3.7.

3.7.1.

사전 요구 사항

절차

예 3.34. allow-from-openshift-devspaces.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
    name: allow-from-openshift-devspaces
spec:
    ingress:
    - from:
        - namespaceSelector:
            matchLabels:
                kubernetes.io/metadata.name: openshift-devspaces   1
    podSelector: {}   2
    policyTypes:
    - Ingress

1
2

추가 리소스

3.7.2.

사전 요구 사항

중요

절차

```
$ oc create project openshift-devspaces
```

$ oc create secret TLS <tls_secret_name> \ 1
--key <key_file> \ 2
--cert <cert_file> \ 3
-n openshift-devspaces

1
2
3

$ oc label secret <tls_secret_name> \ 1
app.kubernetes.io/part-of=che.eclipse.org -n openshift-devspaces

1

3.1.2절. “”을 참조하십시오.

spec:
  networking:
    hostname: <hostname>     1
    tlsSecretName: <secret>  2

1
2

추가 리소스

3.7.3.

참고

사전 요구 사항

절차

$ cat ca-cert-for-{prod-id-short}-*.pem | tr -d '\r' > custom-ca-certificates.pem

$ oc create configmap custom-ca-certificates \
    --from-file=custom-ca-certificates.pem \
    --namespace=openshift-devspaces

$ oc label configmap custom-ca-certificates \
    app.kubernetes.io/component=ca-bundle \
    app.kubernetes.io/part-of=che.eclipse.org \
    --namespace=openshift-devspaces

검증 단계

$ oc get configmap \
    --namespace=openshift-devspaces \
    --output='jsonpath={.items[0:].data.custom-ca-certificates\.pem}' \
    --selector=app.kubernetes.io/component=ca-bundle,app.kubernetes.io/part-of=che.eclipse.org

$ oc get pod \
    --selector=app.kubernetes.io/component=devspaces \
    --output='jsonpath={.items[0].spec.volumes[0:].configMap.name}' \
    --namespace=openshift-devspaces \
    | grep ca-certs-merged

$ oc exec -t deploy/devspaces \
    --namespace=openshift-devspaces \
    -- cat /public-certs/custom-ca-certificates.pem

$ oc logs deploy/devspaces --namespace=openshift-devspaces \
    | grep custom-ca-certificates.pem

$ for certificate in ca-cert*.pem ;
  do openssl x509 -in $certificate -digest -sha256 -fingerprint -noout | cut -d= -f2;
  done

$ oc exec -t deploy/devspaces --namespace=openshift-devspaces -- \
    keytool -list -keystore /home/user/cacerts \
    | grep --after-context=1 custom-ca-certificates.pem

$ oc get configmap che-trusted-ca-certs \
    --namespace=<workspace_namespace> \
    --output='jsonpath={.data.custom-ca-certificates\.custom-ca-certificates\.pem}'

$ oc get pod \
    --namespace=<workspace_namespace> \
    --selector='controller.devfile.io/devworkspace_name=<workspace_name>' \
    --output='jsonpath={.items[0:].spec.volumes[0:].configMap.name}' \
    | grep che-trusted-ca-certs

$ oc get pod \
    --namespace=<workspace_namespace> \
    --selector='controller.devfile.io/devworkspace_name=<workspace_name>' \
    --output='jsonpath={.items[0:].spec.containers[0:]}' \
    | jq 'select (.volumeMounts[].name == "che-trusted-ca-certs") | .name'

$ oc get pod \
    --namespace=<workspace_namespace> \
    --selector='controller.devfile.io/devworkspace_name=<workspace_name>' \
    --output='jsonpath={.items[0:].metadata.name}' \

$ oc exec <workspace_pod_name> \
    --namespace=<workspace_namespace> \
    -- cat /public-certs/custom-ca-certificates.custom-ca-certificates.pem

추가 리소스

3.4.3절. “”.

3.7.4.

사전 요구 사항

절차

3.1.2절. “”을 참조하십시오.

spec:
  networking:
    labels: <labels> 1
    annotations: <annotations> 2

1
2

추가 리소스

3.7.5.

사전 요구 사항

dsc.

절차

3.1.2절. “”을 참조하십시오.

spec:
  networking:
    labels: <labels> 1
    domain: <domain> 2
    annotations: <annotations> 3

1
2
3

추가 리소스

3.7.1.

3.7.2.

3.7.3.

3.7.4.

3.7.5.

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat 소개

Red Hat legal and privacy links

Red Hat legal and privacy links