以前有透过Freenom注册了一个边缘网域,这次就设定了一个homelab domain,将A Record设定在我的固定IP上。
Router的部分也要设定Port-forward 80/443 对应我昨天开的LoadBalancerIP
就可以打开浏览器
接者使用cfssl处理自签凭证
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64
sudo mv cfssljson_1.6.1_linux_amd64 /usr/local/bin/cfssljson
chmod +x /usr/local/bin/cfssljson
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64
sudo mv cfssl_1.6.1_linux_amd64 /usr/local/bin/cfssl
chmod +x /usr/local/bin/cfssl
cat > ca-config.json << EOF
{
"signing": {
"default": {
"expiry": "8760h"
},
"profiles": {
"Homelab": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "8760h"
}
}
}
}
EOF
cat > ca-csr.json << EOF
{
"CN": "Homelab Root CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "TW",
"L": "Taipei",
"O": "Homelab",
"OU": "Homelab Root CA",
"ST": "Xizhi"
}
]
}
EOF
cfssl gencert --initca ca-csr.json | cfssljson -bare ca
cat > homelab-csr.json << EOF
{
"CN": "homelab.gurubear.cf",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "TW",
"L": "Taipei",
"O": "Homelab",
"OU": "Homelab CA",
"ST": "Xizhi"
}
],
"hosts": [
"homelab.gurubear.cf"
]
}
EOF
cfssl gencert -ca ca.pem -ca-key ca-key.pem -config ca-config.json -profile=Homelab homelab-csr.json | cfssljson -bare homelab
kubectl create secret tls gurubear-tls --cert=homelab.pem --key=homelab-key.pem -n ithomelab
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
name: ithomelab-ing
namespace: ithomelab
spec:
rules:
- host: homelab.gurubear.cf
http:
paths:
- backend:
service:
name: ithomelab-react-deployment
port:
number: 80
path: /
pathType: Prefix
- backend:
service:
name: ithomelab-api-deployment
port:
number: 80
path: /API
pathType: Prefix
tls:
- hosts:
- homelab.gurubear.cf
secretName: gurubear-tls
可以看到仍然为不安全,因为并不认得这个ROOT CA
这边要想办法去信任这个自签的CA
ubuntu透过update-ca-certificate,chromium则要透过介面or指令
windows点两下CA放进可信任的授权单位......
再打开浏览器可以发现这台电脑浏览器显示已经是安全了~
原本预计是要写cert-manager的,但因为domain有些问题处理不定,就决定先用自签凭证来挡一下。可能会在之後的章节再度挑战。
<<: Day 16 ( 中级 ) 灯光绕圈圈 ( 座标 )
>>: [Day15] Tableau 轻松学 - 地图工作表
在讲解 this 之前,先来看一段程序码,观察它的执行过程 var myName = 'weiwei...
终於要来组合画面噜~ 写了这麽多天的小区块切版, 终於要派上用场了! 是不是常常有一种:「我想要学的...
前言 有在写 node 的人可能听人提过, node 的底层是一个支援非同步 IO 的 thread...
大家应该都看过名侦探柯南吧,那个智慧过於常人的小学生,东京死神,专长是踢足球跟在夏威夷学开飞机,兴趣...
古语有云:「竹外桃花三两枝,春江水暖鸭先知。」春天不会早上起来敲你家门,跟你说他来了。冬天进入春天的...