Marcelo Ochoa marcelo-ochoa

CTO and Co-founder at @ScotasSearch. His background is in database, network, Web and Java technologies. Since 2004 is part of the @OracleACE program.

marcelo-ochoa / whoami-tls.yaml

Created June 22, 2021 13:56

WhoAmi TLS LetsEncrypt cert generation test

	# whoami-tls.yaml
	apiVersion: traefik.containo.us/v1alpha1
	kind: IngressRoute
	metadata:
	name: app-tls
	spec:
	entryPoints:
	- websecure
	routes:
	- kind: Rule

marcelo-ochoa / whoami.yml

Created June 22, 2021 13:49

WhoAmi Traefik App for testing

marcelo-ochoa / traefik-values.yaml

Created June 22, 2021 13:39

Traefik+LetsEncrypt configuration for Oracle OCI Kubernetes deployment

	additionalArguments:
	- [email protected]
	- --certificatesresolvers.le.acme.storage=/data/acme.json
	- --certificatesresolvers.le.acme.tlschallenge=true
	- --certificatesresolvers.le.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
	persistence:
	enabled: true
	path: /data
	podSecurityContext:
	fsGroup: 65532

marcelo-ochoa / sample-app.yaml

Created May 19, 2021 20:34

Sampe echo app

	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	name: ingress-test
	annotations:
	kubernetes.io/ingress.class: nginx
	cert-manager.io/cluster-issuer: "letsencrypt-staging"
	spec:
	rules:
	- host: www.example.com

marcelo-ochoa / letsencrypt-http01.yaml

Last active May 19, 2021 20:31

Sample ClusterIssuer letsencrypt

	apiVersion: cert-manager.io/v1
	kind: ClusterIssuer
	metadata:
	name: letsencrypt
	spec:
	acme:
	server: https://acme-v02.api.letsencrypt.org/directory
	email: [email protected]
	privateKeySecretRef:
	name: letsencrypt

marcelo-ochoa / letsencrypt-staging-http01.yaml

Last active May 19, 2021 20:31

Sample ClusterIssuer staging

	apiVersion: cert-manager.io/v1
	kind: ClusterIssuer
	metadata:
	name: letsencrypt-staging
	spec:
	acme:
	# You must replace this email address with your own.
	# Let's Encrypt will use this to contact you about expiring
	# certificates, and issues related to your account.
	email: [email protected]

marcelo-ochoa / docker-compose.yml

Last active December 16, 2020 23:17

	version: '3.6'

	services:
	registry:
	image: registry:2
	hostname: registry.mydomain.com
	networks:
	- lb_network
	volumes:
	- data:/var/lib/registry

marcelo-ochoa / docker-compose.yml

Last active January 22, 2021 13:21

	version: '3.6'
	x-default-opts:
	&default-opts
	image: certbot-oci:v1.10.1
	volumes:
	- certs-repo:/etc/letsencrypt
	environment:
	OCID: ocid1.loadbalancer.oc1.iad.nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
	RENEWED_DOMAINS: dev-oci.mydomain.com
	deploy:

marcelo-ochoa / create-lb-certs.sh

Created December 15, 2020 20:09

	#!/bin/sh
	cd /etc/letsencrypt
	cert_number=$(ls csr/\|tail -1\|sed s/_.*//)
	cert_name=$RENEWED_DOMAINS-$cert_number
	echo $cert_name
	oci lb certificate create --load-balancer-id $OCID --certificate-name $cert_name --public-certificate-file /etc/letsencrypt/live/$RENEWED_DOMAINS/fullchain.pem --private-key-file /etc/letsencrypt/live/$RENEWED_DOMAINS/privkey.pem
	sleep 30
	oci lb listener update --force --listener-name lb_ssl --default-backend-set-name bs_default --port 443 --protocol HTTP --load-balancer-id $OCID --ssl-certificate-name $cert_name

marcelo-ochoa / Dockerfile

Created December 15, 2020 20:04

	ARG VERSION=v1.10.1
	FROM certbot/certbot:$VERSION

	COPY requirements.txt ./
	RUN apk add --update alpine-sdk libffi libffi-dev openssl openssl-dev && pip install --no-cache-dir -r requirements.txt

	COPY oci/* /root/.oci/
	COPY *.sh /