在一個使用 rke 建置好的 K8s 內, 設定使用 Let's Encrypt 產生的 SSL 憑證 讓裡面的服務 https 可以正確使用
kubectl edit secret devops-tls
kubectl delete secret devops-tls kubectl create secret tls devops-tls --cert=cert1.pem --key=privkey1.pem
$ ping ttt.ingress-devops.ichiayi.com PING ttt.ingress-devops.ichiayi.com (172.16.0.190) 56(84) bytes of data. 64 bytes from iiiDevOps.unassigned-domain (172.16.0.190): icmp_seq=1 ttl=64 time=0.025 ms 64 bytes from iiiDevOps.unassigned-domain (172.16.0.190): icmp_seq=2 ttl=64 time=0.042 ms
sudo certbot \ -d *.ingress-devops.ichiayi.com \ --manual --preferred-challenges dns certonly --server https://acme-v02.api.letsencrypt.org/directory
產生的憑證檔(cert.pem privkey.pem)應該會出現在 /etc/letsencrypt/live/ingress-devops.ichiayi.com 內
kubectl create secret tls ingress-wildcard-tls --cert=cert.pem --key=privkey.pem
--default-ssl-certificate=default/ingress-wildcard-tls
$ ping sonarqube-devops.ichiayi.com PING sonarqube-devops.ichiayi.com (172.16.0.190) 56(84) bytes of data. 64 bytes from iiiDevOps.unassigned-domain (172.16.0.190): icmp_seq=1 ttl=64 time=0.022 ms 64 bytes from iiiDevOps.unassigned-domain (172.16.0.190): icmp_seq=2 ttl=64 time=0.037 ms 64 bytes from iiiDevOps.unassigned-domain (172.16.0.190): icmp_seq=3 ttl=64 time=0.023 ms
sudo certbot \ -d sonarqube-devops.ichiayi.com \ --manual --preferred-challenges dns certonly --server https://acme-v02.api.letsencrypt.org/directory
產生的憑證檔(cert.pem privkey.pem)應該會出現在 /etc/letsencrypt/live/sonarqube-devops.ichiayi.com 內
kubectl create secret tls sonarqube-devops-tls --cert=cert.pem --key=privkey.pem -n my-devops
tls: - hosts: - "sonarqube-devops.ichiayi.com" secretName: sonarqube-devops-tls
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: sonarqube-ing namespace: my-devops annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: - "sonarqube-devops.ichiayi.com" secretName: sonarqube-devops-tls rules: - host: "sonarqube-devops.ichiayi.com" http: paths: - backend: serviceName: sonarqube-server-service servicePort: 9000 path: "/" pathType: "ImplementationSpecific"
kubectl apply -f sonar-server-ingress-ssl.yaml