红帽全球峰会1.3. 使用您自己的可观察证书颁发机构 (CA) 证书
安装 Red Hat Advanced Cluster Management for Kubernetes 时,默认只为可观察性提供证书颁发机构 (CA)证书。如果您不想使用 Red Hat Advanced Cluster Management 生成的默认可观察性 CA 证书,您可以在启用可观察性前选择使用自己的可观察 CA 证书。
1.3.1. 使用 OpenSSL 命令生成 CA 证书
复制链接链接已复制到粘贴板!
Observability 需要两个 CA 证书,一个用于服务器端,另一个用于客户端。
使用以下命令生成您的 CA RSA 私钥:
openssl genrsa -out serverCAKey.pem 2048 openssl genrsa -out clientCAKey.pem 2048
openssl genrsa -out serverCAKey.pem 2048 openssl genrsa -out clientCAKey.pem 2048Copy to Clipboard Copied! Toggle word wrap Toggle overflow 使用私钥生成自签名 CA 证书。运行以下命令:
openssl req -x509 -sha256 -new -nodes -key serverCAKey.pem -days 1825 -out serverCACert.pem openssl req -x509 -sha256 -new -nodes -key clientCAKey.pem -days 1825 -out clientCACert.pem
openssl req -x509 -sha256 -new -nodes -key serverCAKey.pem -days 1825 -out serverCACert.pem openssl req -x509 -sha256 -new -nodes -key clientCAKey.pem -days 1825 -out clientCACert.pemCopy to Clipboard Copied! Toggle word wrap Toggle overflow
1.3.2. 创建与您自己的可观察 CA 证书关联的 secret
复制链接链接已复制到粘贴板!
完成以下步骤以创建 secret:
使用您的证书和私钥创建
observability-server-ca-certssecret。运行以下命令:oc -n open-cluster-management-observability create secret tls observability-server-ca-certs --cert ./serverCACert.pem --key ./serverCAKey.pem
oc -n open-cluster-management-observability create secret tls observability-server-ca-certs --cert ./serverCACert.pem --key ./serverCAKey.pemCopy to Clipboard Copied! Toggle word wrap Toggle overflow 使用您的证书和私钥创建
observability-client-ca-certssecret。运行以下命令:oc -n open-cluster-management-observability create secret tls observability-client-ca-certs --cert ./clientCACert.pem --key ./clientCAKey.pem
oc -n open-cluster-management-observability create secret tls observability-client-ca-certs --cert ./clientCACert.pem --key ./clientCAKey.pemCopy to Clipboard Copied! Toggle word wrap Toggle overflow
1.3.3. 其他资源
复制链接链接已复制到粘贴板!
- 请参阅 自定义路由认证。
- 请参阅 自定义用于访问对象存储的证书。
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}