7.6. 전송 암호화가 활성화되었는지 확인

프로세스

1. Knative 서비스를 생성합니다.

   apiVersion: serving.knative.dev/v1
   kind: Service
   metadata:
     name: test-webapp
     namespace: test-namespace
   spec:
     template:
       spec:
         containers:
           - image: docker.io/openshift/hello-openshift
             env:
               - name: RESPONSE
                 value: "Hello Serverless!"

2. 다음 명령을 실행하여 Knative 서비스 YAML을 적용합니다.

   $ oc apply -f <filename>

3. Knative 서비스의 상태를 검사합니다.

   명령 예

   $ oc get ksvc -n test-namespace -o yaml

   출력 예

   apiVersion: serving.knative.dev/v1
   kind: Service
   metadata:
     name: test-webapp
     namespace: test-namespace
   # spec:
   # ...
   status:
     address:
       # cluster-local-domain:
       url: https://helloworld.test.svc.cluster.local 1

   1

   cluster-local-domain-tls 를 활성화하면 HTTPS URL이 표시됩니다.

4. system-internal-tls 가 활성화되어 있는지 확인하려면 다음 명령을 실행하여 Queue-Proxy 로그의 출력을 확인합니다.

   명령 예

   $ oc logs your-pod -n test-namespace -c queue-proxy | grep -E 'certDir|Certificate|tls'

   다음과 유사한 행이 표시되면 system-internal-tls 가 활성화됩니다.

   {"severity":"INFO","timestamp":"2024-01-03T07:07:32.892810888Z","logger":"queueproxy","caller":"certificate/watcher.go:62","message":"Starting to watch the following directories for changes{certDir 15 0 /var/lib/knative/certs <nil>} {keyDir 15 0 /var/lib/knative/certs <nil>}","commit":"86420f2-dirty","knative.dev/key":"first/helloworld-00001","knative.dev/pod":"helloworld-00001-deployment-75fbb7d488-qgmxx"}
   {"severity":"INFO","timestamp":"2024-01-03T07:07:32.89397512Z","logger":"queueproxy","caller":"certificate/watcher.go:131","message":"Certificate and/or key have changed on disk and were reloaded.","commit":"86420f2-dirty","knative.dev/key":"first/helloworld-00001","knative.dev/pod":"helloworld-00001-deployment-75fbb7d488-qgmxx"}
   {"severity":"INFO","timestamp":"2024-01-03T07:07:32.894232939Z","logger":"queueproxy","caller":"sharedmain/main.go:282","message":"Starting tls server admin:8022","commit":"86420f2-dirty","knative.dev/key":"first/helloworld-00001","knative.dev/pod":"helloworld-00001-deployment-75fbb7d488-qgmxx"}
   {"severity":"INFO","timestamp":"2024-01-03T07:07:32.894268548Z","logger":"queueproxy","caller":"sharedmain/main.go:282","message":"Starting tls server main:8112","commit":"86420f2-dirty","knative.dev/key":"first/helloworld-00001","knative.dev/pod":"helloworld-00001-deployment-75fbb7d488-qgmxx"}