From 0363cc4ca850c03b16f66535ed08c9b0465cf225 Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 02:51:53 +0800 Subject: [PATCH 01/27] =?UTF-8?q?=E6=B7=BB=E5=8A=A0mTLS=E5=8F=8C=E5=90=91?= =?UTF-8?q?=E8=AE=A4=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- base/secret/client-ca-secret.yaml | 8 ++++++++ base/secret/kustomization.yaml | 4 +++- base/secret/server-tls-secret.yaml | 10 ++++++++++ gp2504/ingress.yaml | 9 +++++++++ 4 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 base/secret/client-ca-secret.yaml create mode 100644 base/secret/server-tls-secret.yaml diff --git a/base/secret/client-ca-secret.yaml b/base/secret/client-ca-secret.yaml new file mode 100644 index 0000000..f8a2443 --- /dev/null +++ b/base/secret/client-ca-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: client-ca-secret + namespace: ingress-nginx +type: Opaque +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlDK0RDQ0FlQ2dBd0lCQWdJQkFUQU5CZ2txaGtpRzl3MEJBUXNGQURBd01SRXdEd1lEVlFRREV3aE5lVlJsDQpjM1JEUVRFTE1Ba0dBMVVFQmhNQ1EwNHhEakFNQmdOVkJBb1RCVTE1VDNKbk1CNFhEVEkxTURReE5URTROREUxDQpNMW9YRFRJMk1EUXhOVEU0TkRFMU0xb3dNREVSTUE4R0ExVUVBeE1JVFhsVVpYTjBRMEV4Q3pBSkJnTlZCQVlUDQpBa05PTVE0d0RBWURWUVFLRXdWTmVVOXlaekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DDQpnZ0VCQUt0TEVSRFB5cnZTbDBmamtFWUVLMHFUTUEzTUZHUEg0RU96V1RFNERZVFJRRHBnTmlkZ2VFYWYwUzZKDQpDSFNsM0VrQTJFeEx3U0gyQUh5MUxxd3NwblVyNVVkWENIUXZEVFNKZWcrSGovZ054b3dBakZlMVgzclRhTWtjDQpRZDg0aHNiTExMQndjankwQUhmbXJ3eXJuN1B6d3RHb1dJZTJ0Y3BkRVpiWXVZR0tLOWk4YmsrT2xUeFFoYlBYDQpNM1pNNEFLc2NMUXZDNEpnaGZNc2JNZWtITThOSnV5V3dYSmV5MzFIRXRNK3JjZWJPRkFTRnVFMkhkMTVubVJpDQo5RjBVNnJEYWVrMjRsT2c0RDk3R2NTUVpvczRydklxV280aVo0Z2Q3dHNVRnFFaG1CTTQvNElISmV0elFQc0tODQpNbWh5L2wyZHNheDJFaVRmbVVQNVNsNkltOU1DQXdFQUFhTWRNQnN3REFZRFZSMFRCQVV3QXdFQi96QUxCZ05WDQpIUThFQkFNQ0FvUXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSVFDanRLS0NLdnFkTG8yUXN5Y0VYMmRoTVVpDQoxbWU3bFIyMmgzc0NONitKeGk2TG9FOGdvdVRUMSt2dEhGRmlKblBaeWhPd3B0S2VyYTIvWWdaUC9GZU1TS0NCDQpxZGNjY2JISFpaQWhjWUdkcVFHR0ZyK2lWNDkyc3dEc3JiVGo0amZ4TTBZY3VocENoc0d3UDNCNXMyd0FwbkU5DQpyTVFxZlRyeEkvMjJTbkpDRWcrQmxqL1dXRVoxTVF4bG5WdmtoNG5JNk1YWlI1RDA5ekg0SWFWMDhPbjI5S1BNDQo3Smd4elpMQmQwVnR6YXpIUXh3V1dVNkluekE3bjUvUVh2VnFRYURYRk9LNUhRT0NvQkU4RzJGcW1sYkd2bnB5DQoxTFZXcDJxOEFrV2NFZ2xveWQzd1ZzT1pUbGQ5SGZUNDdzNG5rT2hlL0tFUDhhZDB2SlNla3pmenJJVT0NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCg== \ No newline at end of file diff --git a/base/secret/kustomization.yaml b/base/secret/kustomization.yaml index f2f90e9..ff7731a 100644 --- a/base/secret/kustomization.yaml +++ b/base/secret/kustomization.yaml @@ -1,3 +1,5 @@ resources: - juyoutech-docker-hub-secret.yaml - - juyou-docker-tcr-secret.yaml \ No newline at end of file + - juyou-docker-tcr-secret.yaml + - client-ca-secret.yaml + - server-tls-secret.yaml \ No newline at end of file diff --git a/base/secret/server-tls-secret.yaml b/base/secret/server-tls-secret.yaml new file mode 100644 index 0000000..ed71059 --- /dev/null +++ b/base/secret/server-tls-secret.yaml @@ -0,0 +1,10 @@ +# tls-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: server-tls-secret + namespace: ingress-nginx +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlESVRDQ0FnbWdBd0lCQWdJQkFqQU5CZ2txaGtpRzl3MEJBUXNGQURBd01SRXdEd1lEVlFRREV3aE5lVlJsDQpjM1JEUVRFTE1Ba0dBMVVFQmhNQ1EwNHhEakFNQmdOVkJBb1RCVTE1VDNKbk1CNFhEVEkxTURReE5URTROREUxDQpNMW9YRFRJMk1EUXhOVEU0TkRFMU0xb3dNVEVTTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVFzd0NRWURWUVFHDQpFd0pEVGpFT01Bd0dBMVVFQ2hNRlRYbFBjbWN3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLDQpBb0lCQVFDdDFOTkhhZTlvN2tUb2VKTnhSbi9oTWZ1YWdoREZaTkl3Z2QxTkZDL253Qm5lSnFSNFhaNnIyVDVSDQphTWprVkZ4bndERTJWRk9BV1NKdmI2dWVwcmtiYWZtVU94b3pHbTFmWVk4UmNqMmhiS2JOYXVQRjRsZFhXWmRwDQpkZ0RjWldNL09TL0lMNjB0NTJXem9JQ3VzRTlkR3RSU2daMERoMUliSTU1eENncVdWdysvMGtxUElXNTB2eHQ1DQpOMW1aZmpCN3Qveng2SEFReHlnT21zMW54YUM0Qlhnc09lbDVnVVFtOCtPUHY5TmV3aG51UkttZ04rd3hJVTBhDQpSeERoeWk3S2J0ek90SEpMZTY0TWRxVmh6b2ZheHg5Y3RENUJ0UkY3Y2Q5NSs1WXFYYTRqUE9rWWNIV3cwbVJ3DQp4UmwxSzBnQ0V5ek52NW9KbUdVdmEramxLcXYxQWdNQkFBR2pSVEJETUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQDQpCQVFEQWdXZ01CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQlFHQTFVZEVRUU5NQXVDQ1d4dlkyRnNhRzl6DQpkREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBWTdTMFdxN3Rud01RUHdpM29HczAyODUvVTI5TDFBT1lpci9RDQpPR0pVYlJ5NnBUL3ltTm5TOHVQMjFaMlNpdjl6QzhteTVlbGtwcElndWNHL2ljaERTNXJIMTNTRThadll1RXZrDQpwL3o3KzBOcFdVa2RiZTlWZHRNL2pIb2ViZUJZUlV5UEwzSzREVGZEalNKM0ZkK2daVU5ON0hKRWVjdTJtbnY4DQpnbnJYZEpWRytWTHplbnpEMmV1TFBNalh2dHlkSkVRZkpQQzJveU1vWDF4YjVCOEMzaCtXWXRyNjk0ZWQ4MTFHDQp6UUpNMWkvOXpsVmFRc1EwMXVabDZPTHlRSkFWQWZnWkpneFpJZy9mbExERVZQV2RRS2NQcHhTVUhlUGgyUTQvDQpmOUZHVENsbnhLVzBubEVRbWE4K1htQ1d4ZXhEbm9qaFRaMzZaRHB1T2lhR0llSkFoQT09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo= + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQ0KTUlJRW93SUJBQUtDQVFFQXJkVFRSMm52YU81RTZIaVRjVVovNFRIN21vSVF4V1RTTUlIZFRSUXY1OEFaM2lhaw0KZUYyZXE5aytVV2pJNUZSY1o4QXhObFJUZ0ZraWIyK3JucWE1RzJuNWxEc2FNeHB0WDJHUEVYSTlvV3lteldyag0KeGVKWFYxbVhhWFlBM0dWalB6a3Z5Qyt0TGVkbHM2Q0FyckJQWFJyVVVvR2RBNGRTR3lPZWNRb0tsbGNQdjlKSw0KanlGdWRMOGJlVGRabVg0d2U3Zjg4ZWh3RU1jb0Rwck5aOFdndUFWNExEbnBlWUZFSnZQamo3L1RYc0laN2tTcA0Kb0Rmc01TRk5Ha2NRNGNvdXltN2N6clJ5UzN1dURIYWxZYzZIMnNjZlhMUStRYlVSZTNIZmVmdVdLbDJ1SXp6cA0KR0hCMXNOSmtjTVVaZFN0SUFoTXN6YithQ1pobEwydm81U3FyOVFJREFRQUJBb0lCQUFJNWh0R3phS0c4YU92Yg0KdlRGV01HVktyVGhyUVRreGd1SWxpMVpFODU4QTdhUFM5VWhvRkZPSk5udTJ2bGx6dmZJQyt1NUIwb2JDUFVkVg0KVThvMlFvaTRDTDV0cWpac3VHa2YxOE9tcFdUSFBmUkRrYkl5NVNERVVBU0V3dHFQUHArc3hQQ0lNYXgwZVcvOA0KMWlER04ySE82ZGc3ZWUyMVllYmdoQkxZeU0xblB1OFk2cEhrZW8vd2k0RFNpNlEvMmlMWlNOS0hqdnhSUkM3Rw0KTTQ0OWxVM0JSTDd0UmlmYUNMUWtvZERXdTdBZ2JUeFFtbFVkdjh5ODV5UHB5dytGVWN3UGpMMXo4Mm92aStqYQ0Kb2t4MUpYVWxrOUt3eDBWVERHeVJUVE11WmtZV2l4VGljN1JVKzJwUDgvM2NpbXQ2ZlFsYlpBSm5PZTZSNlBJNA0KNUJDTDlKRUNnWUVBM3kwZEp2NUxuRG1wVklQRVZJQk5SRkJHQkk5OFdmR0cwWSszQVk4K2dXWVlySnhVWkhTbw0KRDAyUWJYbXNpN1FtYk95NHhkQTZjUXZsdVkyamVnRjhRYXJYVTNNZ01ldzllUHR0NldJc0xJUWc1cnlHeDVtSw0KanplZW9zdWl1VUNHQnlLeGFDek9MN2NnMDRrQUhNeWhFU2VXUjBHLzYzMTluaXN4bnliR01JVUNnWUVBeDJYUA0KYWF2VS91VEFvNnVtQUlHbk9veUhOUE5JbWJWRHNmaklZUFlxN3Y0ZkFNTStQR3BaNmhmdWYvQTJyVVVXdUUwMg0KaVhwYUk4Z0E3NDFGRG9CWnU0LzFUSGRmTHlsMTRWQ29pM0QyWkxYeFBMMlptUjFzbHEzUm9SbzE3ZTdicFFwTg0KTmx4dVBCNWNGc3lZYW5RNUxNQ1JGT3NUOCtTOTZSV0Zxa21Rb0xFQ2dZRUF5RHdCMitwc2pFNXZ6cFFxb21ZNg0KN1AvWTBsNnFnMGhnWGNWRHZQSjRja0RZQW9hQWNXRDVLRUcvUTNuWGhjQ3NlUzRxMmRCcG51Tzl5UzE3Ynd2Rw0KSUdUWHJOZXVHeHlLU3ZITE80b0plQ2RVSGJFb2ZBMFdkRWpDMiswNG9sMXg0eFVOZHhvOEpETjZFRkRxK092Zg0KMXpSZGNMRmRNRHYzYU9INE00TG1ic0VDZ1lCR0g3LzU0YnhlaUFSWGl4NHVQMnFZWktPSU02YnNwNXJQRkRjaw0KSW02bTdpZnBGTURtYm1DQXV6bmROSldHQ2k0YlVzeERQUXhHV1NnN0Z1dWFWZms0eFQvM1RHUGxLaWVTdmRNSQ0KZHdtd0VXeHRlQ0IwZ0t5WHNUbHY5cy9RaFpncFNwNHM2QVM4ajlEREUrRG1UMGxzTzZ6S05vSWwyK1FOL011dA0KUDRIbGdRS0JnRTRJa0cvMkc5K0h6Y1VCeGtPYnpwWlM4dG9KRzc3TmtwZjRkdm4wRm1nNFhZamNVZHZqOWF2Mw0KUm9LS2RHNE9KejJpdTVkanhhZFF3VEM2WkhLRFQ3eW03TEtOOEF3M0lTeHJsdzE2TlNSczgzczZ1SnMwbnJrUg0KTWZZZ0F2UVIwbVdNZFVpRVIyckJCcGZPaXZ2Ykg4UlpDM2l3VXFNSnNDREp6czB6UXE3NA0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0NCg== diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index bc51f03..6b7fd15 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -7,7 +7,16 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "10m" nginx.ingress.kubernetes.io/use-forwarded-headers: "true" nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/auth-tls-secret: "ingress-nginx/client-ca-secret" + nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" + nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2" + nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" spec: + tls: + - hosts: + - *.qq.com + - *.g2504.qq.com + secretName: server-tls-secret # 对应你的服务端 SSL Secret rules: - host: api.g2504.qq.com http: From 832d679cc5cb55a735e4328c9b67ad75abb78cdd Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 03:02:56 +0800 Subject: [PATCH 02/27] 1 --- gp2504/ingress.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index 6b7fd15..e7d7bd9 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -14,8 +14,10 @@ metadata: spec: tls: - hosts: - - *.qq.com - - *.g2504.qq.com + - api.g2504.qq.com + - h5.g2504.qq.com + - admin.g2504.qq.com + - agent.g2504.qq.com secretName: server-tls-secret # 对应你的服务端 SSL Secret rules: - host: api.g2504.qq.com From d8a8ceec1a1f747bae5af711923cf7635e74f64d Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 03:20:22 +0800 Subject: [PATCH 03/27] 1 --- gp2504/ingress.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index e7d7bd9..8816211 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -11,6 +11,8 @@ metadata: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2" nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: From 39a1fe921be8b380044ff54382bb3147d33cb5b4 Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 03:46:36 +0800 Subject: [PATCH 04/27] 1 --- .gitignore | 1 + base/secret/client-ca-secret.yaml | 8 -------- base/secret/server-tls-secret.yaml | 10 ---------- base/tls/kustomization.yaml | 2 +- base/tls/kx33-cert.yaml | 8 ++++++++ base/tls/kx33-net-cert.yaml | 7 ------- gp2504/ingress.yaml | 2 +- 7 files changed, 11 insertions(+), 27 deletions(-) create mode 100644 .gitignore delete mode 100644 base/secret/client-ca-secret.yaml delete mode 100644 base/secret/server-tls-secret.yaml create mode 100644 base/tls/kx33-cert.yaml delete mode 100644 base/tls/kx33-net-cert.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..757fee3 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/.idea \ No newline at end of file diff --git a/base/secret/client-ca-secret.yaml b/base/secret/client-ca-secret.yaml deleted file mode 100644 index f8a2443..0000000 --- a/base/secret/client-ca-secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: client-ca-secret - namespace: ingress-nginx -type: Opaque -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlDK0RDQ0FlQ2dBd0lCQWdJQkFUQU5CZ2txaGtpRzl3MEJBUXNGQURBd01SRXdEd1lEVlFRREV3aE5lVlJsDQpjM1JEUVRFTE1Ba0dBMVVFQmhNQ1EwNHhEakFNQmdOVkJBb1RCVTE1VDNKbk1CNFhEVEkxTURReE5URTROREUxDQpNMW9YRFRJMk1EUXhOVEU0TkRFMU0xb3dNREVSTUE4R0ExVUVBeE1JVFhsVVpYTjBRMEV4Q3pBSkJnTlZCQVlUDQpBa05PTVE0d0RBWURWUVFLRXdWTmVVOXlaekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DDQpnZ0VCQUt0TEVSRFB5cnZTbDBmamtFWUVLMHFUTUEzTUZHUEg0RU96V1RFNERZVFJRRHBnTmlkZ2VFYWYwUzZKDQpDSFNsM0VrQTJFeEx3U0gyQUh5MUxxd3NwblVyNVVkWENIUXZEVFNKZWcrSGovZ054b3dBakZlMVgzclRhTWtjDQpRZDg0aHNiTExMQndjankwQUhmbXJ3eXJuN1B6d3RHb1dJZTJ0Y3BkRVpiWXVZR0tLOWk4YmsrT2xUeFFoYlBYDQpNM1pNNEFLc2NMUXZDNEpnaGZNc2JNZWtITThOSnV5V3dYSmV5MzFIRXRNK3JjZWJPRkFTRnVFMkhkMTVubVJpDQo5RjBVNnJEYWVrMjRsT2c0RDk3R2NTUVpvczRydklxV280aVo0Z2Q3dHNVRnFFaG1CTTQvNElISmV0elFQc0tODQpNbWh5L2wyZHNheDJFaVRmbVVQNVNsNkltOU1DQXdFQUFhTWRNQnN3REFZRFZSMFRCQVV3QXdFQi96QUxCZ05WDQpIUThFQkFNQ0FvUXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSVFDanRLS0NLdnFkTG8yUXN5Y0VYMmRoTVVpDQoxbWU3bFIyMmgzc0NONitKeGk2TG9FOGdvdVRUMSt2dEhGRmlKblBaeWhPd3B0S2VyYTIvWWdaUC9GZU1TS0NCDQpxZGNjY2JISFpaQWhjWUdkcVFHR0ZyK2lWNDkyc3dEc3JiVGo0amZ4TTBZY3VocENoc0d3UDNCNXMyd0FwbkU5DQpyTVFxZlRyeEkvMjJTbkpDRWcrQmxqL1dXRVoxTVF4bG5WdmtoNG5JNk1YWlI1RDA5ekg0SWFWMDhPbjI5S1BNDQo3Smd4elpMQmQwVnR6YXpIUXh3V1dVNkluekE3bjUvUVh2VnFRYURYRk9LNUhRT0NvQkU4RzJGcW1sYkd2bnB5DQoxTFZXcDJxOEFrV2NFZ2xveWQzd1ZzT1pUbGQ5SGZUNDdzNG5rT2hlL0tFUDhhZDB2SlNla3pmenJJVT0NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCg== \ No newline at end of file diff --git a/base/secret/server-tls-secret.yaml b/base/secret/server-tls-secret.yaml deleted file mode 100644 index ed71059..0000000 --- a/base/secret/server-tls-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# tls-secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: server-tls-secret - namespace: ingress-nginx -type: kubernetes.io/tls -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlESVRDQ0FnbWdBd0lCQWdJQkFqQU5CZ2txaGtpRzl3MEJBUXNGQURBd01SRXdEd1lEVlFRREV3aE5lVlJsDQpjM1JEUVRFTE1Ba0dBMVVFQmhNQ1EwNHhEakFNQmdOVkJBb1RCVTE1VDNKbk1CNFhEVEkxTURReE5URTROREUxDQpNMW9YRFRJMk1EUXhOVEU0TkRFMU0xb3dNVEVTTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVFzd0NRWURWUVFHDQpFd0pEVGpFT01Bd0dBMVVFQ2hNRlRYbFBjbWN3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLDQpBb0lCQVFDdDFOTkhhZTlvN2tUb2VKTnhSbi9oTWZ1YWdoREZaTkl3Z2QxTkZDL253Qm5lSnFSNFhaNnIyVDVSDQphTWprVkZ4bndERTJWRk9BV1NKdmI2dWVwcmtiYWZtVU94b3pHbTFmWVk4UmNqMmhiS2JOYXVQRjRsZFhXWmRwDQpkZ0RjWldNL09TL0lMNjB0NTJXem9JQ3VzRTlkR3RSU2daMERoMUliSTU1eENncVdWdysvMGtxUElXNTB2eHQ1DQpOMW1aZmpCN3Qveng2SEFReHlnT21zMW54YUM0Qlhnc09lbDVnVVFtOCtPUHY5TmV3aG51UkttZ04rd3hJVTBhDQpSeERoeWk3S2J0ek90SEpMZTY0TWRxVmh6b2ZheHg5Y3RENUJ0UkY3Y2Q5NSs1WXFYYTRqUE9rWWNIV3cwbVJ3DQp4UmwxSzBnQ0V5ek52NW9KbUdVdmEramxLcXYxQWdNQkFBR2pSVEJETUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQDQpCQVFEQWdXZ01CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQlFHQTFVZEVRUU5NQXVDQ1d4dlkyRnNhRzl6DQpkREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBWTdTMFdxN3Rud01RUHdpM29HczAyODUvVTI5TDFBT1lpci9RDQpPR0pVYlJ5NnBUL3ltTm5TOHVQMjFaMlNpdjl6QzhteTVlbGtwcElndWNHL2ljaERTNXJIMTNTRThadll1RXZrDQpwL3o3KzBOcFdVa2RiZTlWZHRNL2pIb2ViZUJZUlV5UEwzSzREVGZEalNKM0ZkK2daVU5ON0hKRWVjdTJtbnY4DQpnbnJYZEpWRytWTHplbnpEMmV1TFBNalh2dHlkSkVRZkpQQzJveU1vWDF4YjVCOEMzaCtXWXRyNjk0ZWQ4MTFHDQp6UUpNMWkvOXpsVmFRc1EwMXVabDZPTHlRSkFWQWZnWkpneFpJZy9mbExERVZQV2RRS2NQcHhTVUhlUGgyUTQvDQpmOUZHVENsbnhLVzBubEVRbWE4K1htQ1d4ZXhEbm9qaFRaMzZaRHB1T2lhR0llSkFoQT09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo= - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQ0KTUlJRW93SUJBQUtDQVFFQXJkVFRSMm52YU81RTZIaVRjVVovNFRIN21vSVF4V1RTTUlIZFRSUXY1OEFaM2lhaw0KZUYyZXE5aytVV2pJNUZSY1o4QXhObFJUZ0ZraWIyK3JucWE1RzJuNWxEc2FNeHB0WDJHUEVYSTlvV3lteldyag0KeGVKWFYxbVhhWFlBM0dWalB6a3Z5Qyt0TGVkbHM2Q0FyckJQWFJyVVVvR2RBNGRTR3lPZWNRb0tsbGNQdjlKSw0KanlGdWRMOGJlVGRabVg0d2U3Zjg4ZWh3RU1jb0Rwck5aOFdndUFWNExEbnBlWUZFSnZQamo3L1RYc0laN2tTcA0Kb0Rmc01TRk5Ha2NRNGNvdXltN2N6clJ5UzN1dURIYWxZYzZIMnNjZlhMUStRYlVSZTNIZmVmdVdLbDJ1SXp6cA0KR0hCMXNOSmtjTVVaZFN0SUFoTXN6YithQ1pobEwydm81U3FyOVFJREFRQUJBb0lCQUFJNWh0R3phS0c4YU92Yg0KdlRGV01HVktyVGhyUVRreGd1SWxpMVpFODU4QTdhUFM5VWhvRkZPSk5udTJ2bGx6dmZJQyt1NUIwb2JDUFVkVg0KVThvMlFvaTRDTDV0cWpac3VHa2YxOE9tcFdUSFBmUkRrYkl5NVNERVVBU0V3dHFQUHArc3hQQ0lNYXgwZVcvOA0KMWlER04ySE82ZGc3ZWUyMVllYmdoQkxZeU0xblB1OFk2cEhrZW8vd2k0RFNpNlEvMmlMWlNOS0hqdnhSUkM3Rw0KTTQ0OWxVM0JSTDd0UmlmYUNMUWtvZERXdTdBZ2JUeFFtbFVkdjh5ODV5UHB5dytGVWN3UGpMMXo4Mm92aStqYQ0Kb2t4MUpYVWxrOUt3eDBWVERHeVJUVE11WmtZV2l4VGljN1JVKzJwUDgvM2NpbXQ2ZlFsYlpBSm5PZTZSNlBJNA0KNUJDTDlKRUNnWUVBM3kwZEp2NUxuRG1wVklQRVZJQk5SRkJHQkk5OFdmR0cwWSszQVk4K2dXWVlySnhVWkhTbw0KRDAyUWJYbXNpN1FtYk95NHhkQTZjUXZsdVkyamVnRjhRYXJYVTNNZ01ldzllUHR0NldJc0xJUWc1cnlHeDVtSw0KanplZW9zdWl1VUNHQnlLeGFDek9MN2NnMDRrQUhNeWhFU2VXUjBHLzYzMTluaXN4bnliR01JVUNnWUVBeDJYUA0KYWF2VS91VEFvNnVtQUlHbk9veUhOUE5JbWJWRHNmaklZUFlxN3Y0ZkFNTStQR3BaNmhmdWYvQTJyVVVXdUUwMg0KaVhwYUk4Z0E3NDFGRG9CWnU0LzFUSGRmTHlsMTRWQ29pM0QyWkxYeFBMMlptUjFzbHEzUm9SbzE3ZTdicFFwTg0KTmx4dVBCNWNGc3lZYW5RNUxNQ1JGT3NUOCtTOTZSV0Zxa21Rb0xFQ2dZRUF5RHdCMitwc2pFNXZ6cFFxb21ZNg0KN1AvWTBsNnFnMGhnWGNWRHZQSjRja0RZQW9hQWNXRDVLRUcvUTNuWGhjQ3NlUzRxMmRCcG51Tzl5UzE3Ynd2Rw0KSUdUWHJOZXVHeHlLU3ZITE80b0plQ2RVSGJFb2ZBMFdkRWpDMiswNG9sMXg0eFVOZHhvOEpETjZFRkRxK092Zg0KMXpSZGNMRmRNRHYzYU9INE00TG1ic0VDZ1lCR0g3LzU0YnhlaUFSWGl4NHVQMnFZWktPSU02YnNwNXJQRkRjaw0KSW02bTdpZnBGTURtYm1DQXV6bmROSldHQ2k0YlVzeERQUXhHV1NnN0Z1dWFWZms0eFQvM1RHUGxLaWVTdmRNSQ0KZHdtd0VXeHRlQ0IwZ0t5WHNUbHY5cy9RaFpncFNwNHM2QVM4ajlEREUrRG1UMGxzTzZ6S05vSWwyK1FOL011dA0KUDRIbGdRS0JnRTRJa0cvMkc5K0h6Y1VCeGtPYnpwWlM4dG9KRzc3TmtwZjRkdm4wRm1nNFhZamNVZHZqOWF2Mw0KUm9LS2RHNE9KejJpdTVkanhhZFF3VEM2WkhLRFQ3eW03TEtOOEF3M0lTeHJsdzE2TlNSczgzczZ1SnMwbnJrUg0KTWZZZ0F2UVIwbVdNZFVpRVIyckJCcGZPaXZ2Ykg4UlpDM2l3VXFNSnNDREp6czB6UXE3NA0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0NCg== diff --git a/base/tls/kustomization.yaml b/base/tls/kustomization.yaml index 38ff8e6..f172f01 100644 --- a/base/tls/kustomization.yaml +++ b/base/tls/kustomization.yaml @@ -1,2 +1,2 @@ resources: - - kx33-net-cert.yaml \ No newline at end of file + - kx33-cert.yaml \ No newline at end of file diff --git a/base/tls/kx33-cert.yaml b/base/tls/kx33-cert.yaml new file mode 100644 index 0000000..5f8335d --- /dev/null +++ b/base/tls/kx33-cert.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +stringData: + qcloud_cert_id: NVLniB9q ## 证书ID + qcloud_ca_cert_id: NVLg94ze ## CA证书ID +kind: Secret +metadata: + name: kx33-cert +type: Opaque \ No newline at end of file diff --git a/base/tls/kx33-net-cert.yaml b/base/tls/kx33-net-cert.yaml deleted file mode 100644 index 303de47..0000000 --- a/base/tls/kx33-net-cert.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -stringData: - qcloud_cert_id: ESqefc6J -kind: Secret -metadata: - name: kx33-net-cert -type: Opaque \ No newline at end of file diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index 8816211..8006f03 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -20,7 +20,7 @@ spec: - h5.g2504.qq.com - admin.g2504.qq.com - agent.g2504.qq.com - secretName: server-tls-secret # 对应你的服务端 SSL Secret + secretName: kx33-cert # 对应你的服务端 SSL Secret rules: - host: api.g2504.qq.com http: From de578503a69dbcb79414bab78f70e3a5d2bf644e Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 03:47:27 +0800 Subject: [PATCH 05/27] 1 --- base/secret/kustomization.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/base/secret/kustomization.yaml b/base/secret/kustomization.yaml index ff7731a..f2f90e9 100644 --- a/base/secret/kustomization.yaml +++ b/base/secret/kustomization.yaml @@ -1,5 +1,3 @@ resources: - juyoutech-docker-hub-secret.yaml - - juyou-docker-tcr-secret.yaml - - client-ca-secret.yaml - - server-tls-secret.yaml \ No newline at end of file + - juyou-docker-tcr-secret.yaml \ No newline at end of file From e616bb4edded55703be66f9a31ae21a680f6ea3e Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 03:51:10 +0800 Subject: [PATCH 06/27] 1 --- gp2504/ingress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index 8006f03..384ca61 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -7,7 +7,7 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "10m" nginx.ingress.kubernetes.io/use-forwarded-headers: "true" nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/auth-tls-secret: "ingress-nginx/client-ca-secret" + nginx.ingress.kubernetes.io/auth-tls-secret: "ingress-nginx/kx33-cert" nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2" nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" From b8d561d8c2c8e3aa2baf15f7b82dbf0c568d3397 Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 03:52:23 +0800 Subject: [PATCH 07/27] 1 --- base/tls/kx33-cert.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/base/tls/kx33-cert.yaml b/base/tls/kx33-cert.yaml index 5f8335d..311f948 100644 --- a/base/tls/kx33-cert.yaml +++ b/base/tls/kx33-cert.yaml @@ -1,7 +1,7 @@ apiVersion: v1 stringData: - qcloud_cert_id: NVLniB9q ## 证书ID - qcloud_ca_cert_id: NVLg94ze ## CA证书ID + qcloud_cert_id: NVLniB9q + qcloud_ca_cert_id: NVLg94ze kind: Secret metadata: name: kx33-cert From e0befa7fedf72092d370d260b1b3cc4e5c8a4301 Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 03:56:08 +0800 Subject: [PATCH 08/27] 1 --- gp2504/ingress.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index 384ca61..d3169d4 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -7,19 +7,19 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "10m" nginx.ingress.kubernetes.io/use-forwarded-headers: "true" nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/auth-tls-secret: "ingress-nginx/kx33-cert" - nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" - nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2" - nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + # nginx.ingress.kubernetes.io/auth-tls-secret: "ingress-nginx/kx33-cert" + # nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" + # nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2" + # nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: - - api.g2504.qq.com + # - api.g2504.qq.com - h5.g2504.qq.com - - admin.g2504.qq.com - - agent.g2504.qq.com + # - admin.g2504.qq.com + # - agent.g2504.qq.com secretName: kx33-cert # 对应你的服务端 SSL Secret rules: - host: api.g2504.qq.com From 7d9fb322f347650781958c31cfca82fe8a517f43 Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 03:58:51 +0800 Subject: [PATCH 09/27] 1 --- gp2504/ingress.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index d3169d4..7479372 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -14,13 +14,13 @@ metadata: # nginx.ingress.kubernetes.io/ssl-redirect: "true" # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: - tls: - - hosts: + #tls: + #- hosts: # - api.g2504.qq.com - - h5.g2504.qq.com + # - h5.g2504.qq.com # - admin.g2504.qq.com # - agent.g2504.qq.com - secretName: kx33-cert # 对应你的服务端 SSL Secret + #secretName: kx33-cert # 对应你的服务端 SSL Secret rules: - host: api.g2504.qq.com http: From 280b572a738d99d1d6777d310716a1fd31e16b7f Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 03:59:45 +0800 Subject: [PATCH 10/27] 1 --- gp2504/ingress.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index 7479372..6cd98ee 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -14,9 +14,9 @@ metadata: # nginx.ingress.kubernetes.io/ssl-redirect: "true" # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: - #tls: - #- hosts: - # - api.g2504.qq.com + tls: + - hosts: + - api.g2504.qq.com # - h5.g2504.qq.com # - admin.g2504.qq.com # - agent.g2504.qq.com From 2661c68bc0caa911979005b8c63d36e0fe445008 Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 04:16:10 +0800 Subject: [PATCH 11/27] 1 --- gp2504/ingress.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index 6cd98ee..9351d4b 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -7,20 +7,20 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "10m" nginx.ingress.kubernetes.io/use-forwarded-headers: "true" nginx.ingress.kubernetes.io/rewrite-target: / - # nginx.ingress.kubernetes.io/auth-tls-secret: "ingress-nginx/kx33-cert" - # nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" - # nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2" - # nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" - # nginx.ingress.kubernetes.io/ssl-redirect: "true" - # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/auth-tls-secret: "ingress-nginx/kx33-cert" + nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" + nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2" + nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: - api.g2504.qq.com - # - h5.g2504.qq.com - # - admin.g2504.qq.com - # - agent.g2504.qq.com - #secretName: kx33-cert # 对应你的服务端 SSL Secret + - h5.g2504.qq.com + - admin.g2504.qq.com + - agent.g2504.qq.com + secretName: kx33-cert # 对应你的服务端 SSL Secret rules: - host: api.g2504.qq.com http: From 1e631fb67dfc07d9348916fc92407be4b1f6823f Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 04:17:20 +0800 Subject: [PATCH 12/27] 1 --- gp2504/ingress.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index 9351d4b..384ca61 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -16,10 +16,10 @@ metadata: spec: tls: - hosts: - - api.g2504.qq.com - - h5.g2504.qq.com - - admin.g2504.qq.com - - agent.g2504.qq.com + - api.g2504.qq.com + - h5.g2504.qq.com + - admin.g2504.qq.com + - agent.g2504.qq.com secretName: kx33-cert # 对应你的服务端 SSL Secret rules: - host: api.g2504.qq.com From 3d9d7bb76e7c9cd7a15e9452875c8f3b921baeca Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 04:21:06 +0800 Subject: [PATCH 13/27] 1 --- base/tls/ca-secret.yaml | 8 ++++++++ base/tls/kustomization.yaml | 4 +++- base/tls/tls-secret.yaml | 9 +++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 base/tls/ca-secret.yaml create mode 100644 base/tls/tls-secret.yaml diff --git a/base/tls/ca-secret.yaml b/base/tls/ca-secret.yaml new file mode 100644 index 0000000..ec1b3b8 --- /dev/null +++ b/base/tls/ca-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ca-secret + namespace: ingress-nginx +type: Opaque +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlDK0RDQ0FlQ2dBd0lCQWdJQkFUQU5CZ2txaGtpRzl3MEJBUXNGQURBd01SRXdEd1lEVlFRREV3aE5lVlJsDQpjM1JEUVRFTE1Ba0dBMVVFQmhNQ1EwNHhEakFNQmdOVkJBb1RCVTE1VDNKbk1CNFhEVEkxTURReE5URTROREUxDQpNMW9YRFRJMk1EUXhOVEU0TkRFMU0xb3dNREVSTUE4R0ExVUVBeE1JVFhsVVpYTjBRMEV4Q3pBSkJnTlZCQVlUDQpBa05PTVE0d0RBWURWUVFLRXdWTmVVOXlaekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DDQpnZ0VCQUt0TEVSRFB5cnZTbDBmamtFWUVLMHFUTUEzTUZHUEg0RU96V1RFNERZVFJRRHBnTmlkZ2VFYWYwUzZKDQpDSFNsM0VrQTJFeEx3U0gyQUh5MUxxd3NwblVyNVVkWENIUXZEVFNKZWcrSGovZ054b3dBakZlMVgzclRhTWtjDQpRZDg0aHNiTExMQndjankwQUhmbXJ3eXJuN1B6d3RHb1dJZTJ0Y3BkRVpiWXVZR0tLOWk4YmsrT2xUeFFoYlBYDQpNM1pNNEFLc2NMUXZDNEpnaGZNc2JNZWtITThOSnV5V3dYSmV5MzFIRXRNK3JjZWJPRkFTRnVFMkhkMTVubVJpDQo5RjBVNnJEYWVrMjRsT2c0RDk3R2NTUVpvczRydklxV280aVo0Z2Q3dHNVRnFFaG1CTTQvNElISmV0elFQc0tODQpNbWh5L2wyZHNheDJFaVRmbVVQNVNsNkltOU1DQXdFQUFhTWRNQnN3REFZRFZSMFRCQVV3QXdFQi96QUxCZ05WDQpIUThFQkFNQ0FvUXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSVFDanRLS0NLdnFkTG8yUXN5Y0VYMmRoTVVpDQoxbWU3bFIyMmgzc0NONitKeGk2TG9FOGdvdVRUMSt2dEhGRmlKblBaeWhPd3B0S2VyYTIvWWdaUC9GZU1TS0NCDQpxZGNjY2JISFpaQWhjWUdkcVFHR0ZyK2lWNDkyc3dEc3JiVGo0amZ4TTBZY3VocENoc0d3UDNCNXMyd0FwbkU5DQpyTVFxZlRyeEkvMjJTbkpDRWcrQmxqL1dXRVoxTVF4bG5WdmtoNG5JNk1YWlI1RDA5ekg0SWFWMDhPbjI5S1BNDQo3Smd4elpMQmQwVnR6YXpIUXh3V1dVNkluekE3bjUvUVh2VnFRYURYRk9LNUhRT0NvQkU4RzJGcW1sYkd2bnB5DQoxTFZXcDJxOEFrV2NFZ2xveWQzd1ZzT1pUbGQ5SGZUNDdzNG5rT2hlL0tFUDhhZDB2SlNla3pmenJJVT0NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCg== \ No newline at end of file diff --git a/base/tls/kustomization.yaml b/base/tls/kustomization.yaml index f172f01..caf4622 100644 --- a/base/tls/kustomization.yaml +++ b/base/tls/kustomization.yaml @@ -1,2 +1,4 @@ resources: - - kx33-cert.yaml \ No newline at end of file + - kx33-cert.yaml + - ca-secret.yaml + - tls-secret.yaml \ No newline at end of file diff --git a/base/tls/tls-secret.yaml b/base/tls/tls-secret.yaml new file mode 100644 index 0000000..0beadbc --- /dev/null +++ b/base/tls/tls-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: tls-secret + namespace: ingress-nginx +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlESVRDQ0FnbWdBd0lCQWdJQkFqQU5CZ2txaGtpRzl3MEJBUXNGQURBd01SRXdEd1lEVlFRREV3aE5lVlJsDQpjM1JEUVRFTE1Ba0dBMVVFQmhNQ1EwNHhEakFNQmdOVkJBb1RCVTE1VDNKbk1CNFhEVEkxTURReE5URTROREUxDQpNMW9YRFRJMk1EUXhOVEU0TkRFMU0xb3dNVEVTTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVFzd0NRWURWUVFHDQpFd0pEVGpFT01Bd0dBMVVFQ2hNRlRYbFBjbWN3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLDQpBb0lCQVFDdDFOTkhhZTlvN2tUb2VKTnhSbi9oTWZ1YWdoREZaTkl3Z2QxTkZDL253Qm5lSnFSNFhaNnIyVDVSDQphTWprVkZ4bndERTJWRk9BV1NKdmI2dWVwcmtiYWZtVU94b3pHbTFmWVk4UmNqMmhiS2JOYXVQRjRsZFhXWmRwDQpkZ0RjWldNL09TL0lMNjB0NTJXem9JQ3VzRTlkR3RSU2daMERoMUliSTU1eENncVdWdysvMGtxUElXNTB2eHQ1DQpOMW1aZmpCN3Qveng2SEFReHlnT21zMW54YUM0Qlhnc09lbDVnVVFtOCtPUHY5TmV3aG51UkttZ04rd3hJVTBhDQpSeERoeWk3S2J0ek90SEpMZTY0TWRxVmh6b2ZheHg5Y3RENUJ0UkY3Y2Q5NSs1WXFYYTRqUE9rWWNIV3cwbVJ3DQp4UmwxSzBnQ0V5ek52NW9KbUdVdmEramxLcXYxQWdNQkFBR2pSVEJETUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQDQpCQVFEQWdXZ01CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQlFHQTFVZEVRUU5NQXVDQ1d4dlkyRnNhRzl6DQpkREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBWTdTMFdxN3Rud01RUHdpM29HczAyODUvVTI5TDFBT1lpci9RDQpPR0pVYlJ5NnBUL3ltTm5TOHVQMjFaMlNpdjl6QzhteTVlbGtwcElndWNHL2ljaERTNXJIMTNTRThadll1RXZrDQpwL3o3KzBOcFdVa2RiZTlWZHRNL2pIb2ViZUJZUlV5UEwzSzREVGZEalNKM0ZkK2daVU5ON0hKRWVjdTJtbnY4DQpnbnJYZEpWRytWTHplbnpEMmV1TFBNalh2dHlkSkVRZkpQQzJveU1vWDF4YjVCOEMzaCtXWXRyNjk0ZWQ4MTFHDQp6UUpNMWkvOXpsVmFRc1EwMXVabDZPTHlRSkFWQWZnWkpneFpJZy9mbExERVZQV2RRS2NQcHhTVUhlUGgyUTQvDQpmOUZHVENsbnhLVzBubEVRbWE4K1htQ1d4ZXhEbm9qaFRaMzZaRHB1T2lhR0llSkFoQT09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo= + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQ0KTUlJRW93SUJBQUtDQVFFQXJkVFRSMm52YU81RTZIaVRjVVovNFRIN21vSVF4V1RTTUlIZFRSUXY1OEFaM2lhaw0KZUYyZXE5aytVV2pJNUZSY1o4QXhObFJUZ0ZraWIyK3JucWE1RzJuNWxEc2FNeHB0WDJHUEVYSTlvV3lteldyag0KeGVKWFYxbVhhWFlBM0dWalB6a3Z5Qyt0TGVkbHM2Q0FyckJQWFJyVVVvR2RBNGRTR3lPZWNRb0tsbGNQdjlKSw0KanlGdWRMOGJlVGRabVg0d2U3Zjg4ZWh3RU1jb0Rwck5aOFdndUFWNExEbnBlWUZFSnZQamo3L1RYc0laN2tTcA0Kb0Rmc01TRk5Ha2NRNGNvdXltN2N6clJ5UzN1dURIYWxZYzZIMnNjZlhMUStRYlVSZTNIZmVmdVdLbDJ1SXp6cA0KR0hCMXNOSmtjTVVaZFN0SUFoTXN6YithQ1pobEwydm81U3FyOVFJREFRQUJBb0lCQUFJNWh0R3phS0c4YU92Yg0KdlRGV01HVktyVGhyUVRreGd1SWxpMVpFODU4QTdhUFM5VWhvRkZPSk5udTJ2bGx6dmZJQyt1NUIwb2JDUFVkVg0KVThvMlFvaTRDTDV0cWpac3VHa2YxOE9tcFdUSFBmUkRrYkl5NVNERVVBU0V3dHFQUHArc3hQQ0lNYXgwZVcvOA0KMWlER04ySE82ZGc3ZWUyMVllYmdoQkxZeU0xblB1OFk2cEhrZW8vd2k0RFNpNlEvMmlMWlNOS0hqdnhSUkM3Rw0KTTQ0OWxVM0JSTDd0UmlmYUNMUWtvZERXdTdBZ2JUeFFtbFVkdjh5ODV5UHB5dytGVWN3UGpMMXo4Mm92aStqYQ0Kb2t4MUpYVWxrOUt3eDBWVERHeVJUVE11WmtZV2l4VGljN1JVKzJwUDgvM2NpbXQ2ZlFsYlpBSm5PZTZSNlBJNA0KNUJDTDlKRUNnWUVBM3kwZEp2NUxuRG1wVklQRVZJQk5SRkJHQkk5OFdmR0cwWSszQVk4K2dXWVlySnhVWkhTbw0KRDAyUWJYbXNpN1FtYk95NHhkQTZjUXZsdVkyamVnRjhRYXJYVTNNZ01ldzllUHR0NldJc0xJUWc1cnlHeDVtSw0KanplZW9zdWl1VUNHQnlLeGFDek9MN2NnMDRrQUhNeWhFU2VXUjBHLzYzMTluaXN4bnliR01JVUNnWUVBeDJYUA0KYWF2VS91VEFvNnVtQUlHbk9veUhOUE5JbWJWRHNmaklZUFlxN3Y0ZkFNTStQR3BaNmhmdWYvQTJyVVVXdUUwMg0KaVhwYUk4Z0E3NDFGRG9CWnU0LzFUSGRmTHlsMTRWQ29pM0QyWkxYeFBMMlptUjFzbHEzUm9SbzE3ZTdicFFwTg0KTmx4dVBCNWNGc3lZYW5RNUxNQ1JGT3NUOCtTOTZSV0Zxa21Rb0xFQ2dZRUF5RHdCMitwc2pFNXZ6cFFxb21ZNg0KN1AvWTBsNnFnMGhnWGNWRHZQSjRja0RZQW9hQWNXRDVLRUcvUTNuWGhjQ3NlUzRxMmRCcG51Tzl5UzE3Ynd2Rw0KSUdUWHJOZXVHeHlLU3ZITE80b0plQ2RVSGJFb2ZBMFdkRWpDMiswNG9sMXg0eFVOZHhvOEpETjZFRkRxK092Zg0KMXpSZGNMRmRNRHYzYU9INE00TG1ic0VDZ1lCR0g3LzU0YnhlaUFSWGl4NHVQMnFZWktPSU02YnNwNXJQRkRjaw0KSW02bTdpZnBGTURtYm1DQXV6bmROSldHQ2k0YlVzeERQUXhHV1NnN0Z1dWFWZms0eFQvM1RHUGxLaWVTdmRNSQ0KZHdtd0VXeHRlQ0IwZ0t5WHNUbHY5cy9RaFpncFNwNHM2QVM4ajlEREUrRG1UMGxzTzZ6S05vSWwyK1FOL011dA0KUDRIbGdRS0JnRTRJa0cvMkc5K0h6Y1VCeGtPYnpwWlM4dG9KRzc3TmtwZjRkdm4wRm1nNFhZamNVZHZqOWF2Mw0KUm9LS2RHNE9KejJpdTVkanhhZFF3VEM2WkhLRFQ3eW03TEtOOEF3M0lTeHJsdzE2TlNSczgzczZ1SnMwbnJrUg0KTWZZZ0F2UVIwbVdNZFVpRVIyckJCcGZPaXZ2Ykg4UlpDM2l3VXFNSnNDREp6czB6UXE3NA0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0NCg== From 6060eda9a8eb1808f808e27b1c29f892f5d3c32a Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 04:21:47 +0800 Subject: [PATCH 14/27] 1 --- gp2504/ingress.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index 384ca61..7b637ea 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -7,7 +7,7 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "10m" nginx.ingress.kubernetes.io/use-forwarded-headers: "true" nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/auth-tls-secret: "ingress-nginx/kx33-cert" + nginx.ingress.kubernetes.io/auth-tls-secret: "ingress-nginx/ca-secret" nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2" nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" @@ -20,7 +20,7 @@ spec: - h5.g2504.qq.com - admin.g2504.qq.com - agent.g2504.qq.com - secretName: kx33-cert # 对应你的服务端 SSL Secret + secretName: tls-secret rules: - host: api.g2504.qq.com http: From 45a1f86e1a19886c550d30dfd9a82b41d7a9213b Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 04:23:43 +0800 Subject: [PATCH 15/27] 1 --- base/tls/ca-secret.yaml | 1 - base/tls/tls-secret.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/base/tls/ca-secret.yaml b/base/tls/ca-secret.yaml index ec1b3b8..91030c6 100644 --- a/base/tls/ca-secret.yaml +++ b/base/tls/ca-secret.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: Secret metadata: name: ca-secret - namespace: ingress-nginx type: Opaque data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlDK0RDQ0FlQ2dBd0lCQWdJQkFUQU5CZ2txaGtpRzl3MEJBUXNGQURBd01SRXdEd1lEVlFRREV3aE5lVlJsDQpjM1JEUVRFTE1Ba0dBMVVFQmhNQ1EwNHhEakFNQmdOVkJBb1RCVTE1VDNKbk1CNFhEVEkxTURReE5URTROREUxDQpNMW9YRFRJMk1EUXhOVEU0TkRFMU0xb3dNREVSTUE4R0ExVUVBeE1JVFhsVVpYTjBRMEV4Q3pBSkJnTlZCQVlUDQpBa05PTVE0d0RBWURWUVFLRXdWTmVVOXlaekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DDQpnZ0VCQUt0TEVSRFB5cnZTbDBmamtFWUVLMHFUTUEzTUZHUEg0RU96V1RFNERZVFJRRHBnTmlkZ2VFYWYwUzZKDQpDSFNsM0VrQTJFeEx3U0gyQUh5MUxxd3NwblVyNVVkWENIUXZEVFNKZWcrSGovZ054b3dBakZlMVgzclRhTWtjDQpRZDg0aHNiTExMQndjankwQUhmbXJ3eXJuN1B6d3RHb1dJZTJ0Y3BkRVpiWXVZR0tLOWk4YmsrT2xUeFFoYlBYDQpNM1pNNEFLc2NMUXZDNEpnaGZNc2JNZWtITThOSnV5V3dYSmV5MzFIRXRNK3JjZWJPRkFTRnVFMkhkMTVubVJpDQo5RjBVNnJEYWVrMjRsT2c0RDk3R2NTUVpvczRydklxV280aVo0Z2Q3dHNVRnFFaG1CTTQvNElISmV0elFQc0tODQpNbWh5L2wyZHNheDJFaVRmbVVQNVNsNkltOU1DQXdFQUFhTWRNQnN3REFZRFZSMFRCQVV3QXdFQi96QUxCZ05WDQpIUThFQkFNQ0FvUXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSVFDanRLS0NLdnFkTG8yUXN5Y0VYMmRoTVVpDQoxbWU3bFIyMmgzc0NONitKeGk2TG9FOGdvdVRUMSt2dEhGRmlKblBaeWhPd3B0S2VyYTIvWWdaUC9GZU1TS0NCDQpxZGNjY2JISFpaQWhjWUdkcVFHR0ZyK2lWNDkyc3dEc3JiVGo0amZ4TTBZY3VocENoc0d3UDNCNXMyd0FwbkU5DQpyTVFxZlRyeEkvMjJTbkpDRWcrQmxqL1dXRVoxTVF4bG5WdmtoNG5JNk1YWlI1RDA5ekg0SWFWMDhPbjI5S1BNDQo3Smd4elpMQmQwVnR6YXpIUXh3V1dVNkluekE3bjUvUVh2VnFRYURYRk9LNUhRT0NvQkU4RzJGcW1sYkd2bnB5DQoxTFZXcDJxOEFrV2NFZ2xveWQzd1ZzT1pUbGQ5SGZUNDdzNG5rT2hlL0tFUDhhZDB2SlNla3pmenJJVT0NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCg== \ No newline at end of file diff --git a/base/tls/tls-secret.yaml b/base/tls/tls-secret.yaml index 0beadbc..013e261 100644 --- a/base/tls/tls-secret.yaml +++ b/base/tls/tls-secret.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: Secret metadata: name: tls-secret - namespace: ingress-nginx type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlESVRDQ0FnbWdBd0lCQWdJQkFqQU5CZ2txaGtpRzl3MEJBUXNGQURBd01SRXdEd1lEVlFRREV3aE5lVlJsDQpjM1JEUVRFTE1Ba0dBMVVFQmhNQ1EwNHhEakFNQmdOVkJBb1RCVTE1VDNKbk1CNFhEVEkxTURReE5URTROREUxDQpNMW9YRFRJMk1EUXhOVEU0TkRFMU0xb3dNVEVTTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVFzd0NRWURWUVFHDQpFd0pEVGpFT01Bd0dBMVVFQ2hNRlRYbFBjbWN3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLDQpBb0lCQVFDdDFOTkhhZTlvN2tUb2VKTnhSbi9oTWZ1YWdoREZaTkl3Z2QxTkZDL253Qm5lSnFSNFhaNnIyVDVSDQphTWprVkZ4bndERTJWRk9BV1NKdmI2dWVwcmtiYWZtVU94b3pHbTFmWVk4UmNqMmhiS2JOYXVQRjRsZFhXWmRwDQpkZ0RjWldNL09TL0lMNjB0NTJXem9JQ3VzRTlkR3RSU2daMERoMUliSTU1eENncVdWdysvMGtxUElXNTB2eHQ1DQpOMW1aZmpCN3Qveng2SEFReHlnT21zMW54YUM0Qlhnc09lbDVnVVFtOCtPUHY5TmV3aG51UkttZ04rd3hJVTBhDQpSeERoeWk3S2J0ek90SEpMZTY0TWRxVmh6b2ZheHg5Y3RENUJ0UkY3Y2Q5NSs1WXFYYTRqUE9rWWNIV3cwbVJ3DQp4UmwxSzBnQ0V5ek52NW9KbUdVdmEramxLcXYxQWdNQkFBR2pSVEJETUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQDQpCQVFEQWdXZ01CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQlFHQTFVZEVRUU5NQXVDQ1d4dlkyRnNhRzl6DQpkREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBWTdTMFdxN3Rud01RUHdpM29HczAyODUvVTI5TDFBT1lpci9RDQpPR0pVYlJ5NnBUL3ltTm5TOHVQMjFaMlNpdjl6QzhteTVlbGtwcElndWNHL2ljaERTNXJIMTNTRThadll1RXZrDQpwL3o3KzBOcFdVa2RiZTlWZHRNL2pIb2ViZUJZUlV5UEwzSzREVGZEalNKM0ZkK2daVU5ON0hKRWVjdTJtbnY4DQpnbnJYZEpWRytWTHplbnpEMmV1TFBNalh2dHlkSkVRZkpQQzJveU1vWDF4YjVCOEMzaCtXWXRyNjk0ZWQ4MTFHDQp6UUpNMWkvOXpsVmFRc1EwMXVabDZPTHlRSkFWQWZnWkpneFpJZy9mbExERVZQV2RRS2NQcHhTVUhlUGgyUTQvDQpmOUZHVENsbnhLVzBubEVRbWE4K1htQ1d4ZXhEbm9qaFRaMzZaRHB1T2lhR0llSkFoQT09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo= From 2d9f3ab367c31c5b285cef825d993dfb82b3aa3b Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 04:24:45 +0800 Subject: [PATCH 16/27] 1 --- gp2504/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/gp2504/kustomization.yaml b/gp2504/kustomization.yaml index 5d08c6b..2927613 100644 --- a/gp2504/kustomization.yaml +++ b/gp2504/kustomization.yaml @@ -10,6 +10,7 @@ resources: - ../base/projects/stock2 - ../base/redis - ../base/redis-nodeport + - ../base/tls - ingress.yaml configMapGenerator: From 4b91798ec6bceb53f7cbf03dabffcda8c762db7f Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 04:25:38 +0800 Subject: [PATCH 17/27] 1 --- base/tls/ca-secret.yaml | 1 + base/tls/tls-secret.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/base/tls/ca-secret.yaml b/base/tls/ca-secret.yaml index 91030c6..ec1b3b8 100644 --- a/base/tls/ca-secret.yaml +++ b/base/tls/ca-secret.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: ca-secret + namespace: ingress-nginx type: Opaque data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlDK0RDQ0FlQ2dBd0lCQWdJQkFUQU5CZ2txaGtpRzl3MEJBUXNGQURBd01SRXdEd1lEVlFRREV3aE5lVlJsDQpjM1JEUVRFTE1Ba0dBMVVFQmhNQ1EwNHhEakFNQmdOVkJBb1RCVTE1VDNKbk1CNFhEVEkxTURReE5URTROREUxDQpNMW9YRFRJMk1EUXhOVEU0TkRFMU0xb3dNREVSTUE4R0ExVUVBeE1JVFhsVVpYTjBRMEV4Q3pBSkJnTlZCQVlUDQpBa05PTVE0d0RBWURWUVFLRXdWTmVVOXlaekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DDQpnZ0VCQUt0TEVSRFB5cnZTbDBmamtFWUVLMHFUTUEzTUZHUEg0RU96V1RFNERZVFJRRHBnTmlkZ2VFYWYwUzZKDQpDSFNsM0VrQTJFeEx3U0gyQUh5MUxxd3NwblVyNVVkWENIUXZEVFNKZWcrSGovZ054b3dBakZlMVgzclRhTWtjDQpRZDg0aHNiTExMQndjankwQUhmbXJ3eXJuN1B6d3RHb1dJZTJ0Y3BkRVpiWXVZR0tLOWk4YmsrT2xUeFFoYlBYDQpNM1pNNEFLc2NMUXZDNEpnaGZNc2JNZWtITThOSnV5V3dYSmV5MzFIRXRNK3JjZWJPRkFTRnVFMkhkMTVubVJpDQo5RjBVNnJEYWVrMjRsT2c0RDk3R2NTUVpvczRydklxV280aVo0Z2Q3dHNVRnFFaG1CTTQvNElISmV0elFQc0tODQpNbWh5L2wyZHNheDJFaVRmbVVQNVNsNkltOU1DQXdFQUFhTWRNQnN3REFZRFZSMFRCQVV3QXdFQi96QUxCZ05WDQpIUThFQkFNQ0FvUXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSVFDanRLS0NLdnFkTG8yUXN5Y0VYMmRoTVVpDQoxbWU3bFIyMmgzc0NONitKeGk2TG9FOGdvdVRUMSt2dEhGRmlKblBaeWhPd3B0S2VyYTIvWWdaUC9GZU1TS0NCDQpxZGNjY2JISFpaQWhjWUdkcVFHR0ZyK2lWNDkyc3dEc3JiVGo0amZ4TTBZY3VocENoc0d3UDNCNXMyd0FwbkU5DQpyTVFxZlRyeEkvMjJTbkpDRWcrQmxqL1dXRVoxTVF4bG5WdmtoNG5JNk1YWlI1RDA5ekg0SWFWMDhPbjI5S1BNDQo3Smd4elpMQmQwVnR6YXpIUXh3V1dVNkluekE3bjUvUVh2VnFRYURYRk9LNUhRT0NvQkU4RzJGcW1sYkd2bnB5DQoxTFZXcDJxOEFrV2NFZ2xveWQzd1ZzT1pUbGQ5SGZUNDdzNG5rT2hlL0tFUDhhZDB2SlNla3pmenJJVT0NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCg== \ No newline at end of file diff --git a/base/tls/tls-secret.yaml b/base/tls/tls-secret.yaml index 013e261..0beadbc 100644 --- a/base/tls/tls-secret.yaml +++ b/base/tls/tls-secret.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: tls-secret + namespace: ingress-nginx type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlESVRDQ0FnbWdBd0lCQWdJQkFqQU5CZ2txaGtpRzl3MEJBUXNGQURBd01SRXdEd1lEVlFRREV3aE5lVlJsDQpjM1JEUVRFTE1Ba0dBMVVFQmhNQ1EwNHhEakFNQmdOVkJBb1RCVTE1VDNKbk1CNFhEVEkxTURReE5URTROREUxDQpNMW9YRFRJMk1EUXhOVEU0TkRFMU0xb3dNVEVTTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVFzd0NRWURWUVFHDQpFd0pEVGpFT01Bd0dBMVVFQ2hNRlRYbFBjbWN3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLDQpBb0lCQVFDdDFOTkhhZTlvN2tUb2VKTnhSbi9oTWZ1YWdoREZaTkl3Z2QxTkZDL253Qm5lSnFSNFhaNnIyVDVSDQphTWprVkZ4bndERTJWRk9BV1NKdmI2dWVwcmtiYWZtVU94b3pHbTFmWVk4UmNqMmhiS2JOYXVQRjRsZFhXWmRwDQpkZ0RjWldNL09TL0lMNjB0NTJXem9JQ3VzRTlkR3RSU2daMERoMUliSTU1eENncVdWdysvMGtxUElXNTB2eHQ1DQpOMW1aZmpCN3Qveng2SEFReHlnT21zMW54YUM0Qlhnc09lbDVnVVFtOCtPUHY5TmV3aG51UkttZ04rd3hJVTBhDQpSeERoeWk3S2J0ek90SEpMZTY0TWRxVmh6b2ZheHg5Y3RENUJ0UkY3Y2Q5NSs1WXFYYTRqUE9rWWNIV3cwbVJ3DQp4UmwxSzBnQ0V5ek52NW9KbUdVdmEramxLcXYxQWdNQkFBR2pSVEJETUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQDQpCQVFEQWdXZ01CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQlFHQTFVZEVRUU5NQXVDQ1d4dlkyRnNhRzl6DQpkREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBWTdTMFdxN3Rud01RUHdpM29HczAyODUvVTI5TDFBT1lpci9RDQpPR0pVYlJ5NnBUL3ltTm5TOHVQMjFaMlNpdjl6QzhteTVlbGtwcElndWNHL2ljaERTNXJIMTNTRThadll1RXZrDQpwL3o3KzBOcFdVa2RiZTlWZHRNL2pIb2ViZUJZUlV5UEwzSzREVGZEalNKM0ZkK2daVU5ON0hKRWVjdTJtbnY4DQpnbnJYZEpWRytWTHplbnpEMmV1TFBNalh2dHlkSkVRZkpQQzJveU1vWDF4YjVCOEMzaCtXWXRyNjk0ZWQ4MTFHDQp6UUpNMWkvOXpsVmFRc1EwMXVabDZPTHlRSkFWQWZnWkpneFpJZy9mbExERVZQV2RRS2NQcHhTVUhlUGgyUTQvDQpmOUZHVENsbnhLVzBubEVRbWE4K1htQ1d4ZXhEbm9qaFRaMzZaRHB1T2lhR0llSkFoQT09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo= From f24d53379bc725537a66d2450cb8f69e6675d80e Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 04:53:22 +0800 Subject: [PATCH 18/27] 1 --- base/tls/ca-secret.yaml | 2 +- base/tls/tls-secret.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/base/tls/ca-secret.yaml b/base/tls/ca-secret.yaml index ec1b3b8..923bbce 100644 --- a/base/tls/ca-secret.yaml +++ b/base/tls/ca-secret.yaml @@ -5,4 +5,4 @@ metadata: namespace: ingress-nginx type: Opaque data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlDK0RDQ0FlQ2dBd0lCQWdJQkFUQU5CZ2txaGtpRzl3MEJBUXNGQURBd01SRXdEd1lEVlFRREV3aE5lVlJsDQpjM1JEUVRFTE1Ba0dBMVVFQmhNQ1EwNHhEakFNQmdOVkJBb1RCVTE1VDNKbk1CNFhEVEkxTURReE5URTROREUxDQpNMW9YRFRJMk1EUXhOVEU0TkRFMU0xb3dNREVSTUE4R0ExVUVBeE1JVFhsVVpYTjBRMEV4Q3pBSkJnTlZCQVlUDQpBa05PTVE0d0RBWURWUVFLRXdWTmVVOXlaekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DDQpnZ0VCQUt0TEVSRFB5cnZTbDBmamtFWUVLMHFUTUEzTUZHUEg0RU96V1RFNERZVFJRRHBnTmlkZ2VFYWYwUzZKDQpDSFNsM0VrQTJFeEx3U0gyQUh5MUxxd3NwblVyNVVkWENIUXZEVFNKZWcrSGovZ054b3dBakZlMVgzclRhTWtjDQpRZDg0aHNiTExMQndjankwQUhmbXJ3eXJuN1B6d3RHb1dJZTJ0Y3BkRVpiWXVZR0tLOWk4YmsrT2xUeFFoYlBYDQpNM1pNNEFLc2NMUXZDNEpnaGZNc2JNZWtITThOSnV5V3dYSmV5MzFIRXRNK3JjZWJPRkFTRnVFMkhkMTVubVJpDQo5RjBVNnJEYWVrMjRsT2c0RDk3R2NTUVpvczRydklxV280aVo0Z2Q3dHNVRnFFaG1CTTQvNElISmV0elFQc0tODQpNbWh5L2wyZHNheDJFaVRmbVVQNVNsNkltOU1DQXdFQUFhTWRNQnN3REFZRFZSMFRCQVV3QXdFQi96QUxCZ05WDQpIUThFQkFNQ0FvUXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSVFDanRLS0NLdnFkTG8yUXN5Y0VYMmRoTVVpDQoxbWU3bFIyMmgzc0NONitKeGk2TG9FOGdvdVRUMSt2dEhGRmlKblBaeWhPd3B0S2VyYTIvWWdaUC9GZU1TS0NCDQpxZGNjY2JISFpaQWhjWUdkcVFHR0ZyK2lWNDkyc3dEc3JiVGo0amZ4TTBZY3VocENoc0d3UDNCNXMyd0FwbkU5DQpyTVFxZlRyeEkvMjJTbkpDRWcrQmxqL1dXRVoxTVF4bG5WdmtoNG5JNk1YWlI1RDA5ekg0SWFWMDhPbjI5S1BNDQo3Smd4elpMQmQwVnR6YXpIUXh3V1dVNkluekE3bjUvUVh2VnFRYURYRk9LNUhRT0NvQkU4RzJGcW1sYkd2bnB5DQoxTFZXcDJxOEFrV2NFZ2xveWQzd1ZzT1pUbGQ5SGZUNDdzNG5rT2hlL0tFUDhhZDB2SlNla3pmenJJVT0NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCg== \ No newline at end of file + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlEQVRDQ0FlbWdBd0lCQWdJSUdEYVl2WlhzaVFBd0RRWUpLb1pJaHZjTkFRRUxCUUF3TVRFUU1BNEdBMVVFDQpBeE1IVkdWdVkyNWxkREVMTUFrR0ExVUVCaE1DUTA0eEVEQU9CZ05WQkFvVEIxUmxibU51WlhRd0hoY05NalV3DQpOREUxTWpBME5EQTFXaGNOTWpZd05ERTFNakEwTkRBMVdqQXhNUkF3RGdZRFZRUURFd2RVWlc1amJtVjBNUXN3DQpDUVlEVlFRR0V3SkRUakVRTUE0R0ExVUVDaE1IVkdWdVkyNWxkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU5tUmlEV2F0WUFtWDJ2RnQzQXNPa3VWMVlhdmlaOXd3MEVkbjNjdlRXODRORm1vDQpic3FzUHRFUTJzaFpHT25nWUhuWWs1aUg2MU5Yc1U4eDl0ZExMSmJwS0J5clVqWmpEWVBoUWN2c1hNUmJSN1JwDQpybVlhMW40WmZjU3ViVVNhM0Uzdk9sZk1ZcWVuMXJhNTRHOEpGcFZRQ1ozbjQ2KzQxWEQ0V0lWTlBOdHR6ajRPDQpsUDdKanJhcmc1R01lblhWQjdLR3ZyUU9od2xod0lFb1RFZkc1Uk4vNGV5YWdLLzlpUzd2aEhVWjNPNVhsR1FIDQpnZG9mNVFTK3drcCtBREY4bnBhQlpYS1ZYMVhRVzFwVHpId1ZPbFRBaHpMN0pMMUJ5SjN4dy85TElqbDlFWnZCDQp6dzZHcG5rbXFSaGc3SWwrcnBrM0N6SmpGK3NSbE0zZExPcmtiZjBDQXdFQUFhTWRNQnN3REFZRFZSMFRCQVV3DQpBd0VCL3pBTEJnTlZIUThFQkFNQ0FvUXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBTGFMaXZOTm93R1pVSWtKDQpNbEh1Zk9ac1RyYW5OL3FxTmNUY252V0Mrd1IvSE1EaGc2ellYcmZDY3VWdUtRUU5STE1NaUVYa3M1c2dZMVNnDQpVc3VmS25ZSGNJRmdYaHU0cnRjTzFkVVZSMTNjRE5VVkxPRUp5OE5PK0Fac0VYRUxtQTRXbjZGL1NpbEVYOGl1DQpsNmhWeDRyS2FtSk5mMlI5dFhrT3Q2OHVqVDdIcVpWYkJmcVFjVEpxQnZpMG45bUM3SXlZVStDVmhkU2RPTGV4DQpodkMzRWplY0Q4RFNFQ1V0MlNoeitQbjhiM3o3NkhNMHM1UEdPZjlnM2NhTWJESTBudUJOMHpFV3VpOUpteE1DDQp0aXVHMlZXMGFrZ0JkUDE0N1FZMVFKZXN4Vm4yZ05qNWtiTmsxWlpwc1JvV1gzYzdRaVdRUmwwZVE2cnFxdkJlDQovRThmOUNrPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0K \ No newline at end of file diff --git a/base/tls/tls-secret.yaml b/base/tls/tls-secret.yaml index 0beadbc..b67ba31 100644 --- a/base/tls/tls-secret.yaml +++ b/base/tls/tls-secret.yaml @@ -5,5 +5,5 @@ metadata: namespace: ingress-nginx type: kubernetes.io/tls data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlESVRDQ0FnbWdBd0lCQWdJQkFqQU5CZ2txaGtpRzl3MEJBUXNGQURBd01SRXdEd1lEVlFRREV3aE5lVlJsDQpjM1JEUVRFTE1Ba0dBMVVFQmhNQ1EwNHhEakFNQmdOVkJBb1RCVTE1VDNKbk1CNFhEVEkxTURReE5URTROREUxDQpNMW9YRFRJMk1EUXhOVEU0TkRFMU0xb3dNVEVTTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVFzd0NRWURWUVFHDQpFd0pEVGpFT01Bd0dBMVVFQ2hNRlRYbFBjbWN3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLDQpBb0lCQVFDdDFOTkhhZTlvN2tUb2VKTnhSbi9oTWZ1YWdoREZaTkl3Z2QxTkZDL253Qm5lSnFSNFhaNnIyVDVSDQphTWprVkZ4bndERTJWRk9BV1NKdmI2dWVwcmtiYWZtVU94b3pHbTFmWVk4UmNqMmhiS2JOYXVQRjRsZFhXWmRwDQpkZ0RjWldNL09TL0lMNjB0NTJXem9JQ3VzRTlkR3RSU2daMERoMUliSTU1eENncVdWdysvMGtxUElXNTB2eHQ1DQpOMW1aZmpCN3Qveng2SEFReHlnT21zMW54YUM0Qlhnc09lbDVnVVFtOCtPUHY5TmV3aG51UkttZ04rd3hJVTBhDQpSeERoeWk3S2J0ek90SEpMZTY0TWRxVmh6b2ZheHg5Y3RENUJ0UkY3Y2Q5NSs1WXFYYTRqUE9rWWNIV3cwbVJ3DQp4UmwxSzBnQ0V5ek52NW9KbUdVdmEramxLcXYxQWdNQkFBR2pSVEJETUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQDQpCQVFEQWdXZ01CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQlFHQTFVZEVRUU5NQXVDQ1d4dlkyRnNhRzl6DQpkREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBWTdTMFdxN3Rud01RUHdpM29HczAyODUvVTI5TDFBT1lpci9RDQpPR0pVYlJ5NnBUL3ltTm5TOHVQMjFaMlNpdjl6QzhteTVlbGtwcElndWNHL2ljaERTNXJIMTNTRThadll1RXZrDQpwL3o3KzBOcFdVa2RiZTlWZHRNL2pIb2ViZUJZUlV5UEwzSzREVGZEalNKM0ZkK2daVU5ON0hKRWVjdTJtbnY4DQpnbnJYZEpWRytWTHplbnpEMmV1TFBNalh2dHlkSkVRZkpQQzJveU1vWDF4YjVCOEMzaCtXWXRyNjk0ZWQ4MTFHDQp6UUpNMWkvOXpsVmFRc1EwMXVabDZPTHlRSkFWQWZnWkpneFpJZy9mbExERVZQV2RRS2NQcHhTVUhlUGgyUTQvDQpmOUZHVENsbnhLVzBubEVRbWE4K1htQ1d4ZXhEbm9qaFRaMzZaRHB1T2lhR0llSkFoQT09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo= - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQ0KTUlJRW93SUJBQUtDQVFFQXJkVFRSMm52YU81RTZIaVRjVVovNFRIN21vSVF4V1RTTUlIZFRSUXY1OEFaM2lhaw0KZUYyZXE5aytVV2pJNUZSY1o4QXhObFJUZ0ZraWIyK3JucWE1RzJuNWxEc2FNeHB0WDJHUEVYSTlvV3lteldyag0KeGVKWFYxbVhhWFlBM0dWalB6a3Z5Qyt0TGVkbHM2Q0FyckJQWFJyVVVvR2RBNGRTR3lPZWNRb0tsbGNQdjlKSw0KanlGdWRMOGJlVGRabVg0d2U3Zjg4ZWh3RU1jb0Rwck5aOFdndUFWNExEbnBlWUZFSnZQamo3L1RYc0laN2tTcA0Kb0Rmc01TRk5Ha2NRNGNvdXltN2N6clJ5UzN1dURIYWxZYzZIMnNjZlhMUStRYlVSZTNIZmVmdVdLbDJ1SXp6cA0KR0hCMXNOSmtjTVVaZFN0SUFoTXN6YithQ1pobEwydm81U3FyOVFJREFRQUJBb0lCQUFJNWh0R3phS0c4YU92Yg0KdlRGV01HVktyVGhyUVRreGd1SWxpMVpFODU4QTdhUFM5VWhvRkZPSk5udTJ2bGx6dmZJQyt1NUIwb2JDUFVkVg0KVThvMlFvaTRDTDV0cWpac3VHa2YxOE9tcFdUSFBmUkRrYkl5NVNERVVBU0V3dHFQUHArc3hQQ0lNYXgwZVcvOA0KMWlER04ySE82ZGc3ZWUyMVllYmdoQkxZeU0xblB1OFk2cEhrZW8vd2k0RFNpNlEvMmlMWlNOS0hqdnhSUkM3Rw0KTTQ0OWxVM0JSTDd0UmlmYUNMUWtvZERXdTdBZ2JUeFFtbFVkdjh5ODV5UHB5dytGVWN3UGpMMXo4Mm92aStqYQ0Kb2t4MUpYVWxrOUt3eDBWVERHeVJUVE11WmtZV2l4VGljN1JVKzJwUDgvM2NpbXQ2ZlFsYlpBSm5PZTZSNlBJNA0KNUJDTDlKRUNnWUVBM3kwZEp2NUxuRG1wVklQRVZJQk5SRkJHQkk5OFdmR0cwWSszQVk4K2dXWVlySnhVWkhTbw0KRDAyUWJYbXNpN1FtYk95NHhkQTZjUXZsdVkyamVnRjhRYXJYVTNNZ01ldzllUHR0NldJc0xJUWc1cnlHeDVtSw0KanplZW9zdWl1VUNHQnlLeGFDek9MN2NnMDRrQUhNeWhFU2VXUjBHLzYzMTluaXN4bnliR01JVUNnWUVBeDJYUA0KYWF2VS91VEFvNnVtQUlHbk9veUhOUE5JbWJWRHNmaklZUFlxN3Y0ZkFNTStQR3BaNmhmdWYvQTJyVVVXdUUwMg0KaVhwYUk4Z0E3NDFGRG9CWnU0LzFUSGRmTHlsMTRWQ29pM0QyWkxYeFBMMlptUjFzbHEzUm9SbzE3ZTdicFFwTg0KTmx4dVBCNWNGc3lZYW5RNUxNQ1JGT3NUOCtTOTZSV0Zxa21Rb0xFQ2dZRUF5RHdCMitwc2pFNXZ6cFFxb21ZNg0KN1AvWTBsNnFnMGhnWGNWRHZQSjRja0RZQW9hQWNXRDVLRUcvUTNuWGhjQ3NlUzRxMmRCcG51Tzl5UzE3Ynd2Rw0KSUdUWHJOZXVHeHlLU3ZITE80b0plQ2RVSGJFb2ZBMFdkRWpDMiswNG9sMXg0eFVOZHhvOEpETjZFRkRxK092Zg0KMXpSZGNMRmRNRHYzYU9INE00TG1ic0VDZ1lCR0g3LzU0YnhlaUFSWGl4NHVQMnFZWktPSU02YnNwNXJQRkRjaw0KSW02bTdpZnBGTURtYm1DQXV6bmROSldHQ2k0YlVzeERQUXhHV1NnN0Z1dWFWZms0eFQvM1RHUGxLaWVTdmRNSQ0KZHdtd0VXeHRlQ0IwZ0t5WHNUbHY5cy9RaFpncFNwNHM2QVM4ajlEREUrRG1UMGxzTzZ6S05vSWwyK1FOL011dA0KUDRIbGdRS0JnRTRJa0cvMkc5K0h6Y1VCeGtPYnpwWlM4dG9KRzc3TmtwZjRkdm4wRm1nNFhZamNVZHZqOWF2Mw0KUm9LS2RHNE9KejJpdTVkanhhZFF3VEM2WkhLRFQ3eW03TEtOOEF3M0lTeHJsdzE2TlNSczgzczZ1SnMwbnJrUg0KTWZZZ0F2UVIwbVdNZFVpRVIyckJCcGZPaXZ2Ykg4UlpDM2l3VXFNSnNDREp6czB6UXE3NA0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0NCg== + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlES1RDQ0FoR2dBd0lCQWdJSUdEYVkwYVM3RWdBd0RRWUpLb1pJaHZjTkFRRUxCUUF3TVRFUU1BNEdBMVVFDQpBeE1IVkdWdVkyNWxkREVMTUFrR0ExVUVCaE1DUTA0eEVEQU9CZ05WQkFvVEIxUmxibU51WlhRd0hoY05NalV3DQpOREUxTWpBME5UTXhXaGNOTWpZd05ERTFNakEwTlRNeFdqQXlNUkV3RHdZRFZRUURFd2dxTG5GeExtTnZiVEVMDQpNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQW9UQjFSbGJtTnVaWFF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBDQpBNElCRHdBd2dnRUtBb0lCQVFEU3lYSzRlMHlHejdHS1dUcTlwMDYvOWVBeVpzUXF4bmhXYTZZcmZlUGNkSTB6DQpDTjZ1RVFBbGk4djlrQ1NINFU1M21BOFJMRm1GL0s0dlRrcE5tQTJJbXdMcHRmR2luTFlHYWhwRDBwUW15aUJjDQptcWJzRURhOGNsajh5NEUzcXA2NU1ydGFxaGhteTdsMmdDMzFCcjYydHZDSlF4b2hMOXZDK1doc2ZwOE1FVS9VDQpmK2hpRXMxU2ROUzZUTG1hc1cvSGFPeVhvYWhZaFFldDhVZXE4bUFSZFF2UmdHdjJWTjgyODgxck55MDRxZG1VDQpQTEdITXBrZzk0elQzZFAyT1RZUHkwcGM5c0JoNnpGT0NDUVpVcXorREk4QUVBOUVUMGQ3bGMrU2drTDA2TjFrDQoyakVmNEV3VWYvMHg5ZHhoQ0c1bzZKWVVIdTJ6Qzk3QzNxRCtQaHZaQWdNQkFBR2pSREJDTUFrR0ExVWRFd1FDDQpNQUF3Q3dZRFZSMFBCQVFEQWdXZ01CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQk1HQTFVZEVRUU1NQXFDDQpDQ291Y1hFdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFXQUxwT0I3bzJ2d01FUHVtdFhDQVJDUnY2DQpCN3hGeTJIeXR1eTZvK0VYSXRLZmZVQ1BaVjBnR3FySTJEUnYrU0pmMWNxUUFaK2ZlUDl6cXJES3dGQURmNm5BDQpnalo5Nkc0ZnBBcnZPZGZpQVQxeHU3WHBweWM1TFNEbXB3d0dEUFppTFc2NXBLaTk4TmZnaFlnOVIxVHpXVlMxDQpKWVVNQVBUeWZDYjJMSFg0Zi9EdmVGQ0Y5QjZQN3MyN2htelh4OHhCRlFiR0RpVHNzOFRtcUQybXBjWVY5S3lrDQpCNjBxdFgzcUltSXhxSk95K1JycEF1NHhmK1NTQXRYUHl0TkRvNWZSajFNc2RuN3FEcjFSYzI0eGlHQlQ4V1lSDQpGSmN2cXFkRUo5ZjhHdTNpamNpWHNGaUJzQkRuQ0EvTXo3REtRU0tLdFhHVFpsN0lWOGNqeHV0Mjc0SWMNCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCg== + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQ0KTUlJRW93SUJBQUtDQVFFQTBzbHl1SHRNaHMreGlsazZ2YWRPdi9YZ01tYkVLc1o0Vm11bUszM2ozSFNOTXdqZQ0KcmhFQUpZdkwvWkFraCtGT2Q1Z1BFU3haaGZ5dUwwNUtUWmdOaUpzQzZiWHhvcHkyQm1vYVE5S1VKc29nWEpxbQ0KN0JBMnZISlkvTXVCTjZxZXVUSzdXcW9ZWnN1NWRvQXQ5UWErdHJid2lVTWFJUy9id3Zsb2JINmZEQkZQMUgvbw0KWWhMTlVuVFV1a3k1bXJGdngyanNsNkdvV0lVSHJmRkhxdkpnRVhVTDBZQnI5bFRmTnZQTmF6Y3RPS25abER5eA0KaHpLWklQZU0wOTNUOWprMkQ4dEtYUGJBWWVzeFRnZ2tHVktzL2d5UEFCQVBSRTlIZTVYUGtvSkM5T2pkWk5veA0KSCtCTUZILzlNZlhjWVFodWFPaVdGQjd0c3d2ZXd0NmcvajRiMlFJREFRQUJBb0lCQUF1cUplVHJUV1hsa2JJRA0KcVUrdUMwVVlpM211ams2aHIyZDA1N1R0TnJYUUxTTVJRUHJDcW1zRjcvWmNaeFN1STVtTk90Q3JGbG5ZeGE0Mw0KZnR0Q1RBWGdhd3BaVzBqT1FhSjRyc2hvMUZXdXYzeEZ3bkZYRDdGRWtLNXhoaVBxK3ZWTmdDRzVXemdCRTgyaA0KdEdKQTduZmpRQ0VzNUN5UDN0VDNneVRLeHBlbC9YTmtXUjFBQmg2UkV0WlVUTmh0U2RTaDNwZ0pLMUkwN2Nscg0KNzNtMW80b2RydldOSFNUWUM1bFA3Vk5hL0VpczE1dno2ZGJsNXYyWFEvSnpwTHZWZFVKRWRteHhONWVSNmpGSw0KTlBzbWNJUGZLOFUvN3dyRGNwNjE1bVUzVmIwNUFmNjJyWkhySkZKdHBIMG1iOXFSYzRKMy93RytYaWEvNXhPVA0KOXdnc3BlTUNnWUVBNmtsVFJraStEN3pTV1RUNzQyb3R5VUNjaUlsdXdWZWxJdGNxWHc0MjM3ZDYvMGplV3BhQQ0KOU5MaWJNKzd2UXFWVmRJekJ4V2hjd1ZmdEllMzczRWVFMno0MWhJOXNidnVXNFdUbGNESnc0Mk9SSWNJYmZnQQ0KZXRzR0xXY251R1B3dlVoYTdKZnlIdHl6Ym9UU3AwV3hGZncrSTY0c3JENHlNRmdrWmNxTDUxTUNnWUVBNWxLUw0KMzlRTlByZWgzNlRMdUhMTlJUbE5tSzlUcWphTjNUN25vUTdaSFYzSzFpYzl2ZTEzbUhZRnk1YjJWaGN6ZEhWOQ0KQWhNLzJTRUpxUHdjaWQwMmNpdjlHVlRVbDNVWUFoL3dnZSsrOWsyMFNiS3ZZaVRacmhCRWkzZW1aTzF3eW1NZg0KZ1FsMlk1R3N1SFI4SEpmVTNBdzNSUnlGWCtRTmVpUUJDY0R1cHFNQ2dZQVRtUEtZVEhscGc1ZnMwbHZIbUJnZw0KWDRFNGdwWjdJY08wZUY4WStHMXFwVVJxbWtQUFBBdXBid0oxcTZLK20yWUdlY0MrOVBZK1V0TEFuU0dycThDaQ0KUzFrOVB1VmVPcVFqajdiYXJmZXluZUtxcE1qMXVlc0FXOVhXY215R0pnWDdMMVE3dWpJTWx0V0RoeVMvelRxVQ0KNWpha2NXdFhOUlNwcXBYUTFmS0I5UUtCZ1FDcVZkOHhrYzNKMkZ6cTNTR2M0NnBUeTdGTGZqN04zMUxEa1VZVQ0Kb3JxSE1WcFZUdWdta255a1VJU3dzSkMxMHFySE1peWxZRDhVQVk3M1hweHNpU0UvQnJGRURxeTY1bW8vQ0FnQw0KMEovVjRGbTVOMkRsb0lNc2EvT0ZnWk9aaU5DbG5QRXJxU2ZaTTE4ZGUyaGViUnVMTWEyZWV4MVljWHhXSEZKNA0KT0N0SEtRS0JnRnpBbzBoazFMRVlDMVN6cmpmZjBXZHVESEZuQnoyczJROWRFRzMrZmpVRlhsQVh0NlBBQUxDSg0KY2hKMmdGWTNRY1dBR015alBXK3doQU1HY2RPMWF1MlM0SFpLQTZwbkVYZ0VXbjFRQ3FuR0pwT2ZPd2dDcXI3RQ0KQmdZZG1Telo3MEhvZ3RlVUkrSzAvMUdXRE95eVplbHBHeEFnU3hVTmRKU3p6VDh0bTlCTQ0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0NCg== From deb832fd024c08a254b37a123cf71e0ba6865c24 Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 04:55:41 +0800 Subject: [PATCH 19/27] 1 --- gp2504/ingress.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index 7b637ea..6cc9e09 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -16,13 +16,13 @@ metadata: spec: tls: - hosts: - - api.g2504.qq.com - - h5.g2504.qq.com - - admin.g2504.qq.com - - agent.g2504.qq.com + - api-g2504.qq.com + - h5-g2504.qq.com + - admin-g2504.qq.com + - agent-g2504.qq.com secretName: tls-secret rules: - - host: api.g2504.qq.com + - host: api-g2504.qq.com http: paths: - path: / @@ -39,7 +39,7 @@ spec: name: external-service port: number: 80 - - host: h5.g2504.qq.com + - host: h5-g2504.qq.com http: paths: - path: / @@ -63,7 +63,7 @@ spec: name: external-service port: number: 80 - - host: admin.g2504.qq.com + - host: admin-g2504.qq.com http: paths: - path: / @@ -94,7 +94,7 @@ spec: name: external-service port: number: 80 - - host: agent.g2504.qq.com + - host: agent-g2504.qq.com http: paths: - path: / From 77d8bbe5be8021cf87c6a0209b898570adb04d10 Mon Sep 17 00:00:00 2001 From: william Date: Wed, 16 Apr 2025 05:02:54 +0800 Subject: [PATCH 20/27] 1 --- gp2504/ingress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index 6cc9e09..e39e708 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -7,7 +7,7 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "10m" nginx.ingress.kubernetes.io/use-forwarded-headers: "true" nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/auth-tls-secret: "ingress-nginx/ca-secret" + nginx.ingress.kubernetes.io/auth-tls-secret: "gp2504/ca-secret" nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2" nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" From 2bff7331344cc06e0c341b2c320f1b8a1ab20e3b Mon Sep 17 00:00:00 2001 From: william Date: Fri, 18 Apr 2025 00:01:03 +0800 Subject: [PATCH 21/27] 1 --- base/secret/http-basic-auth.yaml | 9 +++++++++ base/secret/kustomization.yaml | 3 ++- gp2504/ingress.yaml | 3 +++ gp2504/kustomization.yaml | 1 + 4 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 base/secret/http-basic-auth.yaml diff --git a/base/secret/http-basic-auth.yaml b/base/secret/http-basic-auth.yaml new file mode 100644 index 0000000..aaf972d --- /dev/null +++ b/base/secret/http-basic-auth.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: basic-auth +type: Opaque +data: + auth: dXNlcjokYXByMSRPU0JHSXpFbCRFemNTTGk1QkJWVGFBQlhMODlNaXkvCg== +# This is a base64 encoded string of the format "user:$apr1$OSBGIzEl$EzcSLi5BBVTaABXL89Miy/". +# password: FVhxOBuqXK800gdmIq \ No newline at end of file diff --git a/base/secret/kustomization.yaml b/base/secret/kustomization.yaml index f2f90e9..6eadc2b 100644 --- a/base/secret/kustomization.yaml +++ b/base/secret/kustomization.yaml @@ -1,3 +1,4 @@ resources: - juyoutech-docker-hub-secret.yaml - - juyou-docker-tcr-secret.yaml \ No newline at end of file + - juyou-docker-tcr-secret.yaml + - http-basic-auth.yaml \ No newline at end of file diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index e39e708..dfa77c2 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -13,6 +13,9 @@ metadata: nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/auth-type: "basic" + nginx.ingress.kubernetes.io/auth-secret: "http-basic-auth" + nginx.ingress.kubernetes.io/auth-realm: "Authentication Required" spec: tls: - hosts: diff --git a/gp2504/kustomization.yaml b/gp2504/kustomization.yaml index 2927613..bb51ecc 100644 --- a/gp2504/kustomization.yaml +++ b/gp2504/kustomization.yaml @@ -11,6 +11,7 @@ resources: - ../base/redis - ../base/redis-nodeport - ../base/tls + - ../base/secret - ingress.yaml configMapGenerator: From 49de3cfd3e5b437ad061098d65f6fdccc7c8f9f5 Mon Sep 17 00:00:00 2001 From: william Date: Fri, 18 Apr 2025 00:04:24 +0800 Subject: [PATCH 22/27] 1 --- base/{secret => basic-auth}/http-basic-auth.yaml | 0 base/basic-auth/kustomization.yaml | 2 ++ base/secret/kustomization.yaml | 3 +-- gp2504/kustomization.yaml | 2 +- test.bat | 1 + 5 files changed, 5 insertions(+), 3 deletions(-) rename base/{secret => basic-auth}/http-basic-auth.yaml (100%) create mode 100644 base/basic-auth/kustomization.yaml create mode 100644 test.bat diff --git a/base/secret/http-basic-auth.yaml b/base/basic-auth/http-basic-auth.yaml similarity index 100% rename from base/secret/http-basic-auth.yaml rename to base/basic-auth/http-basic-auth.yaml diff --git a/base/basic-auth/kustomization.yaml b/base/basic-auth/kustomization.yaml new file mode 100644 index 0000000..a3e3b00 --- /dev/null +++ b/base/basic-auth/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - http-basic-auth.yaml \ No newline at end of file diff --git a/base/secret/kustomization.yaml b/base/secret/kustomization.yaml index 6eadc2b..f2f90e9 100644 --- a/base/secret/kustomization.yaml +++ b/base/secret/kustomization.yaml @@ -1,4 +1,3 @@ resources: - juyoutech-docker-hub-secret.yaml - - juyou-docker-tcr-secret.yaml - - http-basic-auth.yaml \ No newline at end of file + - juyou-docker-tcr-secret.yaml \ No newline at end of file diff --git a/gp2504/kustomization.yaml b/gp2504/kustomization.yaml index bb51ecc..3987eab 100644 --- a/gp2504/kustomization.yaml +++ b/gp2504/kustomization.yaml @@ -11,7 +11,7 @@ resources: - ../base/redis - ../base/redis-nodeport - ../base/tls - - ../base/secret + - ../base/basic-auth - ingress.yaml configMapGenerator: diff --git a/test.bat b/test.bat new file mode 100644 index 0000000..d7faf9e --- /dev/null +++ b/test.bat @@ -0,0 +1 @@ +kubectl apply --dry-run=client -k gp2504 \ No newline at end of file From 20a62e27ab62541d8a51de6efe27bfdbac82ee88 Mon Sep 17 00:00:00 2001 From: william Date: Fri, 18 Apr 2025 00:08:25 +0800 Subject: [PATCH 23/27] 1 --- gp2504/ingress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index dfa77c2..cc07622 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -14,7 +14,7 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/auth-type: "basic" - nginx.ingress.kubernetes.io/auth-secret: "http-basic-auth" + nginx.ingress.kubernetes.io/auth-secret: "basic-auth" nginx.ingress.kubernetes.io/auth-realm: "Authentication Required" spec: tls: From 2c8a74636649f2e90ae423aecb5ba8d139717267 Mon Sep 17 00:00:00 2001 From: william Date: Fri, 18 Apr 2025 00:33:28 +0800 Subject: [PATCH 24/27] 1 --- gp2504/ingress.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index cc07622..776ebe5 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -6,7 +6,6 @@ metadata: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/proxy-body-size: "10m" nginx.ingress.kubernetes.io/use-forwarded-headers: "true" - nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/auth-tls-secret: "gp2504/ca-secret" nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2" From 28e8de3a4cf4f2150ea063b4036a433891d8f386 Mon Sep 17 00:00:00 2001 From: william Date: Fri, 18 Apr 2025 00:34:44 +0800 Subject: [PATCH 25/27] 1 --- gp2504/ingress.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index 776ebe5..cc07622 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -6,6 +6,7 @@ metadata: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/proxy-body-size: "10m" nginx.ingress.kubernetes.io/use-forwarded-headers: "true" + nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/auth-tls-secret: "gp2504/ca-secret" nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2" From c693adff1fc97f4bf7f227b46fd96d1d47ffa8ec Mon Sep 17 00:00:00 2001 From: william Date: Fri, 18 Apr 2025 01:27:08 +0800 Subject: [PATCH 26/27] 1 --- gp2504/ingress.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index cc07622..87fbe82 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -13,9 +13,9 @@ metadata: nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/auth-type: "basic" - nginx.ingress.kubernetes.io/auth-secret: "basic-auth" - nginx.ingress.kubernetes.io/auth-realm: "Authentication Required" +# nginx.ingress.kubernetes.io/auth-type: "basic" +# nginx.ingress.kubernetes.io/auth-secret: "basic-auth" +# nginx.ingress.kubernetes.io/auth-realm: "Authentication Required" spec: tls: - hosts: From ce453ca909e391c86787ab44a311b787e57225ae Mon Sep 17 00:00:00 2001 From: william Date: Fri, 18 Apr 2025 10:49:57 +0800 Subject: [PATCH 27/27] 1 --- gp2504/ingress.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/gp2504/ingress.yaml b/gp2504/ingress.yaml index 87fbe82..d60176e 100644 --- a/gp2504/ingress.yaml +++ b/gp2504/ingress.yaml @@ -6,7 +6,6 @@ metadata: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/proxy-body-size: "10m" nginx.ingress.kubernetes.io/use-forwarded-headers: "true" - nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/auth-tls-secret: "gp2504/ca-secret" nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2"