• kubernetes cert-manager installation

    参考地址 

    https://cert-manager.io/docs/installation/kubernetes/

    安装后测试

    apiVersion: v1
kind: Namespace
metadata:
  name: cert-manager-test
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: test-selfsigned
  namespace: cert-manager-test
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: selfsigned-cert
  namespace: cert-manager-test
spec:
  dnsNames:
    - example.com
  secretName: selfsigned-cert-tls
  issuerRef:
    name: test-selfsigned

      

    查看 Issuer Certificate

    kubectl get Issuer/Certificate -A

    搭建一个ClusterIssuer 来测试

    首先创建一个 Secret

    kubectl create secret tls tls-secret -n cert-manager  --cert=/root/ssl/ca.pem --key=/root/ssl/ca-key.pem

      

    创建 clusterissuer

    apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: ca-cluster-issuer
spec:
  ca:
    secretName: tls-secret

      

    写个ingress

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-cert-manager-ws-1
spec:
  selector:
    matchLabels:
      app: test-cert-manager-ws-1
  replicas: 1
  template:
    metadata:
      labels:
        app: test-cert-manager-ws-1
    spec:
      containers:
        - name: test-cert-manager-ws-1
          image: "xxxxxx.com/tensorflow-1.9.0:cuda9cudnn7-py3-workspace"
          command: ["jupyter"]
          args: ["lab","--port", "8888", "--ip", "*", "--allow-root", "--LabApp.base_url='/ws-1/'", "--NotebookApp.token='abcd'"]
          #args: ["lab","--port", "8888", "--ip", "0.0.0.0", "--allow-root"]
          ports:
            - name: http
              containerPort: 8888


---

kind: Service
apiVersion: v1
metadata:
  name: test-cert-manager-ws-svc-1
spec:
  selector:
    app: test-cert-manager-ws-1
  ports:
  - protocol: TCP
    port: 8888
    targetPort: http

---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: test-cert-manager-ws-svc-1-ingress
  namespace: default
  annotations:
    cert-manager.io/cluster-issuer: ca-cluster-issuer
spec:
  tls:
  - secretName: cert-manager-ingress-test-certs
    hosts:
    - k8s.example.com
  rules:
  - http:
      paths:
      - path: /ws-1/
        backend:
          serviceName: test-cert-manager-ws-svc-1
          servicePort: 8888

      

    随后查看 kubectl get certificate -A

    NAMESPACE   NAME                              READY   SECRET                            AGE
default     cert-manager-ingress-test-certs   True    cert-manager-ingress-test-certs   13h

      

    如果没有certificate 

    1. 检查 annotations 里 

    cert-manager.io/cluster-issuer: yourclusterissuer 是否正确

    2. 在ingress里

     tls:
  - secretName: cert-manager-ingress-test-certs
    hosts:
    - k8s.example.com
     这个 hosts 必须要写
  • 相关阅读:
    权限和分组
    验证与授权
    CSRF、XSS、clickjacking、SQL 的攻击与防御
    上下文处理器及中间件
    类和实例
    偏函数
    生成器
    迭代 复习
    函数调用 复习
    复习 条件判断,循环
  • 原文地址:https://www.cnblogs.com/xuchenCN/p/13671272.html
Copyright © 2020-2023  润新知