blob: 444a88e05d69c7b58894108f78d7dd7f05097d03 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress-microk8s
annotations:
kubernetes.io/ingress.class: public
ingressclass.kubernetes.io/is-default-class: "true"
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/enable-modsecurity: "true"
nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
nginx.ingress.kubernetes.io/modsecurity-transaction-id: "$request_id"
nginx.ingress.kubernetes.io/modsecurity-snippet: |
SecRuleEngine On
spec:
rules:
- host: "seagl00.k8s.jp.net"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: seagl00-k8s-jp-net
port:
number: 80
- host: "seagl01.k8s.jp.net"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: seagl01-k8s-jp-net
port:
number: 80
tls:
- hosts:
- seagl00.k8s.jp.net
secretName: seag00-k8s-jp-net-tls
- hosts:
- seagl01.k8s.jp.net
secretName: seag01-k8s-jp-net-tls
---
apiVersion: v1
kind: Service
metadata:
name: ingress
spec:
selector:
name: nginx-ingress-microk8s
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: seagl2023@jpnc.info
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource that will be used to store the account's private key.
name: letsencrypt-account-key
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress:
class: public
|
