本文介绍: metadata:spec:tls:- hosts:rules:http:paths:- path: /backend:service:port:http:paths:- path: /backend:service:port:最后访问。
个人建议使用安装更快,比helm快,还要等待安装crd
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml
#官网
https://cert-manager.io/docs/installation/kubectl/
#创建自签的ClusterIssuer
cat > signing-custom.yaml <<-EOF
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned-clusterissuer
spec:
selfSigned: {}
---
#生成证书
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: java-selfsigned-ca
namespace: cert-manager
spec:
isCA: true
commonName: java-selfsigned-ca
secretName: java-selfsigned-secret # 生成的证书名
duration: 360h
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: selfsigned-clusterissuer # 对应上面清单中创建的clusterissuer名称
kind: ClusterIssuer
group: cert-manager.io
---
#生成以这个证书作为CA的ClusterIssuer,其他证书由这个CA签发
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: my-ca-issuer
spec:
ca:
secretName: java-selfsigned-secret # 对应以上Certificate资源证书名
EOF
查看你的证书
kubectl get clusterissuers,certificate
kubectl -n cert-manager get secret
手动签发ssl自签证书
cat > server-tls.yaml <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: java-com
spec:
secretName: java-tls
duration: 12160h # 你想要的时间
renewBefore: 3600h #
subject:
organizations:
- jetstack
commonName: abc.exchangs.top
isCA: false
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
usages:
- server auth
- client auth
dnsNames:
- exchangs.top
- abc.exchangs.top
ipAddresses:
- 192.168.0.53
issuerRef:
name: my-ca-issuer # 指定上面创建好的用于签名的CA
kind: ClusterIssuer
group: cert-manager.io
EOF
最后ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: springboot-server
#annotations:
#cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- abc.exchangs.top
- bbc.exchangs.top
secretName: java-tls
rules:
- host: abc.exchangs.top
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: springboot-server
port:
number: 8080
- host: bbc.exchangs.top
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: springboot-server
port:
number: 8080
最后访问
curl -kivL -H 'Host: bbc.exchangs.top' 'https://192.168.0.53'
原文地址:https://blog.csdn.net/weixin_42562106/article/details/135709872
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。
如若转载,请注明出处:http://www.7code.cn/show_60723.html
如若内容造成侵权/违法违规/事实不符,请联系代码007邮箱:suwngjj01@126.com进行投诉反馈,一经查实,立即删除!
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。