挂载,先搞一个模版dp
[root@master01 secret-file]# kubectl create deployment alicloud-private-nginx --image=registry.cn-hangzhou.aliyuncs.com/changwu/nginx:1.7.9-nettools --dry-run=client -oyaml
修改添加imagePullSecrets
配置
apiVersion: apps/v1kind: Deploymentmetadata:creationTimestamp: nulllabels:app: alicloud-private-nginxname: alicloud-private-nginxspec:replicas: 1selector:matchLabels:app: alicloud-private-nginxstrategy: {}template:metadata:creationTimestamp: nulllabels:app: alicloud-private-nginxspec:imagePullSecrets:- name: brm-alicloud-docker-secretcontainers:- image: registry.cn-hangzhou.aliyuncs.com/changwu/nginx:1.7.9-nettoolsname: nginxresources: {}status: {}
验证的话就去 kubectl get pod -owide
即可
2.2.2、管理https证书生成私钥和crt
[root@master01 https]# openssl req -x509 -nodes -days 3650 \> -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=test.com"Generating a 2048 bit RSA private key....................................................................+++...........+++writing new private key to 'tls.key'-----[root@master01 https]# lstls.crttls.key
将key和cry托管进secret
[root@master01 https]# kubectl create secret tls https-nginx-tls-test-secret -n default --key=tls.key --cert=tls.crtsecret/https-nginx-tls-test-secret created
查看
[root@master01 https]# kubectl get secrets https-nginx-tls-test-secret -oyamlapiVersion: v1data:tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1R1lrWTJRCjN4VUpQV1hVR0lqM2VVYnhTc0hFZ2lyZDlJalBZL1pwZEsxWittbmNHTWMyNW41aVhoUEs1UG1ZcjYrcAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1V3AzbUtRNHJkZG1CZGplMjJpMjR1bU5IUGd2STJBRGlEalAKNXBTb2hRYWRkZVZYRDJFZWdlWFRTTHY3Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0Kkind: Secretmetadata:creationTimestamp: "2022-04-06T00:25:33Z"name: https-nginx-tls-test-secretnamespace: defaultresourceVersion: "848213"uid: afa127bb-4a3a-4eb9-9d55-8cd50af5b3f4type: kubernetes.io/tls
配置到ingress中(不是很推荐直接在ingress中配置https,通常会将https配置在ingress的上一层的SLB代理中)
apiVersion: networking.k8s.io/v1kind: Ingressmetadata:name: simple-tls-ingressspec:ingressClassName: nginxrules:- host: https-test.com # 配置域名,可以不写,匹配*,或者写 *.bar.comhttp:paths: # 相当于nginx的location,同一个host可以配置多个path- path: /pathType: Prefixbackend:service:name: nginx-svcport:number: 80tls:- secretName: https-nginx-tls-test-secret
验证
文章插图
2.2.3、不可变的secret与Kind同级 , 设置参数
immutable=true
即可推荐阅读
- 1分钟完成在线测试部署便捷收集班级同学文件的web管理系统
- RHCE习题
- 红米note10怎么更新系统_系统更新教程
- 重新整理 .net core 实践篇 ———— linux上性能排查 [外篇]
- k8s 中的 ingress 使用细节
- 重新整理 .net core 实践篇 ———— linux上排查问题实用工具 [外篇]
- 第2-1-1章 FastDFS分布式文件服务背景及系统架构介绍
- 华为nova8SE可以升级鸿蒙系统吗_华为nova8SE能不能升级鸿蒙系统
- 基于 Docker 构建轻量级 CI 系统:Gitea 与 Woodpecker CI 集成
- BI系统打包Docker镜像及部署的技术难度和实现