Skip to content

sinae99/basic-TLS-connectivity-lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
ca
ca
 
 
data
data
 
 
namespaces
namespaces
 
 
README.md
README.md
 
 

Repository files navigation

TLS-Check (Mongo + Redis + Postgres + TLS)

This repo deploys:

  • cert-manager
  • internal CA (self-signed bootstrap -> ClusterIssuer)
  • TLS certs for Postgres / Redis / Mongo
  • Postgres (Bitnami Helm, standalone, TLS)
  • Redis (Bitnami Helm, standalone, TLS)
  • Mongo (manifest, TLS enabled)

1) docker.io mirror fix

k3s requests: docker.io/rancher/mirrored-pause:3.6

create:

/etc/rancher/k3s/registries.yaml

sudo mkdir -p /etc/rancher/k3s
sudo nano /etc/rancher/k3s/registries.yaml

put this:

mirrors:
  docker.io:
    endpoint:
      - "https://docker.arvancloud.ir"

restart k3s:

sudo systemctl restart k3s

verify pause pulls:

sudo crictl pull docker.io/rancher/mirrored-pause:3.6

2) namespaces

kubectl apply -f namespaces/namespaces.yaml

3) install cert-manager

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.19.2/cert-manager.yaml

wait until ready:

kubectl rollout status deployment cert-manager -n cert-manager
kubectl rollout status deployment cert-manager-webhook -n cert-manager
kubectl rollout status deployment cert-manager-cainjector -n cert-manager

4) bootstrap CA + ClusterIssuer

issuer self-signed:

kubectl apply -f ca/bootstrap/issuer-selfsigned-cert-manager.yaml
kubectl get issuer -n cert-manager

create CA certificate (creates secret ca):

kubectl apply -f ca/ca/certificate-ca-cert-manager.yaml
kubectl get secret ca -n cert-manager

create ClusterIssuer:

kubectl apply -f ca/ca/clusterissuer-ca.yaml
kubectl get clusterissuer ca

5) issue DB TLS certs

kubectl apply -f data/postgres/cert/certificate.yaml
kubectl apply -f data/redis/cert/certificate.yaml
kubectl apply -f data/mongo/cert/certificate.yaml

wait:

kubectl get certificate -A
kubectl get secret -n data | grep tls

expected:

  • postgres-server-tls
  • redis-server-tls
  • mongo-server-tls

6) deploy Postgres (helm)

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update

helm upgrade --install postgres bitnami/postgresql   -n data   -f data/postgres/helm/values.yaml

wait:

kubectl get pods -n data -w

7) deploy Redis (helm)

helm upgrade --install redis bitnami/redis   -n data   -f data/redis/helm/values.yaml

wait:

kubectl get pods -n data -w

8) deploy Mongo (manifest)

kubectl apply -f data/mongo/manifest/mongo-manifest.yaml

wait:

kubectl get pods -n data -w

final verification

pods:

kubectl get pods -n cert-manager
kubectl get pods -n data

certificates:

kubectl get certificate -A

About

try to work with Cert-Manager and connect DBs (Mongo + Redis + Postgres)

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors