首页 > Web开发 > 详细

ingress-nginx 添加https证书

时间:2018-12-23 00:49:50      阅读:810      评论:0      收藏:0      [点我收藏+]

1.配了一个证书,发现报错:

 kubectl logs  ingress-nginx-controller-96fnv   -n ingress-nginx

 unexpected error validating SSL certificate gscommon/https-secret for host oa2https01.mz.abc.com. Reason: x509: certificate is valid for *.idcsec.com, not oa2https01.mz.abc.com

基本可以确定是证书有问题

2.参考思路:

2.1生成证书文件:

openssl req -x509 -nodes -days 2920 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=*.idcsec.com/O=nginxsvc"

2.2 导入证书文件到k8s secret

kubectl create secret tls https-secret --key tls.key --cert tls.crt

我的配置:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/ssl-redirect: "True"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"ingress.kubernetes.io/ssl-redirect":"True"},"name":"pispower-oa-https","namespace":"gscommon"},"spec":{"rules":[{"host":"oahttps02.mz.pispower.com","http":{"paths":[{"backend":{"serviceName":"oa2gs","servicePort":80},"path":"/"}]}}],"tls":[{"hosts":["oahttps02.mz.pispower.com"],"secretName":"https-secret-02"}]}}
creationTimestamp: 2018-12-22T15:42:08Z
generation: 3
name: pispower-oa-https
namespace: gscommon
resourceVersion: "7947760"
selfLink: /apis/extensions/v1beta1/namespaces/gscommon/ingresses/pispower-oa-https
uid: 2425b1df-0600-11e9-9cd0-020050e80095

spec:
rules:
- host: oahttps02.mz.abc.com
http:
paths:
- backend:
serviceName: oa2gs
servicePort: 80
path: /
tls:
- hosts:
- oahttps02.mz.abc.com
secretName: https-secret04
status:
loadBalancer:
ingress:
- {}

技术分享图片

参考:http://idcsec.com/articles/2018/09/28/1538105157281.html

关键: kubectl create secret tls https-secret04 --key mz.abc.key --cert mz.abc.com.crt -n gscommon

ingress-nginx 添加https证书

原文:https://www.cnblogs.com/hixiaowei/p/10163052.html

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!