Skip to content

Latest commit

 

History

History
45 lines (42 loc) · 1.79 KB

README.md

File metadata and controls

45 lines (42 loc) · 1.79 KB

KubPoc

POC to demonstrated how to provision a simple Amazon EKS with Pulumi

A simple Nginx server is deployed on the Kubernetes instance asciicast

Links

Nginx

Nginx access is restricted by ssl client certificate, see nginx.conf

Certificates

Certificates are signed with Let's encrypt was generated with certbot

Client certificates

To access Nginx a client certificate is required.

testuser.pfx can be import to access Nginx site, the certificate password is 'test'

Client certificate generation

# Generate the CA
openssl genrsa -des3 -out testuser.key 2048
openssl req -new -key testuser.key -out testuser.csr
openssl x509 -in myca.crt -out myca.pem -outform PEM
# Generate a client certificate
openssl genrsa -des3 -out testuser.key 2048
openssl req -new -key testuser.key -out testuser.csr
# Sign with our certificate-signing CA
openssl x509 -req -days 365 -in testuser.csr -CA myca.crt -CAkey myca.key -set_serial 01 -out testuser.crt
# Combined the key material into a single PFX.
openssl pkcs12 -export -out testuser.pfx -inkey testuser.key -in testuser.crt -certfile myca.crt

Deploy the stack

pulumi up

Setup kubctrl access

pulumi stack output kubeconfig > kubeconfig.yml
export KUBECONFIG=./kubeconfig.yml
kubectl get nodes