Updating the Cert

We at times need to update the NAS cert for the registry. We can see its usage in our Github Runner image build here:

- name: Push To Registry on NAS run: | export BUILDIMGTAG="`cat ghRunnerImage/Dockerfile | tail -n1 | sed 's/^.*\///g'`" export FILEOUT="`cat ghRunnerImage/Dockerfile | tail -n1 | sed 's/^.*\///g' | sed 's/:/-/g'`".tgz export FINALBUILDTAG="`cat ghRunnerImage/Dockerfile | tail -n1 | sed 's/^#//g'`" docker pull $FINALBUILDTAG docker tag $FINALBUILDTAG registry.freshbrewed.science:8443/freshbrewedprivate/$BUILDIMGTAG docker push registry.freshbrewed.science:8443/freshbrewedprivate/$BUILDIMGTAG

the endpoint "registry.freshbrewed.science:8443" is one of the few NOT serviced by Kubernetes. We can verify that by going to the Firewall and checking the rules on 8443

We can double check this by going to the NAS at that IP and seeing the certificate listed in the control panel under Security

I'll briefly change rules for 80 and 443 from the Int Primary (now 33) to the NAS

Then in the NAS, use Action/Renew certificate

It will remind you it needs port 80 accessible (for cert manager)

Note to self; consider what happens when you redirect the 443 while using CodeX hosted in K8s - yeah, gonna lose my connection. better save first next time :)

When done, I'll see a new date on all the certs

I can then change my my WAN forwarding rules back to K8s

Lastly, let's move our calendar step forward to remember to do this again in the future