coulomb/net-kingdom
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df09dd42f4e7f05ab1121b5603f2fdf875e91194
net-kingdom/sso-mfa/k8s/cert-manager/test-certificate.yaml
tegwick ee794a61ab feat(sso-mfa): T02 K8s foundations manifests (NK-WP-0001-T02) 
namespaces/namespaces.yaml:
  - sso, mfa, databases with net-kingdom/component labels for NetworkPolicy selectors

network-policies/{netpol-sso,netpol-mfa,netpol-databases}.yaml:
  - Default-deny-all posture on all three namespaces
  - sso: ingress from Traefik; egress to databases:5432 and mfa:8080
  - mfa: ingress from Traefik + Keycloak; egress to databases:5432
  - databases: ingress from sso/mfa + CNPG operator; egress to kube-dns + K8s API
  - DNS (kube-system:53) allowed for all pods in all namespaces

cert-manager/issuers.yaml:
  - selfsigned-issuer (ClusterIssuer) for internal/test use
  - letsencrypt-prod (ClusterIssuer, HTTP-01/Traefik) — fill ACME_EMAIL before apply
cert-manager/test-certificate.yaml:
  - 24h self-signed cert to smoke-test cert-manager

storage/verify-pvc.yaml:
  - Test PVC + Pod to confirm default StorageClass provisioning

verify-t02.sh:
  - Full verification script: namespaces, NetworkPolicies, issuers, certs, StorageClass

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-02 09:49:39 +01:00

34 lines
804 B
YAML
Raw Blame History

# Test Certificate — verifies cert-manager + selfsigned-issuer are working.
#
# Apply:
# kubectl apply -f test-certificate.yaml
#
# Verify:
# kubectl get certificate -n cert-manager-test
# kubectl describe certificate selfsigned-test -n cert-manager-test
# # READY=True means cert-manager is operational.
#
# Clean up after verification:
# kubectl delete namespace cert-manager-test
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager-test
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: selfsigned-test
namespace: cert-manager-test
spec:
secretName: selfsigned-test-tls
duration: 24h
renewBefore: 1h
issuerRef:
name: selfsigned-issuer
kind: ClusterIssuer
commonName: test.net-kingdom.internal
dnsNames:
- test.net-kingdom.internal
Reference in New Issue View Git Blame Copy Permalink