[英]How can we generate Self Managed Certificates in GCP instance?
i am testing with Open SSL in GCP instance.我正在 GCP 实例中使用 Open SSL 进行测试。 and how can generate Self Managed Certificates in GCP instance.以及如何在 GCP 实例中生成自我管理证书。
You can make certificate and domain status active, it can take up to 30 mins for your load balancer to begin using your self-managed SSL certificate您可以激活证书和域状态,负载均衡器最多可能需要 30 分钟才能开始使用您的自我管理 SSL 证书
To test this you can run the following OpenSSL command, replacing要对此进行测试,您可以运行以下 OpenSSL 命令,替换
DOMAIN ----------------------- with-----------------------DNS name DOMAIN ------------------------ 带有------------DNS 名称
IP_ADDRESS-------------------with-----------------------IP address of your load balancer. IP_ADDRESS------------------------------您的负载均衡器的 IP 地址.
echo | openssl s_client -showcerts -servername DOMAIN -connect IP_ADDRESS:443 -verify 99 -verify_return_error
This command outputs the certificates that the load balancer presents to the client.此命令输出负载均衡器提供给客户端的证书。 Along with other detailed information, the output should include the certificate chain.连同其他详细信息,output 应包括证书链。 Verify return code: 0 (ok).验证返回码:0(正常)。
For more information you can refer to this link .有关更多信息,您可以参考此链接。
There are so many ways we can issue certificates, let's focus on K8S cluster running on Google (GKE) using a custom resource called ManagedCertificate and ingress rules.我们可以通过多种方式颁发证书,让我们关注使用名为 ManagedCertificate 的自定义资源和入口规则在 Google (GKE) 上运行的 K8S 集群。
You must own the domain name and name must be no longer than 63 characters.您必须拥有域名且名称不得超过 63 个字符。
Create a reserved (static) external IP address using the following command, or use google console.使用以下命令或使用谷歌控制台创建保留(静态)外部 IP 地址。
gcloud compute addresses create gke-static-ip --global gcloud 计算地址创建 gke-static-ip --global
Create Managed Certificate创建托管证书
---
apiVersion: networking.gke.io/v1beta1
kind: ManagedCertificate
metadata:
name: gke-certificate
spec:
domains:
- DOMAIN
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gke-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: gke-static-ip
networking.gke.io/managed-certificates: gke-certificate
spec:
backend:
serviceName: hello-world-service
servicePort: 80
in my case i use the cloud endpoints as domain name在我的例子中,我使用云端点作为域名
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.