大佬教程收集整理的这篇文章主要介绍了带有谷歌管理证书的 argocd ssl 证书,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
所以,我有一个 Argocd 安装,我使用 Google Managed Certificates 来使用 SSL。
根据 Argocd Ingress Documentation,没有定义官方方法来执行此操作。 为了使用 Google 托管证书,我创建了以下清单文件。
gcp-managed.yaml
APIVersion: networking.gke.io/v1
kind: ManagedCertificate
Metadata:
name: gcp-managed
spec:
domains:
- subdomain.env.domain.com
argocd-ingress-1.yaml
APIVersion: networking.k8s.io/v1beta1
kind: Ingress
Metadata:
name: argocd-ingress-1
Annotations:
kubernetes.io/ingress.global-static-ip-name: argocd-static-ip
networking.gke.io/managed-certificates: gcp-managed
kubernetes.io/ingress.class: "gce"
spec:
BACkend:
servicename: argocd-service
servicePort: 80
argocd-service.yaml
APIVersion: v1
kind: service
Metadata:
name: argocd-service
spec:
SELEctor:
app.kubernetes.io/name: argocd-server
type: NodePort
ports:
- protocol: TCP
port: 80
targetPort: 8080
此外,由于我们使用的是 cloudFlare,因此我已将静态 IP 添加到 subdomain.env.domain.com 的 A record
中
现在,Google 托管证书为我提供了(在,kubectl describe managedcertificate gcp-managed -n argocd
)
Status:
Certificate name: certificate-unique-ID
Certificate Status: Provisioning
Domain Status:
Domain: subdomain.env.domain.com
Status: FailedNotVisible
并且 argocd-server 的运行状况检查失败,这导致了上述 FailedNotVisible
问题,因为除非运行状况检查通过,否则 GKE 负载均衡器不会引导流量。
那么,我做错了什么? \ 我还能做些什么来完成这项工作。 使用第三方应用(如 Ambassador Edge Stack 或任何其他应用)不是一种选择。
所以,诀窍是使用 argocd command reference --insecure
标志。
创建自定义 argocd 服务,关闭 CloudFlare 中的代理并使用使用托管证书的入口。
development-argocd-static-ip
= 一个全局性的静态 IP
argocd-server,gcp-managed,argocd-service,argocd-ingress
都在同一个命名空间中
argocd-server.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
spec:
SELEctor:
matchLabels:
app.kubernetes.io/name: argocd-server
template:
metadata:
labels:
app.kubernetes.io/name: argocd-server
spec:
affinity:
podAntiAffinity:
preferredDuringschedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSELEctor:
matchLabels:
app.kubernetes.io/name: argocd-server
topologyKey: kubernetes.io/hostname
weight: 100
- podAffinityTerm:
labelSELEctor:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
containers:
- command:
- argocd-server
- --insecure # added this
- --statiCassets
- /shared/app
image: quay.io/argoproj/argocd:v2.0.0
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz?full=true
port: 8080
initialDelaySeconds: 3
periodSeconds: 30
name: argocd-server
ports:
- containerPort: 8080
- containerPort: 8083
readinessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 3
periodSeconds: 30
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/server/tls
name: argocd-repo-server-tls
serviceAccountName: argocd-server
volumes:
- emptyDir: {}
name: static-files
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
gcp-managed.yaml
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: gcp-managed
spec:
domains:
- subdomain.env.domain.com
argocd-service.yaml
apiVersion: v1
kind: service
metadata:
name: argocd-service
spec:
SELEctor:
app.kubernetes.io/name: argocd-server
type: NodePort
ports:
- protocol: TCP
port: 80
targetPort: 8080
argocd-ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: argocd-ingress
Annotations:
kubernetes.io/ingress.global-static-ip-name: development-argocd-static-ip
networking.gke.io/managed-certificates: gcp-managed
kubernetes.io/ingress.class: "gce"
spec:
rules:
- http:
paths:
- path: /*
BACkend:
servicename: argocd-service
servicePort: 80
在以下命令中,
kubectl describe managedcertificate gcp-managed -n argocd
Status:
Certificate Name: certificate-unique-id
Certificate Status: Active
Domain Status:
Domain: subdomain.env.domain.com
Status: Active
以上是大佬教程为你收集整理的带有谷歌管理证书的 argocd ssl 证书全部内容,希望文章能够帮你解决带有谷歌管理证书的 argocd ssl 证书所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。