| # cas-server-ingresses.yaml |
| |
| # 创建 ca-secret |
| |
| # cd PATH/ca/certs/client |
| |
| # kubectl describe secret ca-secret -n cas-server |
| |
| # kubectl create secret generic ca-secret --from-file=client.truststore=client.truststore -n cas-server |
| |
| |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Ingress |
| metadata: |
| namespace: cas-server |
| name: cas-ingress |
| annotations: |
| nginx.ingress.kubernetes.io/proxy-buffer-size: "8k" |
| # cert-manager.io/cluster-issuer: "letsencrypt-staging" |
| # nginx.ingress.kubernetes.io/ssl-redirect: "true" |
| # nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" |
| # nginx.ingress.kubernetes.io/auth-tls-secret: "cas-server/ca-secret" |
| # nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" |
| spec: |
| tls: |
| # - hosts: |
| # - cas.paas.xxx.edu.cn |
| # secretName: cas-ingress-tls |
| rules: |
| # 修改为学校的根域名 |
| - host: cas.paas.xxx.edu.cn |
| http: |
| paths: |
| - path: /cas |
| backend: |
| serviceName: cas-server-site-webapp-svc |
| servicePort: http |
| |
| |
| # TODO: https 配置说明 |