s.io "ingress-scm" deleted
- ingress-scm-ssl.yaml
--- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: labels: app: scm name: ingress-scm namespace: scm-system annotations: cert-manager.io/cluster-issuer: letsencrypt-staging spec: ingressClassName: nginx rules: - host: scm.juntotelecom.com.br http: paths: - pathType: Prefix path: / backend: service: name: http-scm port: number: 3000 tls: - hosts: - scm.juntotelecom.com.br secretName: ingress-scm-cert
$ kubectl apply -f ingress-scm-ssl.yaml ingress.networking.k8s.io/ingress-scm created
$ kubectl get ingress -n scm-system NAME CLASS HOSTS ADDRESS PORTS AGE cm-acme-http-solver-rc6xk <none> scm.juntotelecom.com.br 172.28.128.99 80 25s ingress-scm nginx scm.juntotelecom.com.br 172.28.128.99 80, 443 31s
$ kubectl describe ingress ingress-scm -n scm-system Name: ingress-scm Labels: app=scm Namespace: scm-system Address: 172.28.128.99 Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>) TLS: ingress-scm-cert terminates scm.juntotelecom.com.br Rules: Host Path Backends ---- ---- -------- scm.juntotelecom.com.br / http-scm:3000 (10.244.213.129:3000) Annotations: cert-manager.io/cluster-issuer: letsencrypt-staging Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal CreateCertificate 68s cert-manager-ingress-shim Successfully created Certificate "ingress-scm-cert" Normal Sync 54s (x2 over 68s) nginx-ingress-controller Scheduled for sync
$ kubectl get certificaterequest -n scm-system
NAME APPROVED DENIED READY ISSUER REQUESTOR AGE
ingress-scm-cert-vm82q True True letsencrypt-staging system:serviceaccount:cert-manager:cert-manager 108s
$ kubectl describe certificaterequest ingress-scm-cert-vm82q -n scm-system Name: ingress-scm-cert-vm82q Namespace: scm-system Labels: app=scm Annotations: cert-manager.io/certificate-name: ingress-scm-cert cert-manager.io/certificate-revision: 1 cert-manager.io/private-key-secret-name: ingress-scm-cert-fw2pk API Version: cert-manager.io/v1 Kind: CertificateRequest Metadata: Creation Timestamp: 2022-05-27T14:19:02Z Generate Name: ingress-scm-cert- Generation: 1 Managed Fields: API Version: cert-manager.io/v1 Fields Type: FieldsV1 fieldsV1: f:status: .: f:conditions: .: k:{"type":"Approved"}: .: f:lastTransitionTime: f:message: f:reason: f:status: f:type: Manager: cert-manager-certificaterequests-approver Operation: Update Subresource: status Time: 2022-05-27T14:19:02Z API Version: cert-manager.io/v1 Fields Type: FieldsV1 fieldsV1: f:metadata: f:annotations: .: f:cert-manager.io/certificate-name: f:cert-manager.io/certificate-revision: f:cert-manager.io/private-key-secret-name: f:generateName: f:labels: .: f:app: f:ownerReferences: .: k:{"uid":"784f69c7-0fc9-4be6-b6dd-5fadb6e57038"}: f:spec: .: f:issuerRef: .: f:group: f:kind: f:name: f:request: f:usages: Manager: cert-manager-certificates-request-manager Operation: Update Time: 2022-05-27T14:19:02Z API Version: cert-manager.io/v1 Fields Type: FieldsV1 fieldsV1: f:status: f:certificate: f:conditions: k:{"type":"Ready""" Normal CertificateIssued 93s cert-manager-certificaterequests-issuer-acme Certificate fetched from issuer successfully
$ kubectl get order -n scm-system NAME STATE AGE ingress-scm-cert-vm82q-4264773703 valid 3m40s
$ kubectl describe order ingress-scm-cert-vm82q-4264773703 -n scm-system Name: ingress-scm-cert-vm82q-4264773703 Namespace: scm-system Labels: app=scm Annotations: cert-manager.io/certificate-name: ingress-scm-cert cert-manager.io/certificate-revision: 1 cert-manager.io/private-key-secret-name: ingress-scm-cert-fw2pk API Version: acme.cert-manager.io/v1 Kind: Order Metadata: Creation Timestamp: 2022-05-27T14:19:02Z Generation: 1 Managed Fields: API Version: acme.cert-manager.io/v1 Fields Type: FieldsV1 fieldsV1: f:metadata: f:annotations: .: f:cert-manager.io/certificate-name: f:cert-manager.io/certificate-revision: f:cert-manager.io/private-key-secret-name: f:labels: .: f:app: f:ownerReferences: .: k:{"uid":"9987ba12-4f7d-444c-8caa-876ed1408114"}: f:spec: .: f:dnsNames: f:issuerRef: .: f:group: f:kind: f:name: f:request: Manager: cert-manager-certificaterequests-issuer-acme Operation: Update Time: 2022-05-27T14:19:02Z API Version: acme.cert-manager.io/v1 Fields Type: FieldsV1 fieldsV1: f:status: .: f:authorizations: f:certificate: f:finalizeURL: f:state: f:url: Manager: cert-manager-orders Operation: Update Subresource: status Time: 2022-05-27T14:19:55Z Owner References: API Version: cert-manager.io/v1 Block Owner Deletion: true Controller: true Kind: CertificateRequest Name: ingress-scm-cert-vm82q UID: 9987ba12-4f7d-444c-8caa-876ed1408114 Resource Version: 2497037 UID: eac4334b-b52e-468e-a811-5d487824f337 Spec: Dns Names: scm.juntotelecom.com.br Issuer Ref: Group: cert-manager.io Kind: ClusterIssuer Name: letsencrypt-staging Request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2h6Q0NBVzhDQVFBd0FEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5mZQowamo4Y0pNOXhIa1pwbEpmQndIeTl3S01hY0ZsZGkveXpoTHRpdXJvYjRPMDk3Yk5rbUFRYlhTYmJjM2xuSStICndpSU5NeExBbFNoQXY0UHZLTmJQbWIrZWpMVmY2dzhLbExjNWd1ZEtLVGlLak1FTzduTmtjTHhwSCtVYnZFS2EKcXN6OHBWT0ZBdUxTYjhBT2J1K1dpWUpjV09PbGhPRkV4TSt6QmJxbitqemVhRDF3cWp1NHM1VXVsM3FET1B1RApmVHFZTlVGVDRMekJJQnVHYXBpUzF1T3dzaS85c25xand3eGRnQ2pWai9ueWh0aEoxU1FYbk9tdGNsVWRBTVpjCkI3TStmaWRsN2ZRMCsrS2JuRlZMVzZnWDI4SGFWTTZpYjZzWXowNHZoMTNqcHpXOXV1VndUK3NMdzlCNng5ZjEKUGFjdG1FWTJvZGROSUtseEZHY0NBd0VBQWFCQ01FQUdDU3FHU0liM0RRRUpEakV6TURFd0lnWURWUjBSQkJzdwpHWUlYYzJOdExtcDFiblJ2ZEdWc1pXTnZiUzVqYjIwdVluSXdDd1lEVlIwUEJBUURBZ1dnTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQ0xiK1VrNTNGcGtxMkh3M1VuWGhZZ1FFVmIxZGxUWldSeHBCcWNqY3JveWhqMS9JRzkKRmtWZXlnWGhRVmt1UjQwbDYvZWhxbUNCZlFVWFJub3RFYS85ZTdNQXVQSnQ2ZjRwTDZ6N2QwNmFSc0tuQklzSwo1aHgzQUxralUxWXphTk16MnkxeFdYMFV4T05JUnJqSTFTR01VYW5pQlBrZGpVbjRpUlNDZmRLWXdGbmpWN21TCkNuaDF5aDk5NmdEWDQ2dzhaMmFMb2dPLzF3L0VqUzErVFBnSHM5TWFVWnZadGtSc0NhSmUrMmtGb2szRUFnRWcKNXp2TFZQMHh5clYyVWNUdk0rR3AzSERHY2JkTGZCQnU3cVc2MGZZbThLektmeDhoMnhKT2VabnVzVWd4eWJIWAplN0ZXM0RRNGNzR0kxclJYb2FUOC9Oa0dzck1uemRVK0g1MmYKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== Status: Authorizations: Challenges: Token: TVpYlM3TlLmEdGxaAy3EuXwsa5a43Maj7YG82pege_I Type: http-01 URL: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2552324354/Wg4C9Q Token: TVpYlM3TlLmEdGxaAy3EuXwsa5a43Maj7YG82pege_I Type: dns-01 URL: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2552324354/h-t0bw Token: TVpYlM3TlLmEdGxaAy3EuXwsa5a43Maj7YG82pege_I Type: tls-alpn-01 URL: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2552324354/DbMZuw Identifier: scm.juntotelecom.com.br Initial State: pending URL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2552324354 Wildcard: false Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZaRENDQkV5Z0F3SUJBZ0lUQVBvay9FTGw4ak5rbTR4QmgvenVKU1pUSURBTkJna3Foa2lHOXcwQkFRc0YKQURCWk1Rc3dDUVlEVlFRR0V3SlZVekVnTUI0R0ExVUVDaE1YS0ZOVVFVZEpUa2NwSUV4bGRDZHpJRVZ1WTNKNQpjSFF4S0RBbUJnTlZCQU1USHloVFZFRkhTVTVIS1NCQmNuUnBabWxqYVdGc0lFRndjbWxqYjNRZ1VqTXdIaGNOCk1qSXdOVEkzTVRNeE9UVTBXaGNOTWpJd09ESTFNVE14T1RVeldqQWlNU0F3SGdZRFZRUURFeGR6WTIwdWFuVnUKZEc5MFpXeGxZMjl0TG1OdmJTNWljakNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQgpBTmZlMGpqOGNKTTl4SGtacGxKZkJ3SHk5d0tNYWNGbGRpL3l6aEx0aXVyb2I0TzA5N2JOa21BUWJYU2JiYzNsCm5JK0h3aUlOTXhMQWxTaEF2NFB2S05iUG1iK2VqTFZmNnc4S2xMYzVndWRLS1RpS2pNRU83bk5rY0x4cEgrVWIKdkVLYXFzejhwVk9GQXVMU2I4QU9idStXaVlKY1dPT2xoT0ZFeE0rekJicW4ranplYUQxd3FqdTRzNVV1bDNxRApPUHVEZlRxWU5VRlQ0THpCSUJ1R2FwaVMxdU93c2kvOXNucWp3d3hkZ0NqVmovbnlodGhKMVNRWG5PbXRjbFVkCkFNWmNCN00rZmlkbDdmUTArK0tibkZWTFc2Z1gyOEhhVk02aWI2c1l6MDR2aDEzanB6Vzl1dVZ3VCtzTHc5QjYKeDlmMVBhY3RtRVkyb2RkTklLbHhGR2NDQXdFQUFhT0NBbG93Z2dKV01BNEdBMVVkRHdFQi93UUVBd0lGb0RBZApCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWRCZ05WCkhRNEVGZ1FVQUIyakJLT0VQTm9aRFp4b3RWV2tiZFFUNCtRd0h3WURWUjBqQkJnd0ZvQVUzbko2U044eHc2WlEKMzUrRkk5OVhOMHRkTG1Vd1hRWUlLd1lCQlFVSEFRRUVVVEJQTUNVR0NDc0dBUVVGQnpBQmhobG9kSFJ3T2k4dgpjM1JuTFhJekxtOHViR1Z1WTNJdWIzSm5NQ1lHQ0NzR0FRVUZCekFDaGhwb2RIUndPaTh2YzNSbkxYSXpMbWt1CmJHVnVZM0l1YjNKbkx6QWlCZ05WSFJFRUd6QVpnaGR6WTIwdWFuVnVkRzkwWld4bFkyOXRMbU52YlM1aWNqQk0KQmdOVkhTQUVSVEJETUFnR0JtZUJEQUVDQVRBM0Jnc3JCZ0VFQVlMZkV3RUJBVEFvTUNZR0NDc0dBUVVGQndJQgpGaHBvZEhSd09pOHZZM0J6TG14bGRITmxibU55ZVhCMExtOXlaekNDQVFRR0Npc0dBUVFCMW5rQ0JBSUVnZlVFCmdmSUE4QUIxQU4yWk5QeWw1eVNBeVZab2ZZRTBtUWhKc2tuM3RXbll4N3lyUDF6QjgyNWtBQUFCZ1FYaldJNEEKQUFRREFFWXdSQUlnTEswb1Nqc1JzbnZqWUVqNEtrZ3JEQXNYWkNyUjhPbHRlRll6c3ZjKzJUVUNJSCtpMUxEegpvNDgvV0o4NU5GYWRLczhkT2tCT3JlVElHa3hOaHpOMTVVVlFBSGNBc015RDVhWDVmV3V2ZkFuTUtFa0VoeXJICjZJc1RMR05RdDhiOUp1RnNiSGNBQUFHQkJlTmFmZ0FBQkFNQVNEQkdBaUVBczN3SDZBSXdpVWdXa2xxUU5CUEcKLzN1U3dZY1RNSWZnMlNGZThtVnlMcHdDSVFEN1IzbmhRZ2JMY1JveDZEWWt4bVNLMnFNdDZNNjVqNHE3c3J0WAoyQUk5bURBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQU5ybm5Gb2xIR0ZET2tlZnhKcHovSFJQMUpIVENRQ2t4Ck1BdkdqKy8wbVFjblo1aWJvWnNDb0RtK0tlaHdOTFJDeWtJK1l5Qll3VHBaRjJmOG5ub2NVZzlEWGlTUFlJaWcKWUc2dC9MWTR5bHRRbG5xcEtnUDhiSExiV1VkU1VlUTF2anJHbXhlSlZSMkFaTG1ZSzRwaWVyVEdRNGQ5UFp0MwpuWm04aHIyUmlDQjhPUllqTld5ZVhXSXhoWUo5ZExlOW9KV0dWeFJYLzhhZHZ6Tjl4VWpBanBPbktSdHRLS3hVCkZ0Ry9FNklEUlJ2Z2JHWTZpdUQ2bVdkUE1mTUNFbm9Ocy8zcDRBMElMeDI5Z0JKSWZhR0t5NXdIV25ZVkFtdGgKZ3dpWVBWVk1KYWlJVVpzMG9XTGgvdDZTd253T1FGWDdjZmJ1UUowazh0Y2E5ckFra1dJbVZRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRld6Q0NBME9nQXdJQkFnSVFUZlFybGRIdW16cE1Mck03alJCZDFqQU5CZ2txaGtpRzl3MEJBUXNGQURCbQpNUXN3Q1FZRFZRUUdFd0pWVXpFek1ERUdBMVVFQ2hNcUtGTlVRVWRKVGtjcElFbHVkR1Z5Ym1WMElGTmxZM1Z5CmFYUjVJRkpsYzJWaGNtTm9JRWR5YjNWd01TSXdJQVlEVlFRREV4a29VMVJCUjBsT1J5a2dVSEpsZEdWdVpDQlEKWldGeUlGZ3hNQjRYRFRJd01Ea3dOREF3TURBd01Gb1hEVEkxTURreE5URTJNREF3TUZvd1dURUxNQWtHQTFVRQpCaE1DVlZNeElEQWVCZ05WQkFvVEZ5aFRWRUZIU1U1SEtTQk1aWFFuY3lCRmJtTnllWEIwTVNnd0pnWURWUVFECkV4OG9VMVJCUjBsT1J5a2dRWEowYVdacFkybGhiQ0JCY0hKcFkyOTBJRkl6TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdTZUUjgrNzRiNDZtT0UxRlV3QnJ2eHpFWUxjazNpYXNtS3JjUWtiKwpneS96OUp5N1FOSUFsMEI5cFZLcDRZVTc2Snd4RjVET1paaGk3dks3U2JDa0s2RmJIbHlVNUJpRFlJeGJiZnZPCkwvalZHcWRzU2pOYUpRVGczQzNYckpqYS9IQTRXQ0ZFTVZvVDJ3RFptOEFCQzFOK0lRZTdRNkZFcWM4TndtVFMKbm1tUlFtNFRRdnIwNkRQK3pnRksvTU51YnhXV0RTYlNLS1RINWltNWoyZlpmZytqL3RNMWJHYWN6Rld3OC9sUwpudWt5bjVKMkwrTkpZbmNsemtYb2g5bk1GbnlQbVZiZnlEUE9jNFkyNWFUelZvZUJLWGEvY1o1TU0rV2RkamRMCmJpV3ZtMTlmMXNZbjFhUmFBSXJrcHB2N2trbjgzdmN0aDhYQ0czOXFDMlp2YVFJREFRQUJvNElCRURDQ0FRd3cKRGdZRFZSMFBBUUgvQkFRREFnR0dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQVRBUwpCZ05WSFJNQkFmOEVDREFHQVFIL0FnRUFNQjBHQTFVZERnUVdCQlRlY25wSTN6SERwbERmbjRVajMxYzNTMTB1ClpUQWZCZ05WSFNNRUdEQVdnQlMxODJYeS9yQUtraC83UEgzelJLQ3NZeVhERkRBMkJnZ3JCZ0VGQlFjQkFRUXEKTUNnd0pnWUlLd1lCQlFVSE1BS0dHbWgwZEhBNkx5OXpkR2N0ZURFdWFTNXNaVzVqY2k1dmNtY3ZNQ3NHQTFVZApId1FrTUNJd0lLQWVvQnlHR21oMGRIQTZMeTl6ZEdjdGVERXVZeTVzWlc1amNpNXZjbWN2TUNJR0ExVWRJQVFiCk1Ca3dDQVlHWjRFTUFRSUJNQTBHQ3lzR0FRUUJndDhUQVFFQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQ04KRExhbTl5TjBFRnh4bi8zcCtydVdPNm4vOWdvQ0FNNVBUNmNDNmZrak1zNHVhczZVR1hKanI1ajdQb1RRZjNDMQp2dXhpSUdSSkM2cXhWN3ljNlUwWCt3ME1qODVzSEk1RG5RVldONStEMWVyN21wMTNKSkEweGJBYkhhM1JsY3puCnkyUTgyWEt1aThXSHVXcmEwZ2IyS0xwZmJvWWoxR2hna2hyM2dhdTgzcEMvV1E4SGZrd2N2U3doSVlxVHF4b1oKVXE4SElmM004MnFTOWFLT1pFMENFbVN5UjF6WnFReEpVVDdlbU9VYXBrVU45cG9KOXpHYytGZ1JadmRybzBYQgp5cGhXWERhcU1ZcGgwRHhXLzEwaWc1ajR4bW1ORGpDUm1xSUtzS29XQTUyd0JUS0tYSzFuYTJ0eS9sVzVkaHRBCnhrejVyVlpGZDRzZ1M0SjBPK3ptNmQ1R1JrV3NOSjRrbm90R1hsOHZ0UzNYNDBLWGViM0E1Ky8zcDBxYUQyMTUKWHE4b1NOT1JmQjJvSTFrUXV5RUFKNXh2UFRkZndSbHlSRzNsRllvZHJSZzZwb1VCRC84Zk5UWE10enlkcFJneQp6VVFaaC8xOEY2Qi9pVzZjYmlSTjlyMkhraDA1T20rcTAvNncwRGRaZSs4WXJOcGZoU09ici8xZVZaYktHTUlZCnFLbXlaYkJOdTV5c0VOSUs1TVBjMTRtVWVLbUZqcE44NDBWUjV6dW5vVTUybHFwTER1YS9xSU04aWRrODZ4R1cKeHgybWw0M0RPL1lhL3RWWlZvazBtTzBUVWp6SklmUHF5dnI0NTVJc0l1dDRSbENSOUlxMEVEVHZlMi9ad0N1RwpoU2pwVFVGR1NpUXJSMkpLMkV2cCtvNkFFVFVrQkNPMWF3MFBwUUJQRFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlGVkRDQ0JEeWdBd0lCQWdJUkFPMWRXOGx0Kzk5TlBzMXFTWTNSczhjd0RRWUpLb1pJaHZjTkFRRUxCUUF3CmNURUxNQWtHQTFVRUJoTUNWVk14TXpBeEJnTlZCQW9US2loVFZFRkhTVTVIS1NCSmJuUmxjbTVsZENCVFpXTjEKY21sMGVTQlNaWE5sWVhKamFDQkhjbTkxY0RFdE1Dc0dBMVVFQXhNa0tGTlVRVWRKVGtjcElFUnZZM1J2Y21WawpJRVIxY21saGJpQlNiMjkwSUVOQklGZ3pNQjRYRFRJeE1ERXlNREU1TVRRd00xb1hEVEkwTURrek1ERTRNVFF3Ck0xb3daakVMTUFrR0ExVUVCaE1DVlZNeE16QXhCZ05WQkFvVEtpaFRWRUZIU1U1SEtTQkpiblJsY201bGRDQlQKWldOMWNtbDBlU0JTWlhObFlYSmphQ0JIY205MWNERWlNQ0FHQTFVRUF4TVpLRk5VUVVkSlRrY3BJRkJ5WlhSbApibVFnVUdWaGNpQllNVENDQWlJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFMYmFnRWREClRhMVFnR0JXU1lreU1oc2NaWEVOT0JhVlJUTVgxaGNlSkVOZ3NMME1hNDlEM01pbEk0S1MzOG10a21kRjZjUFcKbkwrK2ZnZWhUMEZiUkhaZ2pPRXI4VUFONGpINm9tanJiVEQrK1ZabmVUc01WYUdhbVFtRGRGbDVnMWdZYWlnawprbXg4T2lDTzY4YTRRWGc0d1N5bjZpRGlwS1A4dXRzRSt4MUUyOFNBNzVIT1lxcGRyazRIR3h1VUx2bHIwM3daCkdUSWYvb1J0Mi9jK2RZbURvYUpoZ2UrR09yTEFFUUJ5TzcrOCt2ek93cE5BUEV4NkxXK2NyRUVaN2VCWGloNlYKUDE5c1RHeTN5ZnFLNXRQdFRkWFhDT1FNS0FwK2dDai9WQnlobUlyKzBpTkRDNTQwZ3R2VjMwM1dwY2J3bmtrTApZQzBGdDJjWVV5SHRrc3RPZlJjUk8rSzJjWm96b1N3VlB5QjgvSjlScGNSSzNqZ25YOWx1amZ3QS9wQWJQMEoyClVQUUZ4bVdGUlFuRmphcTZya3FiTkVCZ0x5K2tGTDFORXNSYnZGYktyUmk1Yll5MmxObXMyTkpQWnZkTlFiVC8KMmRCWkttSnF4SGt4Q3VPUUZqaEpRTmVPK05qbTFaMWlBVFMvM3J0czJ5WmxxWEtzeFFVek42dk5iRDhLblhSTQpFZU9YVVl2YlY0bHFmQ2Y4bVMxNFdFYlNpTXk4N0dCNVM5dWNTVjFYVXJsVEc1VUdjTVNaT0JjRVVwaXNSUEVtClFXVU9UV0lvRFE1Rk9pYS9HSStLaTUyM3IycnVFbWJtRzM3RUJTQlhkeElkbmRxcmp5K1FWQW1DZWJ5RHg5ZVYKRUdPSXBuMjZiVzVMS2VydW1KeGEvQ0ZCYUtpNGJSdm1kSlJMQWdNQkFBR2pnZkV3Z2U0d0RnWURWUjBQQVFILwpCQVFEQWdFR01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZMWHpaZkwrc0FxU0gvczhmZk5FCm9LeGpKY01VTUI4R0ExVWRJd1FZTUJhQUZBaFgyb25Ib2xONURFL2Q0SkNQZExyaUozTkVNRGdHQ0NzR0FRVUYKQndFQkJDd3dLakFvQmdnckJnRUZCUWN3QW9ZY2FIUjBjRG92TDNOMFp5MWtjM1F6TG1rdWJHVnVZM0l1YjNKbgpMekF0QmdOVkhSOEVKakFrTUNLZ0lLQWVoaHhvZEhSd09pOHZjM1JuTFdSemRETXVZeTVzWlc1amNpNXZjbWN2Ck1DSUdBMVVkSUFRYk1Ca3dDQVlHWjRFTUFRSUJNQTBHQ3lzR0FRUUJndDhUQVFFQk1BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUJBUUI3dFI4QjBlSVFTUzZNaFA1a3V2R3RoK2ROMDJEc0locjB5SnRrMmVoSWNQSXFTeFJSbUhHbAo0dTJjM1FsdkVwZVJEcDJ3N2VRZFJUbEkvV25OaFk0Sk9vZnBNZjJ6d0FCZ0JXdEF1MFZvb1FjWlpUcFFydWlnCkYvejZ4WWtCazNVSGtqZXF4ek1OM2QxRXFHdXN4Sm9xZ2RUb3VaNVg1UVRUSWVlOW5RM0xFaFduUlNYRHg3WTAKdHRSMUJHZmNkcUhvcE80SUJxQWhia0tSakY1emo3T0Q4Y0czNW9teXdVYlp0T0puZnRpSTBuRmNSYXhiWG8wdgpvRGZMRDBTNitBQzJSM3RLcHFqa05YNi85MWhyUkZnbFVha3lNY1pVL3hsZXFidjYrTHIzWUQ4UHNCVHViNmxJCm9aMmxTMzhmTDE4QW9uNDU4ZmJjMEJQSHRlbmZoS2o1Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K Finalize URL: https://acme-staging-v02.api.letsencrypt.org/acme/finalize/55465934/2689108194 State: valid URL: https://acme-staging-v02.api.letsencrypt.org/acme/order/55465934/2689108194 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Created 3m53s cert-manager-orders Created Challenge resource "ingress-scm-cert-vm82q-4264773703-3719462628" for domain "scm.juntotelecom.com.br" Normal Complete 3m3s cert-manager-orders Order completed successfully
Emitindo o sertificado de produção - production
$ kubectl delete -f ingress-scm-ssl.yaml ingress.networking.k8s.io "ingress-scm" deleted
- ingress-scm-ssl.yaml
--- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: labels: app: scm name: ingress-scm namespace: scm-system annotations: #cert-manager.io/cluster-issuer: letsencrypt-staging cert-manager.io/cluster-issuer: letsencrypt-prod spec: ingressClassName: nginx rules: - host: scm.juntotelecom.com.br http: paths: - pathType: Prefix path: / backend: service: name: http-scm port: number: 3000 tls: - hosts: - scm.juntotelecom.com.br secretName: ingress-scm-cert
$ kubectl apply -f ingress-scm-ssl.yaml ingress.networking.k8s.io/ingress-scm created
$ kubectl describe ingress ingress-scm -n scm-system Name: ingress-scm Labels: app=scm Namespace: scm-system Address: 172.28.128.99 Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>) TLS: ingress-scm-cert terminates scm.juntotelecom.com.br Rules: Host Path Backends ---- ---- -------- scm.juntotelecom.com.br / http-scm:3000 (10.244.213.129:3000) Annotations: cert-manager.io/cluster-issuer: letsencrypt-prod Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal CreateCertificate 40s cert-manager-ingress-shim Successfully created Certificate "ingress-scm-cert" Normal Sync 37s (x2 over 40s) nginx-ingress-controller Scheduled for sync
$ kubectl get certificaterequest -n scm-system
NAME APPROVED DENIED READY ISSUER REQUESTOR AGE
ingress-scm-cert-mv76b True True letsencrypt-prod system:serviceaccount:cert-manager:cert-manager 77s
$ kubectl describe certificaterequest ingress-scm-cert-mv76b -n scm-system Name: ingress-scm-cert-mv76b Namespace: scm-system Labels: app=scm Annotations: cert-manager.io/certificate-name: ingress-scm-cert cert-manager.io/certificate-revision: 1 cert-manager.io/private-key-secret-name: ingress-scm-cert-q52zf API Version: cert-manager.io/v1 Kind: CertificateRequest Metadata: Creation Timestamp: 2022-05-27T14:32:13Z Generate Name: ingress-scm-cert- Generation: 1 Managed Fields: API Version: cert-manager.io/v1 Fields Type: FieldsV1 fieldsV1: f:status: .: f:conditions: .: k:{"type":"Approved"}: .: f:lastTransitionTime: f:message: f:reason: f:status: f:type: Manager: cert-manager-certificaterequests-approver Operation: Update Subresource: status Time: 2022-05-27T14:32:13Z API Version: cert-manager.io/v1 Fields Type: FieldsV1 fieldsV1: f:metadata: f:annotations: .: f:cert-manager.io/certificate-name: f:cert-manager.io/certificate-revision: f:cert-manager.io/private-key-secret-name: f:generateName: f:labels: .: f:app: f:ownerReferences: .: k:{"uid":"401de434-ca12-44f3-83c0-f441ce0f9fb9"}: f:spec: .: f:issuerRef: .: f:group: f:kind: f:name: f:request: f:usages: Manager: cert-manager-certificates-request-manager Operation: Update Time: 2022-05-27T14:32:13Z API Version: cert-manager.io/v1 Fields Type: FieldsV1 fieldsV1: f:status: f:certificate: f:conditions: k:{"type":"Ready"}: .: f:lastTransitionTime: f:message: f:reason: f:status: f:type: Manager: cert-manager-certificaterequests-issuer-acme Operation: Update Subresource: status Time: 2022-05-27T14:32:46Z Owner References: API Version: cert-manager.io/v1 Block Owner Deletion: true Controller: true Kind: Certificate Name: ingress-scm-cert UID: 401de434-ca12-44f3-83c0-f441ce0f9fb9 Resource Version: 2499559 UID: 1d5b6891-6b8f-4ae0-97c6-014b574d77ec Spec: Extra: authentication.kubernetes.io/pod-name: cert-manager-76578c9687-qlmbm authentication.kubernetes.io/pod-uid: b997afd3-f8a2-46ca-a02a-f72273bb449c Groups: system:serviceaccounts system:serviceaccounts:cert-manager system:authenticated Issuer Ref: Group: cert-manager.io Kind: ClusterIssuer Name: letsencrypt-prod Request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2h6Q0NBVzhDQVFBd0FEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5mZQowamo4Y0pNOXhIa1pwbEpmQndIeTl3S01hY0ZsZGkveXpoTHRpdXJvYjRPMDk3Yk5rbUFRYlhTYmJjM2xuSStICndpSU5NeExBbFNoQXY0UHZLTmJQbWIrZWpMVmY2dzhLbExjNWd1ZEtLVGlLak1FTzduTmtjTHhwSCtVYnZFS2EKcXN6OHBWT0ZBdUxTYjhBT2J1K1dpWUpjV09PbGhPRkV4TSt6QmJxbitqemVhRDF3cWp1NHM1VXVsM3FET1B1RApmVHFZTlVGVDRMekJJQnVHYXBpUzF1T3dzaS85c25xand3eGRnQ2pWai9ueWh0aEoxU1FYbk9tdGNsVWRBTVpjCkI3TStmaWRsN2ZRMCsrS2JuRlZMVzZnWDI4SGFWTTZpYjZzWXowNHZoMTNqcHpXOXV1VndUK3NMdzlCNng5ZjEKUGFjdG1FWTJvZGROSUtseEZHY0NBd0VBQWFCQ01FQUdDU3FHU0liM0RRRUpEakV6TURFd0lnWURWUjBSQkJzdwpHWUlYYzJOdExtcDFiblJ2ZEdWc1pXTnZiUzVqYjIwdVluSXdDd1lEVlIwUEJBUURBZ1dnTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQ0xiK1VrNTNGcGtxMkh3M1VuWGhZZ1FFVmIxZGxUWldSeHBCcWNqY3JveWhqMS9JRzkKRmtWZXlnWGhRVmt1UjQwbDYvZWhxbUNCZlFVWFJub3RFYS85ZTdNQXVQSnQ2ZjRwTDZ6N2QwNmFSc0tuQklzSwo1aHgzQUxralUxWXphTk16MnkxeFdYMFV4T05JUnJqSTFTR01VYW5pQlBrZGpVbjRpUlNDZmRLWXdGbmpWN21TCkNuaDF5aDk5NmdEWDQ2dzhaMmFMb2dPLzF3L0VqUzErVFBnSHM5TWFVWnZadGtSc0NhSmUrMmtGb2szRUFnRWcKNXp2TFZQMHh5clYyVWNUdk0rR3AzSERHY2JkTGZCQnU3cVc2MGZZbThLektmeDhoMnhKT2VabnVzVWd4eWJIWAplN0ZXM0RRNGNzR0kxclJYb2FUOC9Oa0dzck1uemRVK0g1MmYKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== UID: 37235979-7c85-46a9-b490-75dae9c9f558 Usages: digital signature key encipherment Username: system:serviceaccount:cert-manager:cert-manager Status: Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZNekNDQkJ1Z0F3SUJBZ0lTQTBNUTd5cDFwb3NrbXRRTlI3OVlUMW1RTUEwR0NTcUdTSWIzRFFFQkN3VUEKTURJeEN6QUpCZ05WQkFZVEFsVlRNUll3RkFZRFZRUUtFdzFNWlhRbmN5QkZibU55ZVhCME1Rc3dDUVlEVlFRRApFd0pTTXpBZUZ3MHlNakExTWpjeE16TXlORFZhRncweU1qQTRNalV4TXpNeU5EUmFNQ0l4SURBZUJnTlZCQU1UCkYzTmpiUzVxZFc1MGIzUmxiR1ZqYjIwdVkyOXRMbUp5TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEEKTUlJQkNnS0NBUUVBMTk3U09QeHdrejNFZVJtbVVsOEhBZkwzQW94cHdXVjJML0xPRXUySzZ1aHZnN1QzdHMyUwpZQkJ0ZEp0dHplV2NqNGZDSWcwekVzQ1ZLRUMvZys4bzFzK1p2NTZNdFYvckR3cVV0em1DNTBvcE9JcU13UTd1CmMyUnd2R2tmNVJ1OFFwcXF6UHlsVTRVQzR0SnZ3QTV1NzVhSmdseFk0NldFNFVURXo3TUZ1cWY2UE41b1BYQ3EKTzdpemxTNlhlb000KzROOU9wZzFRVlBndk1FZ0c0WnFtSkxXNDdDeUwvMnllcVBEREYyQUtOV1ArZktHMkVuVgpKQmVjNmExeVZSMEF4bHdIc3o1K0oyWHQ5RFQ3NHB1Y1ZVdGJxQmZid2RwVXpxSnZxeGpQVGkrSFhlT25OYjI2CjVYQlA2d3ZEMEhySDEvVTlweTJZUmphaDEwMGdxWEVVWndJREFRQUJvNElDVVRDQ0FrMHdEZ1lEVlIwUEFRSC8KQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RQpBakFBTUIwR0ExVWREZ1FXQkJRQUhhTUVvNFE4MmhrTm5HaTFWYVJ0MUJQajVEQWZCZ05WSFNNRUdEQVdnQlFVCkxyTVh0MWhXeTY1UUNVRG1INitkaXhUQ3hqQlZCZ2dyQmdFRkJRY0JBUVJKTUVjd0lRWUlLd1lCQlFVSE1BR0cKRldoMGRIQTZMeTl5TXk1dkxteGxibU55TG05eVp6QWlCZ2dyQmdFRkJRY3dBb1lXYUhSMGNEb3ZMM0l6TG1rdQpiR1Z1WTNJdWIzSm5MekFpQmdOVkhSRUVHekFaZ2hkelkyMHVhblZ1ZEc5MFpXeGxZMjl0TG1OdmJTNWljakJNCkJnTlZIU0FFUlRCRE1BZ0dCbWVCREFFQ0FUQTNCZ3NyQmdFRUFZTGZFd0VCQVRBb01DWUdDQ3NHQVFVRkJ3SUIKRmhwb2RIUndPaTh2WTNCekxteGxkSE5sYm1OeWVYQjBMbTl5WnpDQ0FRTUdDaXNHQVFRQjFua0NCQUlFZ2ZRRQpnZkVBN3dCMkFFSEl5ckhmSWtaS0VNYWhPZ2xDaDE1T01Zc2JBK3ZyUzhkbzhKQmlsZ2IyQUFBQmdRWHZIbVVBCkFBUURBRWN3UlFJZ1ZHZ1ViU0ZNUlZKUHJvZ01UeTVFd0k0MDBQUkhER2VQbnp3QzlyY2FaUDhDSVFDWTRZdm4KdHlBUUtaUXFJS1hmcjhiRFBTbmxVMUlDcjJXeTNPb0hJdHpxZmdCMUFFYWxWZXQxK3BFZ01MV2lpV24wODMwUgpMRUYwdnYxSnVJV3I4dnh3L20xSEFBQUJnUVh2SG93QUFBUURBRVl3UkFJZ0ZSd3JibUpzQjY3SlBrRjRaczV4CllrTFp6TEV2YlRRbTNXVDJqL2I3UFFZQ0lIYmhZSjdxOEJvTERMclJZelVNTlZKVjV6Tjliem44aHdvZ0QyM0sKNDhWa01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQXE5azNqN0VLWnB4WHEweWJya05tM0tOM2lNRERxRzlWbwp6Sktvc2R2dGRKb1ZNR3paOHEwWHVRelEzakFhRE1XSTA4b3BGVEw1cS9nQU5hVHYxYm41ZzBvQzExVlZ3RnEyCmZzdnBLa0pEcjBOSGt1ay9jcWxyZlBSV3hldWgveXdpYml0M1JDZThDVStqTkpVanovbVZRUkM0bC9vN1YzU1QKRHZQcGNtOW9QZTIvV25JRk4vL3BrYlRRVjNHNXVZNHg2Ni9GU1Q1aWh5QkphWEZ5QkhUWlFwMnRmYTdFV0VUSAptUVB2UzVkKzYwTThEaWluZlIvVlNHVDIxWXJNNEZyWUU1dlYvTXdHcGRoNjkwdFJ4UmtZU1JhRE1OeEJTQWkzCjFjS2tUYmZkN1MvVWxFd0lKZ3Iydm1kQVgwdXhnV0hnZkUxbTRROUtXZ0lZRzg5QUhBN2MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRkZqQ0NBdjZnQXdJQkFnSVJBSkVyQ0VyUERCaW5VL2JXTGlXblgxb3dEUVlKS29aSWh2Y05BUUVMQlFBdwpUekVMTUFrR0ExVUVCaE1DVlZNeEtUQW5CZ05WQkFvVElFbHVkR1Z5Ym1WMElGTmxZM1Z5YVhSNUlGSmxjMlZoCmNtTm9JRWR5YjNWd01SVXdFd1lEVlFRREV3eEpVMUpISUZKdmIzUWdXREV3SGhjTk1qQXdPVEEwTURBd01EQXcKV2hjTk1qVXdPVEUxTVRZd01EQXdXakF5TVFzd0NRWURWUVFHRXdKVlV6RVdNQlFHQTFVRUNoTU5UR1YwSjNNZwpSVzVqY25sd2RERUxNQWtHQTFVRUF4TUNVak13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUM3QWhVb3pQYWdsTk1QRXV5TlZaTEQrSUx4bWFaNlFvaW5YU2FxdFN1NXhVeXhyNDVyK1hYSW85Y1AKUjVRVVZUVlhqSjZvb2prWjlZSThRcWxPYnZVN3d5N2JqY0N3WFBOWk9PZnR6Mm53V2dzYnZzQ1VKQ1dIK2pkeApzeFBuSEt6aG0rL2I1RHRGVWtXV3FjRlR6alRJVXU2MXJ1MlAzbUJ3NHFWVXE3WnREcGVsUURScks5TzhadXRtCk5IejZhNHVQVnltWitEQVhYYnB5Yi91QnhhM1NobGc5RjhmbkNidnhLL2VHM01IYWNWM1VSdVBNclNYQmlMeGcKWjNWbXMvRVk5NkpjNWxQL09vaTJSNlgvRXhqcW1BbDNQNTFUK2M4QjVmV21jQmNVcjJPay81bXprNTNjVTZjRwova2lGSGFGcHJpVjF1eFBNVWdQMTdWR2hpOXNWQWdNQkFBR2pnZ0VJTUlJQkJEQU9CZ05WSFE4QkFmOEVCQU1DCkFZWXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0lHQ0NzR0FRVUZCd01CTUJJR0ExVWRFd0VCL3dRSU1BWUIKQWY4Q0FRQXdIUVlEVlIwT0JCWUVGQlF1c3hlM1dGYkxybEFKUU9ZZnI1MkxGTUxHTUI4R0ExVWRJd1FZTUJhQQpGSG0wV2VaN3R1WGtBWE9BQ0lqSUdsajI2WnR1TURJR0NDc0dBUVVGQndFQkJDWXdKREFpQmdnckJnRUZCUWN3CkFvWVdhSFIwY0RvdkwzZ3hMbWt1YkdWdVkzSXViM0puTHpBbkJnTlZIUjhFSURBZU1CeWdHcUFZaGhab2RIUncKT2k4dmVERXVZeTVzWlc1amNpNXZjbWN2TUNJR0ExVWRJQVFiTUJrd0NBWUdaNEVNQVFJQk1BMEdDeXNHQVFRQgpndDhUQVFFQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQ0Z5azVIUHFQM2hVU0Z2TlZuZUxLWVk2MTFUUjZXClBUTmxjbFF0Z2FEcXcrMzRJTDlmekxkd0FMZHVPL1plbE43a0lKK203NHV5QStlaXRSWThrYzYwN1RrQzUzd2wKaWtmbVpXNC9SdlRaOE02VUsrNVV6aEs4akNkTHVNR1lMNkt2elhHUlNnaTN5TGdqZXdRdENQa0lWejZEMlFRegpDa2NoZUFtQ0o4TXF5SnU1emx6eVpNakF2bm5BVDQ1dFJBeGVrcnN1OTRzUTRlZ2RSQ25iV1NEdFk3a2grQkltCmxKTlhvQjFsQk1FS0lxNFFEVU9Yb1JnZmZ1RGdoamUxV3JHOU1MK0hiaXNxL3lGT0d3WEQ5UmlYOEY2c3c2VzQKYXZBdXZEc3p1ZTVMM3N6ODVLK0VDNFkvd0ZWRE52Wm80VFlYYW82WjBmK2xRS2MwdDhEUVl6azFPWFZ1OHJwMgp5Sk1DNmFsTGJCZk9EQUxadllIN243ZG8xQVpsczRJOWQxUDRqbmtEclFveEIzVXFROWhWbDNMRUtRNzN4RjFPCnlLNUdoRERYOG9WZkdLRjV1K2RlY0lzSDRZYVR3N21QM0dGeEpTcXYzKzBsVUZKb2k1TGM1ZGExNDlwOTBJZHMKaENFeHJvTDErN21yeUlrWFBlRk01VGdPOXIwcnZaYUJGT3ZWMnowZ3AzNVowK0w0V1BsYnVFak4vbHhQRmluKwpIbFVqcjhnUnNJM3FmSk9RRnkvOXJLSUpSMFkvOE9td3QvOG9UV2d5MW1kZUhtbWprN2oxbllzdkM5SlNRNlp2Ck1sZGxUVEtCM3poVGhWMStYV1lwNnJqZDVKVzF6YlZXRWtMTnhFN0dKVGhFVUczc3pnQlZHUDdwU1dUVVRzcVgKbkxSYndIT29xN2hId2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlGWURDQ0JFaWdBd0lCQWdJUVFBRjNJVGZVNlVLNDduYXFQR1FLdHpBTkJna3Foa2lHOXcwQkFRc0ZBREEvCk1TUXdJZ1lEVlFRS0V4dEVhV2RwZEdGc0lGTnBaMjVoZEhWeVpTQlVjblZ6ZENCRGJ5NHhGekFWQmdOVkJBTVQKRGtSVFZDQlNiMjkwSUVOQklGZ3pNQjRYRFRJeE1ERXlNREU1TVRRd00xb1hEVEkwTURrek1ERTRNVFF3TTFvdwpUekVMTUFrR0ExVUVCaE1DVlZNeEtUQW5CZ05WQkFvVElFbHVkR1Z5Ym1WMElGTmxZM1Z5YVhSNUlGSmxjMlZoCmNtTm9JRWR5YjNWd01SVXdFd1lEVlFRREV3eEpVMUpISUZKdmIzUWdXREV3Z2dJaU1BMEdDU3FHU0liM0RRRUIKQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUUN0NkNSejlCUTM4NXVlSzFjb0hJZSszTGZmT0pDTWJqem1WNkI0OTNYQwpvdjcxYW03MkFFOG8yOTVvaG14RWs3YXhZLzBVRW11L0g5THFNWnNoZnRFelBMcEk5ZDE1MzdPNC94THhJWnBMCndZcUdjV2xLWm1ac2ozNDhjTCt0S1NJRzgrVEE1b0N1NGt1UHQ1bCtsQU9mMDBlWGZKbElJMVBvT0s1UENtK0QKTHRGSlY0eUFkTGJhTDlBNGpYc0RjQ0ViZGZJd1BQcVBydDNhWTZ2ckZrL0NqaEZMZnM4TDZQKzFkeTcwc250Swo0RXdTSlF4d2pRTXBvT0ZUSk93VDJlNFp2eEN6U293L2lhTmhVZDZzaHdlVTlHTng3QzdpYjF1WWdlR0pYRFI1CmJIYnZPNUJpZWViYnBKb3ZKc1hRRU9FTzN0a1FqaGI3dC9lbzk4ZmxBZ2VZanpZSWxlZmlONVlOTm5XZSt3NXkKc1IyYnZBUDVTUVhZZ2QwRnRDcldRZW1zQVhhVkNnL1kzOVc5RWg4MUx5Z1hiTktZd2FnSlpIZHVSemU2enF4WgpYbWlkZjNMV2ljVUdRU2srV1Q3ZEp2VWt5UkduV3FOTVFCOUdvWm0xcHpwUmJvWTdubjF5cHhJRmVGbnRQbEY0CkZRc0RqNDNRTHdXeVBudEtIRXR6QlJMOHh1cmdVQk44UTVOMHM4cDA1NDRmQVFqUU1OUmJjVGEwQjdyQk1EQmMKU0xlQ081aW1mV0NLb3FNcGdzeTZ2WU1FRzZLREEwR2gxZ1h4RzhLMjhLaDhoanRHcUVncWlOeDJtbmEvSDJxbApQUm1QNnpqelpON0lLdzBLS1AvMzIrSVZRdFFpMENkZDRYbitHT2R3aUsxTzV0bUxPc2JkSjFGdS83eGs5VE5EClR3SURBUUFCbzRJQlJqQ0NBVUl3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFPQmdOVkhROEJBZjhFQkFNQ0FRWXcKU3dZSUt3WUJCUVVIQVFFRVB6QTlNRHNHQ0NzR0FRVUZCekFDaGk5b2RIUndPaTh2WVhCd2N5NXBaR1Z1ZEhKMQpjM1F1WTI5dEwzSnZiM1J6TDJSemRISnZiM1JqWVhnekxuQTNZekFmQmdOVkhTTUVHREFXZ0JURXA3R2tleXh4Cit0dmhTNUIxLzhRVllJV0pFREJVQmdOVkhTQUVUVEJMTUFnR0JtZUJEQUVDQVRBL0Jnc3JCZ0VFQVlMZkV3RUIKQVRBd01DNEdDQ3NHQVFVRkJ3SUJGaUpvZEhSd09pOHZZM0J6TG5KdmIzUXRlREV1YkdWMGMyVnVZM0o1Y0hRdQpiM0puTUR3R0ExVWRId1ExTURNd01hQXZvQzJHSzJoMGRIQTZMeTlqY213dWFXUmxiblJ5ZFhOMExtTnZiUzlFClUxUlNUMDlVUTBGWU0wTlNUQzVqY213d0hRWURWUjBPQkJZRUZIbTBXZVo3dHVYa0FYT0FDSWpJR2xqMjZadHUKTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBS2N3QnNsbTcvRGxMUXJ0Mk01MW9HclMrbzQ0Ky95UW9ERlZEQwo1V3hDdTIrYjlMUlB3a1NJQ0hYTTZ3ZWJGR0p1ZU43c0o3bzVYUFdpb1c1V2xIQVFVN0c3NUsvUW9zTXJBZFNXCjlNVWdOVFA1MkdFMjRIR050TGkxcW9KRmxjRHlxU01vNTlhaHkyY0kycUJETEtvYmt4L0ozdldyYVYwVDlWdUcKV0NMS1RWWGtjR2R0d2xmRlJqbEJ6NHBZZzFodG1mNVg2RFlPOEE0anF2MklsOURqWEE2VVNiVzFGelhTTHI5TwpoZThZNElXUzZ3WTdiQ2tqQ1dEY1JRSk1FaGc3NmZzTzN0eEUrRmlZcnVxOVJVV2hpRjFteXY0UTZXK0N5QkZDCkRmdnA3T09HQU42ZEVPTTQrcVI5c2Rqb1NZS0VCcHNyNkd0UEFRdzRkeTc1M2VjNQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== Conditions: Last Transition Time: 2022-05-27T14:32:13Z Message: Certificate request has been approved by cert-manager.io Reason: cert-manager.io Status: True Type: Approved Last Transition Time: 2022-05-27T14:32:46Z Message: Certificate fetched from issuer successfully Reason: Issued Status: True Type: Ready Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal cert-manager.io 117s cert-manager-certificaterequests-approver Certificate request has been approved by cert-manager.io Normal OrderCreated 117s cert-manager-certificaterequests-issuer-acme Created Order resource scm-system/ingress-scm-cert-mv76b-1966844343 Normal CertificateIssued 84s cert-manager-certificaterequests-issuer-acme Certificate fetched from issuer successfully
$ kubectl get order -n scm-system NAME STATE AGE ingress-scm-cert-mv76b-1966844343 valid 3m2s
$ kubectl describe order ingress-scm-cert-mv76b-1966844343 -n scm-system Name: ingress-scm-cert-mv76b-1966844343 Namespace: scm-system Labels: app=scm Annotations: cert-manager.io/certificate-name: ingress-scm-cert cert-manager.io/certificate-revision: 1 cert-manager.io/private-key-secret-name: ingress-scm-cert-q52zf API Version: acme.cert-manager.io/v1 Kind: Order Metadata: Creation Timestamp: 2022-05-27T14:32:13Z Generation: 1 Managed Fields: API Version: acme.cert-manager.io/v1 Fields Type: FieldsV1 fieldsV1: f:metadata: f:annotations: .: f:cert-manager.io/certificate-name: f:cert-manager.io/certificate-revision: f:cert-manager.io/private-key-secret-name: f:labels: .: f:app: f:ownerReferences: .: k:{"uid":"1d5b6891-6b8f-4ae0-97c6-014b574d77ec"}: f:spec: .: f:dnsNames: f:issuerRef: .: f:group: f:kind: f:name: f:request: Manager: cert-manager-certificaterequests-issuer-acme Operation: Update Time: 2022-05-27T14:32:13Z API Version: acme.cert-manager.io/v1 Fields Type: FieldsV1 fieldsV1: f:status: .: f:authorizations: f:certificate: f:finalizeURL: f:state: f:url: Manager: cert-manager-orders Operation: Update Subresource: status Time: 2022-05-27T14:32:46Z Owner References: API Version: cert-manager.io/v1 Block Owner Deletion: true Controller: true Kind: CertificateRequest Name: ingress-scm-cert-mv76b UID: 1d5b6891-6b8f-4ae0-97c6-014b574d77ec Resource Version: 2499556 UID: 1af3b89f-8518-46bd-b596-800919dd9f42 Spec: Dns Names: scm.juntotelecom.com.br Issuer Ref: Group: cert-manager.io Kind: ClusterIssuer Name: letsencrypt-prod Request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2h6Q0NBVzhDQVFBd0FEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5mZQowamo4Y0pNOXhIa1pwbEpmQndIeTl3S01hY0ZsZGkveXpoTHRpdXJvYjRPMDk3Yk5rbUFRYlhTYmJjM2xuSStICndpSU5NeExBbFNoQXY0UHZLTmJQbWIrZWpMVmY2dzhLbExjNWd1ZEtLVGlLak1FTzduTmtjTHhwSCtVYnZFS2EKcXN6OHBWT0ZBdUxTYjhBT2J1K1dpWUpjV09PbGhPRkV4TSt6QmJxbitqemVhRDF3cWp1NHM1VXVsM3FET1B1RApmVHFZTlVGVDRMekJJQnVHYXBpUzF1T3dzaS85c25xand3eGRnQ2pWai9ueWh0aEoxU1FYbk9tdGNsVWRBTVpjCkI3TStmaWRsN2ZRMCsrS2JuRlZMVzZnWDI4SGFWTTZpYjZzWXowNHZoMTNqcHpXOXV1VndUK3NMdzlCNng5ZjEKUGFjdG1FWTJvZGROSUtseEZHY0NBd0VBQWFCQ01FQUdDU3FHU0liM0RRRUpEakV6TURFd0lnWURWUjBSQkJzdwpHWUlYYzJOdExtcDFiblJ2ZEdWc1pXTnZiUzVqYjIwdVluSXdDd1lEVlIwUEJBUURBZ1dnTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQ0xiK1VrNTNGcGtxMkh3M1VuWGhZZ1FFVmIxZGxUWldSeHBCcWNqY3JveWhqMS9JRzkKRmtWZXlnWGhRVmt1UjQwbDYvZWhxbUNCZlFVWFJub3RFYS85ZTdNQXVQSnQ2ZjRwTDZ6N2QwNmFSc0tuQklzSwo1aHgzQUxralUxWXphTk16MnkxeFdYMFV4T05JUnJqSTFTR01VYW5pQlBrZGpVbjRpUlNDZmRLWXdGbmpWN21TCkNuaDF5aDk5NmdEWDQ2dzhaMmFMb2dPLzF3L0VqUzErVFBnSHM5TWFVWnZadGtSc0NhSmUrMmtGb2szRUFnRWcKNXp2TFZQMHh5clYyVWNUdk0rR3AzSERHY2JkTGZCQnU3cVc2MGZZbThLektmeDhoMnhKT2VabnVzVWd4eWJIWAplN0ZXM0RRNGNzR0kxclJYb2FUOC9Oa0dzck1uemRVK0g1MmYKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== Status: Authorizations: Challenges: Token: q0UmZfBO0QA1DyilkkXqJNGJ6a6ctsGU2wftN9EDG-4 Type: http-01 URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/113148616346/i408Xg Token: q0UmZfBO0QA1DyilkkXqJNGJ6a6ctsGU2wftN9EDG-4 Type: dns-01 URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/113148616346/TRMZVQ Token: q0UmZfBO0QA1DyilkkXqJNGJ6a6ctsGU2wftN9EDG-4 Type: tls-alpn-01 URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/113148616346/eA8AZQ Identifier: scm.juntotelecom.com.br Initial State: pending URL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/113148616346 Wildcard: false Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZNekNDQkJ1Z0F3SUJBZ0lTQTBNUTd5cDFwb3NrbXRRTlI3OVlUMW1RTUEwR0NTcUdTSWIzRFFFQkN3VUEKTURJeEN6QUpCZ05WQkFZVEFsVlRNUll3RkFZRFZRUUtFdzFNWlhRbmN5QkZibU55ZVhCME1Rc3dDUVlEVlFRRApFd0pTTXpBZUZ3MHlNakExTWpjeE16TXlORFZhRncweU1qQTRNalV4TXpNeU5EUmFNQ0l4SURBZUJnTlZCQU1UCkYzTmpiUzVxZFc1MGIzUmxiR1ZqYjIwdVkyOXRMbUp5TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEEKTUlJQkNnS0NBUUVBMTk3U09QeHdrejNFZVJtbVVsOEhBZkwzQW94cHdXVjJML0xPRXUySzZ1aHZnN1QzdHMyUwpZQkJ0ZEp0dHplV2NqNGZDSWcwekVzQ1ZLRUMvZys4bzFzK1p2NTZNdFYvckR3cVV0em1DNTBvcE9JcU13UTd1CmMyUnd2R2tmNVJ1OFFwcXF6UHlsVTRVQzR0SnZ3QTV1NzVhSmdseFk0NldFNFVURXo3TUZ1cWY2UE41b1BYQ3EKTzdpemxTNlhlb000KzROOU9wZzFRVlBndk1FZ0c0WnFtSkxXNDdDeUwvMnllcVBEREYyQUtOV1ArZktHMkVuVgpKQmVjNmExeVZSMEF4bHdIc3o1K0oyWHQ5RFQ3NHB1Y1ZVdGJxQmZid2RwVXpxSnZxeGpQVGkrSFhlT25OYjI2CjVYQlA2d3ZEMEhySDEvVTlweTJZUmphaDEwMGdxWEVVWndJREFRQUJvNElDVVRDQ0FrMHdEZ1lEVlIwUEFRSC8KQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RQpBakFBTUIwR0ExVWREZ1FXQkJRQUhhTUVvNFE4MmhrTm5HaTFWYVJ0MUJQajVEQWZCZ05WSFNNRUdEQVdnQlFVCkxyTVh0MWhXeTY1UUNVRG1INitkaXhUQ3hqQlZCZ2dyQmdFRkJRY0JBUVJKTUVjd0lRWUlLd1lCQlFVSE1BR0cKRldoMGRIQTZMeTl5TXk1dkxteGxibU55TG05eVp6QWlCZ2dyQmdFRkJRY3dBb1lXYUhSMGNEb3ZMM0l6TG1rdQpiR1Z1WTNJdWIzSm5MekFpQmdOVkhSRUVHekFaZ2hkelkyMHVhblZ1ZEc5MFpXeGxZMjl0TG1OdmJTNWljakJNCkJnTlZIU0FFUlRCRE1BZ0dCbWVCREFFQ0FUQTNCZ3NyQmdFRUFZTGZFd0VCQVRBb01DWUdDQ3NHQVFVRkJ3SUIKRmhwb2RIUndPaTh2WTNCekxteGxkSE5sYm1OeWVYQjBMbTl5WnpDQ0FRTUdDaXNHQVFRQjFua0NCQUlFZ2ZRRQpnZkVBN3dCMkFFSEl5ckhmSWtaS0VNYWhPZ2xDaDE1T01Zc2JBK3ZyUzhkbzhKQmlsZ2IyQUFBQmdRWHZIbVVBCkFBUURBRWN3UlFJZ1ZHZ1ViU0ZNUlZKUHJvZ01UeTVFd0k0MDBQUkhER2VQbnp3QzlyY2FaUDhDSVFDWTRZdm4KdHlBUUtaUXFJS1hmcjhiRFBTbmxVMUlDcjJXeTNPb0hJdHpxZmdCMUFFYWxWZXQxK3BFZ01MV2lpV24wODMwUgpMRUYwdnYxSnVJV3I4dnh3L20xSEFBQUJnUVh2SG93QUFBUURBRVl3UkFJZ0ZSd3JibUpzQjY3SlBrRjRaczV4CllrTFp6TEV2YlRRbTNXVDJqL2I3UFFZQ0lIYmhZSjdxOEJvTERMclJZelVNTlZKVjV6Tjliem44aHdvZ0QyM0sKNDhWa01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQXE5azNqN0VLWnB4WHEweWJya05tM0tOM2lNRERxRzlWbwp6Sktvc2R2dGRKb1ZNR3paOHEwWHVRelEzakFhRE1XSTA4b3BGVEw1cS9nQU5hVHYxYm41ZzBvQzExVlZ3RnEyCmZzdnBLa0pEcjBOSGt1ay9jcWxyZlBSV3hldWgveXdpYml0M1JDZThDVStqTkpVanovbVZRUkM0bC9vN1YzU1QKRHZQcGNtOW9QZTIvV25JRk4vL3BrYlRRVjNHNXVZNHg2Ni9GU1Q1aWh5QkphWEZ5QkhUWlFwMnRmYTdFV0VUSAptUVB2UzVkKzYwTThEaWluZlIvVlNHVDIxWXJNNEZyWUU1dlYvTXdHcGRoNjkwdFJ4UmtZU1JhRE1OeEJTQWkzCjFjS2tUYmZkN1MvVWxFd0lKZ3Iydm1kQVgwdXhnV0hnZkUxbTRROUtXZ0lZRzg5QUhBN2MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRkZqQ0NBdjZnQXdJQkFnSVJBSkVyQ0VyUERCaW5VL2JXTGlXblgxb3dEUVlKS29aSWh2Y05BUUVMQlFBdwpUekVMTUFrR0ExVUVCaE1DVlZNeEtUQW5CZ05WQkFvVElFbHVkR1Z5Ym1WMElGTmxZM1Z5YVhSNUlGSmxjMlZoCmNtTm9JRWR5YjNWd01SVXdFd1lEVlFRREV3eEpVMUpISUZKdmIzUWdXREV3SGhjTk1qQXdPVEEwTURBd01EQXcKV2hjTk1qVXdPVEUxTVRZd01EQXdXakF5TVFzd0NRWURWUVFHRXdKVlV6RVdNQlFHQTFVRUNoTU5UR1YwSjNNZwpSVzVqY25sd2RERUxNQWtHQTFVRUF4TUNVak13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUM3QWhVb3pQYWdsTk1QRXV5TlZaTEQrSUx4bWFaNlFvaW5YU2FxdFN1NXhVeXhyNDVyK1hYSW85Y1AKUjVRVVZUVlhqSjZvb2prWjlZSThRcWxPYnZVN3d5N2JqY0N3WFBOWk9PZnR6Mm53V2dzYnZzQ1VKQ1dIK2pkeApzeFBuSEt6aG0rL2I1RHRGVWtXV3FjRlR6alRJVXU2MXJ1MlAzbUJ3NHFWVXE3WnREcGVsUURScks5TzhadXRtCk5IejZhNHVQVnltWitEQVhYYnB5Yi91QnhhM1NobGc5RjhmbkNidnhLL2VHM01IYWNWM1VSdVBNclNYQmlMeGcKWjNWbXMvRVk5NkpjNWxQL09vaTJSNlgvRXhqcW1BbDNQNTFUK2M4QjVmV21jQmNVcjJPay81bXprNTNjVTZjRwova2lGSGFGcHJpVjF1eFBNVWdQMTdWR2hpOXNWQWdNQkFBR2pnZ0VJTUlJQkJEQU9CZ05WSFE4QkFmOEVCQU1DCkFZWXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0lHQ0NzR0FRVUZCd01CTUJJR0ExVWRFd0VCL3dRSU1BWUIKQWY4Q0FRQXdIUVlEVlIwT0JCWUVGQlF1c3hlM1dGYkxybEFKUU9ZZnI1MkxGTUxHTUI4R0ExVWRJd1FZTUJhQQpGSG0wV2VaN3R1WGtBWE9BQ0lqSUdsajI2WnR1TURJR0NDc0dBUVVGQndFQkJDWXdKREFpQmdnckJnRUZCUWN3CkFvWVdhSFIwY0RvdkwzZ3hMbWt1YkdWdVkzSXViM0puTHpBbkJnTlZIUjhFSURBZU1CeWdHcUFZaGhab2RIUncKT2k4dmVERXVZeTVzWlc1amNpNXZjbWN2TUNJR0ExVWRJQVFiTUJrd0NBWUdaNEVNQVFJQk1BMEdDeXNHQVFRQgpndDhUQVFFQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQ0Z5azVIUHFQM2hVU0Z2TlZuZUxLWVk2MTFUUjZXClBUTmxjbFF0Z2FEcXcrMzRJTDlmekxkd0FMZHVPL1plbE43a0lKK203NHV5QStlaXRSWThrYzYwN1RrQzUzd2wKaWtmbVpXNC9SdlRaOE02VUsrNVV6aEs4akNkTHVNR1lMNkt2elhHUlNnaTN5TGdqZXdRdENQa0lWejZEMlFRegpDa2NoZUFtQ0o4TXF5SnU1emx6eVpNakF2bm5BVDQ1dFJBeGVrcnN1OTRzUTRlZ2RSQ25iV1NEdFk3a2grQkltCmxKTlhvQjFsQk1FS0lxNFFEVU9Yb1JnZmZ1RGdoamUxV3JHOU1MK0hiaXNxL3lGT0d3WEQ5UmlYOEY2c3c2VzQKYXZBdXZEc3p1ZTVMM3N6ODVLK0VDNFkvd0ZWRE52Wm80VFlYYW82WjBmK2xRS2MwdDhEUVl6azFPWFZ1OHJwMgp5Sk1DNmFsTGJCZk9EQUxadllIN243ZG8xQVpsczRJOWQxUDRqbmtEclFveEIzVXFROWhWbDNMRUtRNzN4RjFPCnlLNUdoRERYOG9WZkdLRjV1K2RlY0lzSDRZYVR3N21QM0dGeEpTcXYzKzBsVUZKb2k1TGM1ZGExNDlwOTBJZHMKaENFeHJvTDErN21yeUlrWFBlRk01VGdPOXIwcnZaYUJGT3ZWMnowZ3AzNVowK0w0V1BsYnVFak4vbHhQRmluKwpIbFVqcjhnUnNJM3FmSk9RRnkvOXJLSUpSMFkvOE9td3QvOG9UV2d5MW1kZUhtbWprN2oxbllzdkM5SlNRNlp2Ck1sZGxUVEtCM3poVGhWMStYV1lwNnJqZDVKVzF6YlZXRWtMTnhFN0dKVGhFVUczc3pnQlZHUDdwU1dUVVRzcVgKbkxSYndIT29xN2hId2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlGWURDQ0JFaWdBd0lCQWdJUVFBRjNJVGZVNlVLNDduYXFQR1FLdHpBTkJna3Foa2lHOXcwQkFRc0ZBREEvCk1TUXdJZ1lEVlFRS0V4dEVhV2RwZEdGc0lGTnBaMjVoZEhWeVpTQlVjblZ6ZENCRGJ5NHhGekFWQmdOVkJBTVQKRGtSVFZDQlNiMjkwSUVOQklGZ3pNQjRYRFRJeE1ERXlNREU1TVRRd00xb1hEVEkwTURrek1ERTRNVFF3TTFvdwpUekVMTUFrR0ExVUVCaE1DVlZNeEtUQW5CZ05WQkFvVElFbHVkR1Z5Ym1WMElGTmxZM1Z5YVhSNUlGSmxjMlZoCmNtTm9JRWR5YjNWd01SVXdFd1lEVlFRREV3eEpVMUpISUZKdmIzUWdXREV3Z2dJaU1BMEdDU3FHU0liM0RRRUIKQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUUN0NkNSejlCUTM4NXVlSzFjb0hJZSszTGZmT0pDTWJqem1WNkI0OTNYQwpvdjcxYW03MkFFOG8yOTVvaG14RWs3YXhZLzBVRW11L0g5THFNWnNoZnRFelBMcEk5ZDE1MzdPNC94THhJWnBMCndZcUdjV2xLWm1ac2ozNDhjTCt0S1NJRzgrVEE1b0N1NGt1UHQ1bCtsQU9mMDBlWGZKbElJMVBvT0s1UENtK0QKTHRGSlY0eUFkTGJhTDlBNGpYc0RjQ0ViZGZJd1BQcVBydDNhWTZ2ckZrL0NqaEZMZnM4TDZQKzFkeTcwc250Swo0RXdTSlF4d2pRTXBvT0ZUSk93VDJlNFp2eEN6U293L2lhTmhVZDZzaHdlVTlHTng3QzdpYjF1WWdlR0pYRFI1CmJIYnZPNUJpZWViYnBKb3ZKc1hRRU9FTzN0a1FqaGI3dC9lbzk4ZmxBZ2VZanpZSWxlZmlONVlOTm5XZSt3NXkKc1IyYnZBUDVTUVhZZ2QwRnRDcldRZW1zQVhhVkNnL1kzOVc5RWg4MUx5Z1hiTktZd2FnSlpIZHVSemU2enF4WgpYbWlkZjNMV2ljVUdRU2srV1Q3ZEp2VWt5UkduV3FOTVFCOUdvWm0xcHpwUmJvWTdubjF5cHhJRmVGbnRQbEY0CkZRc0RqNDNRTHdXeVBudEtIRXR6QlJMOHh1cmdVQk44UTVOMHM4cDA1NDRmQVFqUU1OUmJjVGEwQjdyQk1EQmMKU0xlQ081aW1mV0NLb3FNcGdzeTZ2WU1FRzZLREEwR2gxZ1h4RzhLMjhLaDhoanRHcUVncWlOeDJtbmEvSDJxbApQUm1QNnpqelpON0lLdzBLS1AvMzIrSVZRdFFpMENkZDRYbitHT2R3aUsxTzV0bUxPc2JkSjFGdS83eGs5VE5EClR3SURBUUFCbzRJQlJqQ0NBVUl3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFPQmdOVkhROEJBZjhFQkFNQ0FRWXcKU3dZSUt3WUJCUVVIQVFFRVB6QTlNRHNHQ0NzR0FRVUZCekFDaGk5b2RIUndPaTh2WVhCd2N5NXBaR1Z1ZEhKMQpjM1F1WTI5dEwzSnZiM1J6TDJSemRISnZiM1JqWVhnekxuQTNZekFmQmdOVkhTTUVHREFXZ0JURXA3R2tleXh4Cit0dmhTNUIxLzhRVllJV0pFREJVQmdOVkhTQUVUVEJMTUFnR0JtZUJEQUVDQVRBL0Jnc3JCZ0VFQVlMZkV3RUIKQVRBd01DNEdDQ3NHQVFVRkJ3SUJGaUpvZEhSd09pOHZZM0J6TG5KdmIzUXRlREV1YkdWMGMyVnVZM0o1Y0hRdQpiM0puTUR3R0ExVWRId1ExTURNd01hQXZvQzJHSzJoMGRIQTZMeTlqY213dWFXUmxiblJ5ZFhOMExtTnZiUzlFClUxUlNUMDlVUTBGWU0wTlNUQzVqY213d0hRWURWUjBPQkJZRUZIbTBXZVo3dHVYa0FYT0FDSWpJR2xqMjZadHUKTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBS2N3QnNsbTcvRGxMUXJ0Mk01MW9HclMrbzQ0Ky95UW9ERlZEQwo1V3hDdTIrYjlMUlB3a1NJQ0hYTTZ3ZWJGR0p1ZU43c0o3bzVYUFdpb1c1V2xIQVFVN0c3NUsvUW9zTXJBZFNXCjlNVWdOVFA1MkdFMjRIR050TGkxcW9KRmxjRHlxU01vNTlhaHkyY0kycUJETEtvYmt4L0ozdldyYVYwVDlWdUcKV0NMS1RWWGtjR2R0d2xmRlJqbEJ6NHBZZzFodG1mNVg2RFlPOEE0anF2MklsOURqWEE2VVNiVzFGelhTTHI5TwpoZThZNElXUzZ3WTdiQ2tqQ1dEY1JRSk1FaGc3NmZzTzN0eEUrRmlZcnVxOVJVV2hpRjFteXY0UTZXK0N5QkZDCkRmdnA3T09HQU42ZEVPTTQrcVI5c2Rqb1NZS0VCcHNyNkd0UEFRdzRkeTc1M2VjNQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== Finalize URL: https://acme-v02.api.letsencrypt.org/acme/finalize/562203266/92387880686 State: valid URL: https://acme-v02.api.letsencrypt.org/acme/order/562203266/92387880686 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Created 3m34s cert-manager-orders Created Challenge resource "ingress-scm-cert-mv76b-1966844343-302753530" for domain "scm.juntotelecom.com.br" Normal Complete 3m4s cert-manager-orders Order completed successfully
Configuração do gitea
Autenticação LDAP -FreeIPA
Agora execute o sincronismo: Sincronizar dados de usuário externo
Grupos com permissão de acesso - FreeIPA
# ipa group-add gitadm --desc="Git Administrator" # ipa group-add gitaccess --desc="Git Access"
# ipa group-add-member gitadm --users=gean.martins # ipa group-add-member gitaccess --users=gean.martins
# ipa group-show gitadm --raw --all dn: cn=gitadm,cn=groups,cn=accounts,dc=juntotelecom,dc=com,dc=br cn: gitadm description: Git Administrator gidnumber: 187600022 member: uid=gean.martins,cn=users,cn=accounts,dc=juntotelecom,dc=com,dc=br ipaNTSecurityIdentifier: S-1-5-21-2731924211-1883941829-2112701219-1022 ipaUniqueID: f7e4b2ba-dc72-11ec-ad64-000c29ad9330 objectClass: top objectClass: groupofnames objectClass: nestedgroup objectClass: ipausergroup objectClass: ipaobject objectClass: posixgroup objectClass: ipantgroupattrs
# ipa group-show gitaccess --raw --all dn: cn=gitaccess,cn=groups,cn=accounts,dc=juntotelecom,dc=com,dc=br cn: gitaccess description: Git Access gidnumber: 187600023 member: uid=gean.martins,cn=users,cn=accounts,dc=juntotelecom,dc=com,dc=br ipaNTSecurityIdentifier: S-1-5-21-2731924211-1883941829-2112701219-1023 ipaUniqueID: 7a4ee55a-dd21-11ec-ab20-000c29ad9330 objectClass: top objectClass: groupofnames objectClass: nestedgroup objectClass: ipausergroup objectClass: ipaobject objectClass: posixgroup objectClass: ipantgroupattrs
Testando o repositório
$ sudo apt install git
$ git config --global user.name "Gean Martins" $ git config --global user.email "gean.martins@juntotelecom.com.br"
$ git clone https://scm.juntotelecom.com.br/gean.martins/primeiro.git Cloning into 'primeiro'... remote: Enumerating objects: 3, done. remote: Counting objects: 100% (3/3), done. remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0 Receiving objects: 100% (3/3), done.
$ cd primeiro/ $ touch file{1..5}.txt $ echo "# Meu primeiro repositório" > README.md $ git add --all
$ git status On branch master Your branch is up to date with 'origin/master'. Changes to be committed: (use "git restore --staged <file>..." to unstage) modified: README.md new file: file1.txt new file: file2.txt new file: file3.txt new file: file4.txt new file: file5.txt
$ git commit -m "Meu primeiro commit" [master 024a5df] Meu primeiro commit 6 files changed, 1 insertion(+), 2 deletions(-) create mode 100644 file1.txt create mode 100644 file2.txt create mode 100644 file3.txt create mode 100644 file4.txt create mode 100644 file5.txt
$ git push origin master Username for 'https://scm.juntotelecom.com.br': gean.martins Password for 'https://gean.martins@scm.juntotelecom.com.br': Enumerating objects: 6, done. Counting objects: 100% (6/6), done. Delta compression using up to 8 threads Compressing objects: 100% (2/2), done. Writing objects: 100% (4/4), 343 bytes | 343.00 KiB/s, done. Total 4 (delta 0), reused 0 (delta 0), pack-reused 0 remote: . Processing 1 references remote: Processed 1 references in total To https://scm.juntotelecom.com.br/gean.martins/primeiro.git 7d15c88..024a5df master -> master
