Cambios varios

Comunes/buscaNodeport.sh

@@ -0,0 +1 @@
+kubectl get svc -A |grep -i nodeport | cut -c100-|cut -f2 -d:|cut -c1-5| sort

HelmCharts/airsonic-advanced-chart/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

HelmCharts/airsonic-advanced-chart/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: airsonic-advanced-chart
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

HelmCharts/airsonic-advanced-chart/templates/airsonic-advanced-deployment.yaml

@@ -0,0 +1,78 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: airsonic-advanced
+  namespace: airsonic-advanced
+spec:
+  type: NodePort
+  ports:
+    - name: http
+      #port: 4040
+      port: 80
+      nodePort: 30781
+      targetPort: air-adv-http
+  selector:
+    app: airsonic-advanced
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: airsonic-advanced-pv-claim
+  namespace: airsonic-advanced
+  labels:
+    app: airsonic-advanced
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 2Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: airsonic-advanced
+  namespace: airsonic-advanced
+  labels:
+    app: airsonic-advanced
+spec:
+  selector:
+    matchLabels:
+      app: airsonic-advanced
+      tier: frontend
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: airsonic-advanced
+        tier: frontend
+    spec:
+      containers:
+      - image: sentriz/gonic:latest
+        name: airsonic-advanced
+        #image: airsonicadvanced/airsonic-advanced
+        #image: docker-registry:32000/airsonic:1.0
+        ports:
+        - containerPort: 80
+          name: "air-adv-http"
+        volumeMounts:
+        - name: airsonic-advanced-www-folder
+          #mountPath: /var/airsonic
+          mountPath: /data
+        - name: airsonic-advanced-www-folder
+          #mountPath: /var/music
+          mountPath: /music
+        - name: airsonic-advanced-www-folder
+          #mountPath: /var/playlists
+          mountPath: /cache
+        - name: airsonic-advanced-www-folder
+          #mountPath: /var/podcasts
+          mountPath: /podcasts
+      imagePullSecrets:
+      - name: reg-cred-secret
+      volumes:
+      - name: airsonic-advanced-www-folder
+        persistentVolumeClaim:
+          claimName: airsonic-advanced-pv-claim

HelmCharts/airsonic-advanced-chart/templates/registry-secrets.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+data:
+  .dockerconfigjson: eyJhdXRocyI6eyJkb2NrZXItcmVnaXN0cnk6MzIwMDAiOnsidXNlcm5hbWUiOiJjcmV5bG9wZXoiLCJwYXNzd29yZCI6IlJleS0xMTc2IiwiYXV0aCI6IlkzSmxlV3h2Y0dWNk9sSmxlUzB4TVRjMiJ9fX0=
+kind: Secret
+metadata:
+  creationTimestamp: "2023-01-29T10:54:14Z"
+  name: reg-cred-secret
+  namespace: airsonic-advanced
+  resourceVersion: "19890385"
+  uid: 66b3b7c5-26c1-4e5a-af4e-dc973aaafe4b
+type: kubernetes.io/dockerconfigjson

HelmCharts/airsonic-advanced-chart/values.yaml

@@ -0,0 +1,82 @@
+# Default values for airsonic-advanced-chart.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: nginx
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: ClusterIP
+  port: 80
+
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

HelmCharts/airsonic-chart/templates/airsonic-deployment.yaml

@@ -16,7 +16,7 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: airsonic-pv-claim
+  name: airsonic-data-claim
   namespace: airsonic
   labels:
     app: airsonic
@@ -28,6 +28,51 @@ spec:
     requests:
       storage: 2Gi
 ---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: airsonic-music-claim
+  namespace: airsonic
+  labels:
+    app: airsonic
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: airsonic-playlists-claim
+  namespace: airsonic
+  labels:
+    app: airsonic
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: airsonic-podcasts-claim
+  namespace: airsonic
+  labels:
+    app: airsonic
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 1Gi
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -59,19 +104,26 @@ spec:
         - containerPort: 4040
           name: "airsonic-http"
         volumeMounts:
-        - name: airsonic-www-folder
+        - name: airsonic-data-folder
           mountPath: /airsonic/data
-        - name: airsonic-www-folder
+        - name: airsonic-music-folder
           mountPath: /airsonic/music
-          #- name: airsonic-www-folder
-          #mountPath: /airsonic/luisa
-        - name: airsonic-www-folder
+        - name: airsonic-playlists-folder
           mountPath: /airsonic/playlists
-        - name: airsonic-www-folder
+        - name: airsonic-podcasts-folder
           mountPath: /airsonic/podcasts
       imagePullSecrets:
       - name: reg-cred-secret
       volumes:
-      - name: airsonic-www-folder
+      - name: airsonic-data-folder
+        persistentVolumeClaim:
+          claimName: airsonic-data-claim
+      - name: airsonic-music-folder
+        persistentVolumeClaim:
+          claimName: airsonic-music-claim
+      - name: airsonic-playlists-folder
+        persistentVolumeClaim:
+          claimName: airsonic-playlists-claim
+      - name: airsonic-podcasts-folder
         persistentVolumeClaim:
-          claimName: airsonic-pv-claim
+          claimName: airsonic-podcasts-claim

HelmCharts/entra-airsonic.sh

@@ -0,0 +1 @@
+kubectl exec -ti deployment.apps/airsonic -n airsonic -- /bin/bash

HelmCharts/entra-asa.sh

@@ -0,0 +1 @@
+kubectl exec -ti deployment.apps/airsonic-advanced -n airsonic-advanced -- /bin/bash

HelmCharts/helmAirsonic.sh

@@ -3,10 +3,20 @@
 if [ "$1" = "i" ]
 then
 	kubectl apply -f ./preparaAirsonic/as-namespace.yaml
-	kubectl apply -f ./preparaAirsonic/pv-local-airsonic.yaml
+	kubectl apply -f ./preparaAirsonic/pv-local-airsonic-data.yaml
+	kubectl apply -f ./preparaAirsonic/pv-local-airsonic-music.yaml
+	kubectl apply -f ./preparaAirsonic/pv-local-airsonic-playlists.yaml
+	kubectl apply -f ./preparaAirsonic/pv-local-airsonic-podcasts.yaml
 	helm install airsonic airsonic-chart/
-else
+elif [ "$1" = "u" ]
+then
 	helm uninstall airsonic 
 	kubectl delete -f ./preparaAirsonic/as-namespace.yaml
-	kubectl delete -f ./preparaAirsonic/pv-local-airsonic.yaml
+	kubectl delete -f ./preparaAirsonic/pv-local-airsonic-data.yaml
+	kubectl delete -f ./preparaAirsonic/pv-local-airsonic-music.yaml
+	kubectl delete -f ./preparaAirsonic/pv-local-airsonic-playlists.yaml
+	kubectl delete -f ./preparaAirsonic/pv-local-airsonic-podcasts.yaml
+else
+	echo "Falta comando: i=instalar, u=desinstalar"
 fi
+

HelmCharts/helmAirsonicadvanced.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+if [ "$1" = "i" ]
+then
+	kubectl apply -f ./preparaAirsonicadvanced/asa-namespace.yaml
+	kubectl apply -f ./preparaAirsonicadvanced/pv-local-airsonic-advanced.yaml
+	helm install airsonic-advanced airsonic-advanced-chart/
+elif [ "$1" = "u" ]
+then
+	helm uninstall airsonic-advanced 
+	kubectl delete -f ./preparaAirsonicadvanced/asa-namespace.yaml
+	kubectl delete -f ./preparaAirsonicadvanced/pv-local-airsonic-advanced.yaml
+else
+	echo "Falta comando: i=instalar, u=desinstalar"
+fi
+

HelmCharts/helmCitas.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+if [ "$1" = "i" ]
+then
+	kubectl apply -f ./preparaCitas/citas-namespace.yaml
+	kubectl apply -f ./preparaCitas/pv-local-mysql.yaml
+	kubectl apply -f ./preparaCitas/pv-local-citas.yaml
+	helm install wpcitas wpcitas/
+elif [ "$1" = "u" ]
+then
+	helm uninstall wpcitas 
+	kubectl delete -f ./preparaCitas/citas-namespace.yaml
+	kubectl delete -f ./preparaCitas/pv-local-mysql.yaml
+	kubectl delete -f ./preparaCitas/pv-local-citas.yaml
+else
+	echo "Falta comando: i=instalar, u=desinstalar"
+fi

HelmCharts/helmKanboard.sh

@@ -6,9 +6,12 @@ then
 	kubectl apply -f ./preparaKanboard/pv-local-mysql-kb.yaml
 	kubectl apply -f ./preparaKanboard/pv-local-kanboard.yaml
 	helm install kanboard kanboard-chart/
-else
+elif [ "$1" = "u" ]
+then
 	helm uninstall kanboard 
 	kubectl delete -f ./preparaKanboard/kb-namespace.yaml
 	kubectl delete -f ./preparaKanboard/pv-local-mysql-kb.yaml
 	kubectl delete -f ./preparaKanboard/pv-local-kanboard.yaml
+else
+	echo "Falta comando: i=instalar, u=desinstalar"
 fi

HelmCharts/helmMediawiki.sh

@@ -6,9 +6,12 @@ then
 	kubectl apply -f ./preparaMediawiki/pv-local-mysql-mw.yaml
 	kubectl apply -f ./preparaMediawiki/pv-local-mediawiki.yaml
 	helm install mediawiki mediawiki-chart/
-else
+elif [ "$1" = "u" ]
+then
 	helm uninstall mediawiki 
 	kubectl delete -f ./preparaMediawiki/mw-namespace.yaml
 	kubectl delete -f ./preparaMediawiki/pv-local-mysql-mw.yaml
 	kubectl delete -f ./preparaMediawiki/pv-local-mediawiki.yaml
+else
+	echo "Falta comando: i=instalar, u=desinstalar"
 fi

HelmCharts/helmMiweb.sh

@@ -6,9 +6,12 @@ then
 	#kubectl apply -f ./preparaMiweb/pv-local-miweb-certbot.yaml
 	#kubectl apply -f ./preparaMiweb/pv-local-miweb-conf.yaml
 	helm install miweb miweb-chart/
-else
+elif [ "$1" = "u" ]
+then
 	helm uninstall miweb 
 	kubectl delete -f ./preparaMiweb/pv-local-miweb.yaml
 	#kubectl delete -f ./preparaMiweb/pv-local-miweb-certbot.yaml
 	#kubectl delete -f ./preparaMiweb/pv-local-miweb-conf.yaml
+else
+	echo "Falta comando: i=instalar, u=desinstalar"
 fi

HelmCharts/helmNextCloud.sh

@@ -6,9 +6,12 @@ then
 	kubectl apply -f ./preparaNextCloud/pv-local-mysql.yaml
 	kubectl apply -f ./preparaNextCloud/pv-local-nextcloud.yaml
 	helm install nextcloud nextcloud-chart/
-else
+elif [ "$1" = "u" ]
+then
 	helm uninstall nextcloud 
 	kubectl delete -f ./preparaNextCloud/nc-namespace.yaml
 	kubectl delete -f ./preparaNextCloud/pv-local-mysql.yaml
 	kubectl delete -f ./preparaNextCloud/pv-local-nextcloud.yaml
+else
+	echo "Falta comando: i=instalar, u=desinstalar"
 fi

HelmCharts/helmVaultwarden.sh

@@ -4,9 +4,16 @@ if [ "$1" = "i" ]
 then
 	kubectl apply -f ./preparaVaultwarden/vw-namespace.yaml
 	kubectl apply -f ./preparaVaultwarden/pv-local-vaultwarden.yaml
+	kubectl create -f ./preparaVaultwarden/issuer-production.yaml 
 	helm install vaultwarden vaultwarden-chart/
-else
+	kubectl apply -f ./preparaVaultwarden/vaultwarden-ingress.yaml
+elif [ "$1" = "u" ]
+then
+	kubectl delete -f ./preparaVaultwarden/vaultwarden-ingress.yaml
 	helm uninstall vaultwarden 
+	kubectl delete -f ./preparaVaultwarden/issuer-production.yaml 
 	kubectl delete -f ./preparaVaultwarden/vw-namespace.yaml
 	kubectl delete -f ./preparaVaultwarden/pv-local-vaultwarden.yaml
+else
+	echo "Falta comando: i=instalar, u=desinstalar"
 fi

HelmCharts/helmWordpress.sh

@@ -6,9 +6,12 @@ then
 	kubectl apply -f ./preparaWordpress/pv-local-mysql.yaml
 	kubectl apply -f ./preparaWordpress/pv-local-wordpress.yaml
 	helm install wordpress wordpress-chart/
-else
+elif [ "$1" = "u" ]
+then
 	helm uninstall wordpress 
 	kubectl delete -f ./preparaWordpress/wp-namespace.yaml
 	kubectl delete -f ./preparaWordpress/pv-local-mysql.yaml
 	kubectl delete -f ./preparaWordpress/pv-local-wordpress.yaml
+else
+	echo "Falta comando: i=instalar, u=desinstalar"
 fi

HelmCharts/preparaAirsonic/pv-local-airsonic.yaml → HelmCharts/preparaAirsonic/pv-local-airsonic-data.yaml

@@ -8,4 +8,4 @@ spec:
   accessModes:
     - ReadWriteMany
   hostPath:
-    path: "/mnt/Externo/airsonic"
+    path: "/mnt/Externo/airsonic/data"

HelmCharts/preparaAirsonic/pv-local-airsonic-music.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: airsonic-music-folder
+spec:
+  capacity:
+    storage: 20Gi
+  accessModes:
+    - ReadWriteMany
+  hostPath:
+    path: "/mnt/Externo/airsonic/music"

HelmCharts/preparaAirsonic/pv-local-airsonic-playlists.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: airsonic-playlists-folder
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  hostPath:
+    path: "/mnt/Externo/airsonic/playlists"

HelmCharts/preparaAirsonic/pv-local-airsonic-podcasts.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: airsonic-podcasts-folder
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  hostPath:
+    path: "/mnt/Externo/airsonic/podcasts"

HelmCharts/preparaAirsonicadvanced/asa-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+   name: airsonic-advanced

HelmCharts/preparaAirsonicadvanced/pv-local-airsonic-advanced.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: airsonic-advanced-data-folder
+spec:
+  capacity:
+    storage: 2Gi
+  accessModes:
+    - ReadWriteMany
+  hostPath:
+    path: "/mnt/Externo/airsonic-advanced"

HelmCharts/preparaCitas/citas-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+   name: wpcitas

HelmCharts/preparaCitas/pv-local-citas.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: citas-folder
+spec:
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/mnt/cluster/wpcitas/wpcitas-citas"
+

HelmCharts/preparaCitas/pv-local-mysql.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: citas-data
+spec:
+  capacity:
+    storage: 20Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/mnt/cluster/wpcitas/wpcitas-db"

HelmCharts/preparaVaultwarden/issuer-production.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: king.bernard.b@gmail.com
+    privateKeySecretRef:
+      name: letsencrypt-production
+    solvers:
+      - http01:
+          ingress:
+            class: nginx

HelmCharts/preparaVaultwarden/vaultwarden-ingress.yaml

@@ -3,12 +3,14 @@ kind: Ingress
 metadata:
   name: vaultwarden-ingress
   namespace: vaultwarden
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production
 spec:
-  ingressClassName: nginx
   tls:
   - hosts:
     - reymota.ddns.net
-    secretName: ingress-cert
+    secretName: letsencrypt-production
   rules:
   - host: "reymota.ddns.net"
     http:

HelmCharts/wpcitas/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

HelmCharts/wpcitas/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: wpcitas
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

HelmCharts/wpcitas/templates/NOTES.txt

@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "wpcitas.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "wpcitas.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "wpcitas.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "wpcitas.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}

HelmCharts/wpcitas/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "wpcitas.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "wpcitas.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "wpcitas.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "wpcitas.labels" -}}
+helm.sh/chart: {{ include "wpcitas.chart" . }}
+{{ include "wpcitas.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "wpcitas.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "wpcitas.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "wpcitas.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "wpcitas.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

HelmCharts/wpcitas/templates/mysql-deployment.yaml

@@ -0,0 +1,70 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wpcitas-mysql
+  namespace: wpcitas
+  labels:
+    app: wpcitas
+spec:
+  ports:
+    - port: 3306
+  selector:
+    app: wpcitas
+    tier: mysql
+  clusterIP: None
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mysql-citas-pv-claim
+  namespace: wpcitas
+  labels:
+    app: wpcitas
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wpcitas-mysql
+  namespace: wpcitas
+  labels:
+    app: wpcitas
+spec:
+  selector:
+    matchLabels:
+      app: wpcitas
+      tier: mysql
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: wpcitas
+        tier: mysql
+    spec:
+      containers:
+      - image: docker-registry:32000/mariadb:1.0
+        name: mysql
+        env:
+        - name: MYSQL_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mysqlcitas-pass
+              key: password
+        ports:
+        - containerPort: 3306
+          name: mysql
+        volumeMounts:
+        - name: mysql-persistent-storage
+          mountPath: /var/lib/mysql
+      imagePullSecrets:
+      - name: reg-cred-secret    
+      volumes:
+      - name: mysql-persistent-storage
+        persistentVolumeClaim:
+          claimName: mysql-citas-pv-claim

HelmCharts/wpcitas/templates/php-deployment.yaml

@@ -0,0 +1,56 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: phpmyadmin-wpcitas
+  namespace: wpcitas
+  labels:
+    app: wpcitas
+spec:
+  selector:
+    app: wpcitas
+    tier: phpmyadmin
+  type: NodePort
+  ports:
+    - name: phpadmin
+      port: 80
+      nodePort: 30680
+      targetPort: phpmyadm
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phpmyadmin-wpcitas
+  namespace: wpcitas
+  labels:
+    app: wpcitas
+spec:
+  selector:
+    matchLabels:
+      app: wpcitas
+      tier: phpmyadmin
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: wpcitas
+        tier: phpmyadmin
+    spec:
+      containers:
+        - name: phpmyadmin
+          image: docker-registry:32000/phpmyadmin:1.0
+          ports:
+            - containerPort: 80
+              name: phpmyadm
+          env:
+            - name: PMA_HOST
+              value: wpcitas-mysql
+            - name: PMA_PORT
+              value: "3306"
+            - name: MYSQL_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mysqlcitas-pass
+                  key: password
+      imagePullSecrets:
+      - name: reg-cred-secret

HelmCharts/wpcitas/templates/registry-secrets.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+data:
+  .dockerconfigjson: eyJhdXRocyI6eyJkb2NrZXItcmVnaXN0cnk6MzIwMDAiOnsidXNlcm5hbWUiOiJjcmV5bG9wZXoiLCJwYXNzd29yZCI6IlJleS0xMTc2IiwiYXV0aCI6IlkzSmxlV3h2Y0dWNk9sSmxlUzB4TVRjMiJ9fX0=
+kind: Secret
+metadata:
+  creationTimestamp: "2023-01-29T10:54:14Z"
+  name: reg-cred-secret
+  namespace: wpcitas
+  resourceVersion: "19890385"
+  uid: 66b3b7c5-26c1-4e5a-af4e-dc973aaafe4b
+type: kubernetes.io/dockerconfigjson

HelmCharts/wpcitas/templates/wpcitas-deployment.yaml

@@ -0,0 +1,80 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wpcitas
+  namespace: wpcitas
+  labels:
+    app: wpcitas
+spec:
+  type: NodePort
+  ports:
+    - port: 80
+      nodePort: 30440
+      targetPort: wpcitas
+  selector:
+    app: wpcitas
+    tier: frontend
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: citas-pv-claim
+  namespace: wpcitas
+  labels:
+    app: wpcitas
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wpcitas
+  namespace: wpcitas
+  labels:
+    app: wpcitas
+spec:
+  selector:
+    matchLabels:
+      app: wpcitas
+      tier: frontend
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: wpcitas
+        tier: frontend
+    spec:
+      containers:
+      - image: docker-registry:32000/wordpress:1.0
+        name: wpcitas
+        env:
+        - name: WORDPRESS_DB_HOST
+          value: wpcitas-mysql
+        - name: WORDPRESS_DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mysqlcitas-pass
+              key: password
+        - name: WORDPRESS_DB_USER
+          valueFrom:
+            secretKeyRef:
+              name: mysqlcitas-pass
+              key: db_user
+        ports:
+        - containerPort: 80
+          name: wpcitas
+        volumeMounts:
+        - name: wpcitas-persistent-storage
+          mountPath: /var/www/html
+      imagePullSecrets:
+      - name: reg-cred-secret
+      volumes:
+      - name: wpcitas-persistent-storage
+        persistentVolumeClaim:
+          claimName: citas-pv-claim

HelmCharts/wpcitas/templates/wpcitas-secrets.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mysqlcitas-pass
+  namespace: wpcitas
+data:
+  password: RHNhLTAyMTM=
+  db_user: cm9vdA==
+  db_passwd: RHNhLTAyMTM=

HelmCharts/wpcitas/values.yaml

@@ -0,0 +1,82 @@
+# Default values for wordpress-chart.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: docker-registry:32000
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+imagePullSecrets: [reg-cred-secret]
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: NodePort
+  port: 80
+
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

LetsEncrypt/instalaCertManager.sh

@@ -0,0 +1,4 @@
+helm repo add jetstack https://charts.jetstack.io
+helm repo update
+
+helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.5.3 --set installCRDs=true

LetsEncrypt/issuer-production.yaml

@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+  namespace: vaultwarden
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: king.bernard.b@gmail.com
+    privateKeySecretRef:
+      name: letsencrypt-production
+    solvers:
+      - http01:
+          ingress:
+            class: nginx

LetsEncrypt/issuer.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: king.bernard.b@gmail.com
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    solvers:
+      - http01:
+          ingress:
+            class: nginx

PeterDeTender/certs/ingress-tls.crt

@@ -1,21 +1,23 @@
 -----BEGIN CERTIFICATE-----
-MIIDZTCCAk2gAwIBAgIUeyhdjrJrbEReY7++sCIAKsXk4AMwDQYJKoZIhvcNAQEL
-BQAwQTELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk
-cmlkMRAwDgYDVQQKDAdyZXltb3RhMCAXDTIzMDIxMDExNTE0MFoYDzIwNTAwNjI3
-MTE1MTQwWjBBMQswCQYDVQQGEwJFUzEPMA0GA1UECAwGTWFkcmlkMQ8wDQYDVQQH
-DAZNYWRyaWQxEDAOBgNVBAoMB3JleW1vdGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQC579/wUkYvBm2/PtzMWWxWomDKM+Pep4UNKnAidM2Ymv725jIp
-4i/QY8jDbQ8rGHs8hPMhRPNOjQ6BWioQNgSVS9XozXIE9KY/hVtZpw1I6BxLrdUe
-bop3E/IztRNiVxxuMqTCjrG8H8AZJS8rSlif8dxMQFSRTQo+6mslZTH9S6By/8az
-9ILKb74cvyZPSdaEVLhV9NMqLeX+K1uD7qMd4EBmRSfFiKX1vzU034Qs8cz8Ojq/
-j6ikxEISKLE3M4t61GTFYnXI1LBrm8Wr6xyc0Xw5SMnMoW9Bi7CDB3HNOo1Mma1y
-oLXvwdxb81ljuPDgB4sC5oj1vm0cs+vLuf5NAgMBAAGjUzBRMB0GA1UdDgQWBBQc
-UNq9PGRmWfRDbvYGffFjoYZFizAfBgNVHSMEGDAWgBQcUNq9PGRmWfRDbvYGffFj
-oYZFizAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC17xD3thy8
-dVeQiTe3fLWHFL+IA59zPG+xDU0F2AjCl5BL3m76YfyIELO0QVmTjzOeCLeXDekA
-0wYiLBCE3OTRZDy+/jFRcSmnEvWtkeDOJfdSe1AIGel8g60RxcpfMcdKzDkV4zLE
-7riQSZfPNTpBgoBhwwts32mqTSumR8ufy/G0JX2EbMjHnYaGSs9VfaIf2wN2Ss9x
-F/LD/bz1szLJksnB2jP8bgbIVjrwPVyh+lXP134lm0Z+q7m/QFJhWL0fMtxZudPv
-2ja8gjHOAwlI+xQmDrnhtHfy6ofyynoYHNkviO3S6X/gD14Ug5Ra8YXzThfpkKHq
-/NK+A73Mit8X
+MIIDvTCCAqWgAwIBAgIUBjUZRQcc2tYtLdizbgWhEzaPpxAwDQYJKoZIhvcNAQEL
+BQAwbTELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk
+cmlkMRMwEQYDVQQKDApSZXlBbmRNb3RhMScwJQYJKoZIhvcNAQkBFhhraW5nLmJl
+cm5hcmQuYkBnbWFpbC5jb20wIBcNMjMwMjIwMDg1MzU4WhgPMjA1MDA3MDcwODUz
+NThaMG0xCzAJBgNVBAYTAkVTMQ8wDQYDVQQIDAZNYWRyaWQxDzANBgNVBAcMBk1h
+ZHJpZDETMBEGA1UECgwKUmV5QW5kTW90YTEnMCUGCSqGSIb3DQEJARYYa2luZy5i
+ZXJuYXJkLmJAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAnFDPyOTJZblBTkfGqxbxbu3mw8CQEEEuURnrKwDW1IgL3RwVfoSkQdUiwvf5
+JN5SxwXbB49NRBpJ60OMk9Sl89QlZrkpz1nNnQ6bs3h34uw6b4wNqObhPS6vaxGs
+O2KoY/smMgkcio1pbtNHneE1/F2dRZCIoWO6v9aBKCx2/gItuXiuaSG1GU4qmqV3
+TRCVcaFEM65tF8Px4DpgXZV3yxVUurDcgxyip9vfiT2mo4dR4r2EHeMNwTSRyjmX
+iy5D+4iAuXO1Lsp3h/jMi01qSX4L3HLn5dZdyZaukh+8f6BYEJL14lwG+0okU1ne
+Y01aTTNaB+xJWO1kcNaRjKBurQIDAQABo1MwUTAdBgNVHQ4EFgQUif79aUzPUtJD
+5X6Iwd1m6VCD2TgwHwYDVR0jBBgwFoAUif79aUzPUtJD5X6Iwd1m6VCD2TgwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQyGbG+NwAvQYF2LFGlFJ
+uMUNMeWPjvydZuoj/hEGu4iu7i1t3J4a2wZRrJQaSkdYga+SGmoj+E1TVZo2h4KR
+vxHXtloBk7tfkxuC9dWOVa7ayDsceJx0d538K2+HhUFUX4DOc5cZFTRxkaN6q+gR
+UAFNXe7VhTz0Znq7ceqkQQmVM1j7ZufqoRRdXSqrvNVKUYRdmU/r1bZ1cdOBNPI0
+mD/MRqDYifXP1YZdoEcQ3kO53aY6hUGioyLPWF6Jab3ktpA0ZjZEBxzY1EHRgan3
+Os0MIIYyXsRuSLqJQJzSa9x1LqxvvLsEoqYmVAy+h02+YHEaIc9tEWjc4Y2Jbpgz
+6A==
 -----END CERTIFICATE-----

PeterDeTender/certs/ingress-tls.key

@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC579/wUkYvBm2/
-PtzMWWxWomDKM+Pep4UNKnAidM2Ymv725jIp4i/QY8jDbQ8rGHs8hPMhRPNOjQ6B
-WioQNgSVS9XozXIE9KY/hVtZpw1I6BxLrdUebop3E/IztRNiVxxuMqTCjrG8H8AZ
-JS8rSlif8dxMQFSRTQo+6mslZTH9S6By/8az9ILKb74cvyZPSdaEVLhV9NMqLeX+
-K1uD7qMd4EBmRSfFiKX1vzU034Qs8cz8Ojq/j6ikxEISKLE3M4t61GTFYnXI1LBr
-m8Wr6xyc0Xw5SMnMoW9Bi7CDB3HNOo1Mma1yoLXvwdxb81ljuPDgB4sC5oj1vm0c
-s+vLuf5NAgMBAAECggEAYqzmj0dab8Jdo8zcqKYcVK2/6A85swP8HEyVTfPm2EIJ
-ZUYtAQVEkrch6HSMRDat0CROUy2gYeOB+yu6fvfr3r9sOiwtgmvDfpprLFz3M+Xa
-fl82ZvwLB77SHpbOPrY0JFdEEOxhbpD7BV0ydyrxdZCJdP3+402bTmBhlGrr6Ju9
-OXe8AANv2Qj9s3l1Wp/QRr2oWsBdeVdWPtAqj2FebqB1RmxXkFO88saK6asYjseF
-iHvhkYw1Tn7vjl7eslO2ZYrCbNqaRl/lpyhQyL8BgDQDan9FQ4HdXZwJf+ZT0Bqx
-Y2uipjSe+5JzmmzvinLlET8H4iGF0TAPGZXuN3wUAQKBgQDxjQ4K0tLYfTR7kW//
-NUYbPxZrErN4Sc/TQFWCS3T2vYZpoSeQuLHysmBBZfrBS4Mfd052OETPE5l0FfCv
-/eucwgjRGe1DCLaGtcbpYcR3llGTMfLRmEN9f4U2AsemzqBR1GfiqdHz9As512wO
-n9343OjxFeblyetamCZB+Y/zDQKBgQDFDy+NPqxtaWbI6jyvtn3HDtlwgITsVnvQ
-GRakBZmEN5xwHP0ZxMTv7NCHKjVjF16wOlVcnc12xL+IFG6Np36wj2QWdHPDEagh
-AJmnFGukADAYYff2W9NxGW3MO6ZuO9LlxvHjJiUS1IPpd4ped2fLYHNbaVKbHQ9l
-tZi0pTBoQQKBgEkKNwnM0BbIXVtUEgKgsE9C11uPLxebci1V0cVxXa/ShVdhdJ5N
-SvmxOGvuE1HprH+SSvZyc1QOgCNbEwmUhW9EOPhJl7XiZ5b6VmhxuL/Ug1w4CU2Z
-dib3rWc0lfx5lH7J9JPUd/kFfXODEVimvK8o1YM49TXcxb8CLOdcOEvtAoGBAMFa
-2iy8T1H39vuzIqLC7H1SK7bA1CxV25zf0SBVwkFCk8RKHWqYcSh99Ep79vBo8Ob4
-BeQfjog4Gzr52VQzAhNaTzndP+0quQ7Q2PNhDRFZgdea4UQg68Jw0hRwfyhwmMoP
-QC7CsePdFCYTvnhcr0KWO/p4yK4cgIwq+FBgObRBAoGAaU55AetKon5vVeiE9qRS
-u9aM7zdiBjJwlLDyybjLgyRKJ6muTz0NfK7y1LAjN81CDaWGi2xdbsdOXF7xMfsl
-vHKQ+L/tnphwQUsezQEWbEwLXp0IH8yUAkCjCgtRl7aavHsXvyOz9426vJvdaBkt
-YvtVeQaqukbh5F4BETam+1k=
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCcUM/I5MlluUFO
+R8arFvFu7ebDwJAQQS5RGesrANbUiAvdHBV+hKRB1SLC9/kk3lLHBdsHj01EGknr
+Q4yT1KXz1CVmuSnPWc2dDpuzeHfi7DpvjA2o5uE9Lq9rEaw7Yqhj+yYyCRyKjWlu
+00ed4TX8XZ1FkIihY7q/1oEoLHb+Ai25eK5pIbUZTiqapXdNEJVxoUQzrm0Xw/Hg
+OmBdlXfLFVS6sNyDHKKn29+JPaajh1HivYQd4w3BNJHKOZeLLkP7iIC5c7UuyneH
++MyLTWpJfgvccufl1l3Jlq6SH7x/oFgQkvXiXAb7SiRTWd5jTVpNM1oH7ElY7WRw
+1pGMoG6tAgMBAAECggEAEJMNBSslI7EZ+Jfpu9hp7y4wis8PN3oB1D2gTuX+4Xgv
+cdl5efnMhOJ5lhy/ASbFti6rw8hxE+iJr/VwoXgpxInZEWROx5qpD58t6UC7zYbo
+x00dYaxhc6BQn1S3Y3CZlEhcC3Al45cM9+BVNqtbkw/GDks+AYbWlWLEPSNB1rrv
++OUA/1j2F+yxAqP+QS8QF+u5Vg8izf/4l4wcd7K5NAkZKxf4/a420FtKcZhTVCKC
+ndM8m1ejVe+J5fsqchS9otacocbPyrtlEE/aVbJFnVy2oBa+p6THNTgkNIqEyzfO
+OGIO6py3wH/3KMUrK1CvlhAnKglGWiMrKszNXyHwwQKBgQDM/d/asrCOSTLxS8iY
+8YPwqvk8BYBWj4wzWnXoxyfltB+8Ja18w2mv1AU8LlQaBJpsmr9OxWeB2aFIcEPZ
+AD9nkU0S8kW3/WOJPZuW5JF7J/YDxc7Ne74KC5vQnCpO3QG1hZau1cTwyFe7LdTW
+WUELMOqGRQfMMuM8mn/tIKgjEQKBgQDDNjzXh/OfPxzY4s+4etCQ64DAUFmZ0wLI
+mPjQ5PanwqihTllkVGnzW+vBMxjRT2TkYnx6uwUnt0hvIULVmGjZHWl2FuvqDZY9
+nhE41g0LQNVJAexkcryHGNBpcrVjZ0kTol5VihSDT4IZQC37KhE2XQWMndoyPO9T
+MusG3DWZ3QKBgHlUkpiZRxMQlExptJOB77wVFmvGPc3+LNeAZWWf6yd0U4xDKMo9
+x2JAtdCHA1RbASPi+/SdtsQOkf2UJTRdhym/wMTEDSv3mGB0zJClPM6OOnjFLcBF
+y5eag2EX7Zq8CPTt2uAkuuphSjwJxn4QWgVLsKREW3crb4BBWhJ6T8phAoGAaSoM
++OfKvR2ZAtadpPq05X2ZrQEcZBwjQcH3OUJABvx9L/kvezdmpK3+geRvGEO3TLop
+6UxbaJv6r7Oxd7RVt7F6oR2UFlEfgS5ohL/74vYYcO5SVYLiQb2CeWxMf7Ki0asF
+OvvaNSteIRBMNSTihPD0Dl7zr2DYZW/m4Zk8XxkCgYAQ2B9cXW6p6J4LQVuvppKi
+iiZ++M5mWwzgJ0BPM4I0w9ymeNd1rsS7+KtHUXBAbcSxqP9Yd5RjlTEW+m8qlT3y
+oWd5EBY1ZZzbORUaVsROBiuqyQl9niHGlkjHrHgz0cTOnjvSqF7ldPWbdhA0E8do
+N8p77zxxoCZqauv52p3Nhw==
 -----END PRIVATE KEY-----

PeterDeTender/creaCert.sh

@@ -0,0 +1 @@
+openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout certs/ingress-tls.key -out certs/ingress-tls.crt

PeterDeTender/creaSecret.sh

@@ -0,0 +1 @@
+kubectl create secret tls ingress-cert --key=certs/ingress-tls.key --cert=certs/ingress-tls.crt -o yaml

PeterDeTender/ingress-controler-1.yaml

@@ -0,0 +1,656 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+  name: ingress-nginx
+---
+apiVersion: v1
+automountServiceAccountToken: true
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx
+  namespace: ingress-nginx
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: admission-webhook
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx-admission
+  namespace: ingress-nginx
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx
+  namespace: ingress-nginx
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - pods
+  - secrets
+  - endpoints
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses/status
+  verbs:
+  - update
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingressclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resourceNames:
+  - ingress-nginx-leader
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - ingress-nginx-leader
+  resources:
+  - leases
+  verbs:
+  - get
+  - update
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - list
+  - watch
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/component: admission-webhook
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx-admission
+  namespace: ingress-nginx
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - endpoints
+  - nodes
+  - pods
+  - secrets
+  - namespaces
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses/status
+  verbs:
+  - update
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingressclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - list
+  - watch
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/component: admission-webhook
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx-admission
+rules:
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - get
+  - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx
+  namespace: ingress-nginx
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ingress-nginx
+subjects:
+- kind: ServiceAccount
+  name: ingress-nginx
+  namespace: ingress-nginx
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: admission-webhook
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx-admission
+  namespace: ingress-nginx
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ingress-nginx-admission
+subjects:
+- kind: ServiceAccount
+  name: ingress-nginx-admission
+  namespace: ingress-nginx
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ingress-nginx
+subjects:
+- kind: ServiceAccount
+  name: ingress-nginx
+  namespace: ingress-nginx
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: admission-webhook
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx-admission
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ingress-nginx-admission
+subjects:
+- kind: ServiceAccount
+  name: ingress-nginx-admission
+  namespace: ingress-nginx
+---
+apiVersion: v1
+data:
+  allow-snippet-annotations: "true"
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx-controller
+  namespace: ingress-nginx
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx-controller
+  namespace: ingress-nginx
+spec:
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+  - appProtocol: http
+    name: http
+    port: 80
+    protocol: TCP
+    targetPort: http
+  - appProtocol: https
+    name: https
+    port: 443
+    protocol: TCP
+    targetPort: https
+  selector:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx-controller-admission
+  namespace: ingress-nginx
+spec:
+  ports:
+  - appProtocol: https
+    name: https-webhook
+    port: 443
+    targetPort: webhook
+  selector:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx-controller
+  namespace: ingress-nginx
+spec:
+  minReadySeconds: 0
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: controller
+      app.kubernetes.io/instance: ingress-nginx
+      app.kubernetes.io/name: ingress-nginx
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: controller
+        app.kubernetes.io/instance: ingress-nginx
+        app.kubernetes.io/name: ingress-nginx
+    spec:
+      containers:
+      - args:
+        - /nginx-ingress-controller
+        - --election-id=ingress-nginx-leader
+        - --controller-class=k8s.io/ingress-nginx
+        - --ingress-class=nginx
+        - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
+        - --validating-webhook=:8443
+        - --validating-webhook-certificate=/usr/local/certificates/cert
+        - --validating-webhook-key=/usr/local/certificates/key
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: LD_PRELOAD
+          value: /usr/local/lib/libmimalloc.so
+        image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629
+        imagePullPolicy: IfNotPresent
+        lifecycle:
+          preStop:
+            exec:
+              command:
+              - /wait-shutdown
+        livenessProbe:
+          failureThreshold: 5
+          httpGet:
+            path: /healthz
+            port: 10254
+            scheme: HTTP
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        name: controller
+        ports:
+        - containerPort: 80
+          name: http
+          protocol: TCP
+        - containerPort: 443
+          name: https
+          protocol: TCP
+        - containerPort: 8443
+          name: webhook
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /healthz
+            port: 10254
+            scheme: HTTP
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        resources:
+          requests:
+            cpu: 100m
+            memory: 90Mi
+        securityContext:
+          allowPrivilegeEscalation: true
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - ALL
+          runAsUser: 101
+        volumeMounts:
+        - mountPath: /usr/local/certificates/
+          name: webhook-cert
+          readOnly: true
+      dnsPolicy: ClusterFirst
+      nodeSelector:
+        kubernetes.io/os: linux
+      serviceAccountName: ingress-nginx
+      terminationGracePeriodSeconds: 300
+      volumes:
+      - name: webhook-cert
+        secret:
+          secretName: ingress-nginx-admission
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  labels:
+    app.kubernetes.io/component: admission-webhook
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx-admission-create
+  namespace: ingress-nginx
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: admission-webhook
+        app.kubernetes.io/instance: ingress-nginx
+        app.kubernetes.io/name: ingress-nginx
+        app.kubernetes.io/part-of: ingress-nginx
+        app.kubernetes.io/version: 1.5.1
+      name: ingress-nginx-admission-create
+    spec:
+      containers:
+      - args:
+        - create
+        - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
+        - --namespace=$(POD_NAMESPACE)
+        - --secret-name=ingress-nginx-admission
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f
+        imagePullPolicy: IfNotPresent
+        name: create
+        securityContext:
+          allowPrivilegeEscalation: false
+      nodeSelector:
+        kubernetes.io/os: linux
+      restartPolicy: OnFailure
+      securityContext:
+        fsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 2000
+      serviceAccountName: ingress-nginx-admission
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  labels:
+    app.kubernetes.io/component: admission-webhook
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx-admission-patch
+  namespace: ingress-nginx
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: admission-webhook
+        app.kubernetes.io/instance: ingress-nginx
+        app.kubernetes.io/name: ingress-nginx
+        app.kubernetes.io/part-of: ingress-nginx
+        app.kubernetes.io/version: 1.5.1
+      name: ingress-nginx-admission-patch
+    spec:
+      containers:
+      - args:
+        - patch
+        - --webhook-name=ingress-nginx-admission
+        - --namespace=$(POD_NAMESPACE)
+        - --patch-mutating=false
+        - --secret-name=ingress-nginx-admission
+        - --patch-failure-policy=Fail
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f
+        imagePullPolicy: IfNotPresent
+        name: patch
+        securityContext:
+          allowPrivilegeEscalation: false
+      nodeSelector:
+        kubernetes.io/os: linux
+      restartPolicy: OnFailure
+      securityContext:
+        fsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 2000
+      serviceAccountName: ingress-nginx-admission
+---
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: nginx
+spec:
+  controller: k8s.io/ingress-nginx
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/component: admission-webhook
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    app.kubernetes.io/version: 1.5.1
+  name: ingress-nginx-admission
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: ingress-nginx-controller-admission
+      namespace: ingress-nginx
+      path: /networking/v1/ingresses
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validate.nginx.ingress.kubernetes.io
+  rules:
+  - apiGroups:
+    - networking.k8s.io
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - ingresses
+  sideEffects: None

PeterDeTender/ingress-controler-2.yaml

@@ -0,0 +1,368 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ingress-nginx-internal
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+
+---
+# Source: ingress-nginx/templates/controller-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    helm.sh/chart: ingress-nginx-3.30.0
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 0.46.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: controller
+  name: ingress-nginx
+  namespace: ingress-nginx-internal
+automountServiceAccountToken: true
+---
+# Source: ingress-nginx/templates/controller-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    helm.sh/chart: ingress-nginx-3.30.0
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 0.46.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: controller
+  name: ingress-nginx-controller
+  namespace: ingress-nginx-internal
+data:
+---
+# Source: ingress-nginx/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    helm.sh/chart: ingress-nginx-3.30.0
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 0.46.0
+    app.kubernetes.io/managed-by: Helm
+  name: ingress-nginx-internal
+rules:
+  - apiGroups:
+      - ''
+    resources:
+      - configmaps
+      - endpoints
+      - nodes
+      - pods
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ''
+    resources:
+      - nodes
+    verbs:
+      - get
+  - apiGroups:
+      - ''
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+      - networking.k8s.io   # k8s 1.14+
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ''
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - extensions
+      - networking.k8s.io   # k8s 1.14+
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+  - apiGroups:
+      - networking.k8s.io   # k8s 1.14+
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+# Source: ingress-nginx/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    helm.sh/chart: ingress-nginx-3.30.0
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 0.46.0
+    app.kubernetes.io/managed-by: Helm
+  name: ingress-nginx-internal
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ingress-nginx-internal
+subjects:
+  - kind: ServiceAccount
+    name: ingress-nginx
+    namespace: ingress-nginx-internal
+---
+# Source: ingress-nginx/templates/controller-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    helm.sh/chart: ingress-nginx-3.30.0
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 0.46.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: controller
+  name: ingress-nginx
+  namespace: ingress-nginx-internal
+rules:
+  - apiGroups:
+      - ''
+    resources:
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ''
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - endpoints
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ''
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+      - networking.k8s.io   # k8s 1.14+
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+      - networking.k8s.io   # k8s 1.14+
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+  - apiGroups:
+      - networking.k8s.io   # k8s 1.14+
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ''
+    resources:
+      - configmaps
+    resourceNames:
+      - ingress-controller-leader-nginx-internal
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ''
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ''
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+---
+# Source: ingress-nginx/templates/controller-rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    helm.sh/chart: ingress-nginx-3.30.0
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 0.46.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: controller
+  name: ingress-nginx
+  namespace: ingress-nginx-internal
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ingress-nginx
+subjects:
+  - kind: ServiceAccount
+    name: ingress-nginx
+    namespace: ingress-nginx-internal
+---
+# Source: ingress-nginx/templates/controller-service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
+    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
+  labels:
+    helm.sh/chart: ingress-nginx-3.30.0
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 0.46.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: controller
+  name: ingress-nginx-controller
+  namespace: ingress-nginx-internal
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: http
+    - name: https
+      port: 443
+      protocol: TCP
+      targetPort: https
+  selector:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/component: controller
+---
+# Source: ingress-nginx/templates/controller-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    helm.sh/chart: ingress-nginx-3.30.0
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx
+    app.kubernetes.io/version: 0.46.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: controller
+  name: ingress-nginx-controller
+  namespace: ingress-nginx-internal
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: ingress-nginx
+      app.kubernetes.io/instance: ingress-nginx
+      app.kubernetes.io/component: controller
+  revisionHistoryLimit: 10
+  minReadySeconds: 0
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: ingress-nginx
+        app.kubernetes.io/instance: ingress-nginx
+        app.kubernetes.io/component: controller
+    spec:
+      dnsPolicy: ClusterFirst
+      containers:
+        - name: controller
+          image: k8s.gcr.io/ingress-nginx/controller:v0.46.0@sha256:52f0058bed0a17ab0fb35628ba97e8d52b5d32299fbc03cc0f6c7b9ff036b61a
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - /wait-shutdown
+          args:
+            - /nginx-ingress-controller
+            - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
+            - --election-id=ingress-controller-leader
+            - --ingress-class=nginx-internal
+            - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
+              add:
+                - NET_BIND_SERVICE
+            runAsUser: 101
+            allowPrivilegeEscalation: true
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: LD_PRELOAD
+              value: /usr/local/lib/libmimalloc.so
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 1
+            successThreshold: 1
+            failureThreshold: 5
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 1
+            successThreshold: 1
+            failureThreshold: 3
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+            - name: https
+              containerPort: 443
+              protocol: TCP
+          resources:
+            requests:
+              cpu: 100m
+              memory: 90Mi
+      nodeSelector:
+        kubernetes.io/os: linux
+      serviceAccountName: ingress-nginx
+      terminationGracePeriodSeconds: 300

PeterDeTender/sample-app.yaml

@@ -31,6 +31,7 @@ spec:
   selector:
     app: sample
   ports:
-  - port: 80
+  - name: http 
+    port: 80
     targetPort: 8080
     protocol: TCP

PeterDeTender/sample-ingress.yaml.copia

@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: sample-app-ingress
+  namespace: default
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    #    kubernetes.io/ingress.class: nginx-internal
+spec:
+  ingressClassName: nginx-internal
+  tls:
+  - hosts:
+    - reymota.ddns.net
+    secretName: ingress-cert
+  rules:
+  - host: "reymota.ddns.net"
+    http:
+      paths:
+        - pathType: Prefix
+          path: "/"
+          backend:
+            service:
+              name: sample-app-service
+              port:
+                number: 80