14.7. 部署示例应用程序
现在,配置了动态证书,您可以部署一个示例应用程序,以确认在公开新路由时置备并信任证书。
为您的示例应用程序创建一个新项目:
$ oc new-project hello-world
部署 hello world 应用:
$ oc -n hello-world new-app --image=docker.io/openshift/hello-openshift
创建路由从集群外部公开应用程序:
$ oc -n hello-world create route edge --service=hello-openshift hello-openshift-tls --hostname hello.${DOMAIN}验证路由的证书是否不被信任:
$ curl -I https://hello.${DOMAIN}输出示例
curl: (60) SSL: no alternative certificate subject name matches target host name 'hello.example.com' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
注解路由以触发 cert-manager 为自定义域置备证书:
$ oc -n hello-world annotate route hello-openshift-tls cert-manager.io/issuer-kind=ClusterIssuer cert-manager.io/issuer-name=letsencrypt-production
注意创建证书需要 2-3 分钟。证书续订将由 cert-manager Operator 自动管理,因为它接近到期。
验证路由的证书现在是否被信任:
$ curl -I https://hello.${DOMAIN}输出示例
HTTP/2 200 date: Thu, 05 Oct 2023 23:45:33 GMT content-length: 17 content-type: text/plain; charset=utf-8 set-cookie: 52e4465485b6fb4f8a1b1bed128d0f3b=68676068bb32d24f0f558f094ed8e4d7; path=/; HttpOnly; Secure; SameSite=None cache-control: private
