| 刘洪青 | 4720585 | 2020-08-14 13:39:30 +0800 | [diff] [blame^] | 1 | # cas-server-ingresses.yaml |
| 2 | |
| 3 | # 创建 ca-secret |
| 4 | |
| 5 | # cd PATH/ca/certs/client |
| 6 | |
| 7 | # kubectl describe secret ca-secret -n cas-server |
| 8 | |
| 9 | # kubectl create secret generic ca-secret --from-file=client.truststore=client.truststore -n cas-server |
| 10 | |
| 11 | |
| 12 | --- |
| 13 | apiVersion: extensions/v1beta1 |
| 14 | kind: Ingress |
| 15 | metadata: |
| 16 | namespace: cas-server |
| 17 | name: cas-ingress |
| 18 | annotations: |
| 19 | nginx.ingress.kubernetes.io/proxy-buffer-size: "8k" |
| 20 | # cert-manager.io/cluster-issuer: "letsencrypt-staging" |
| 21 | # nginx.ingress.kubernetes.io/ssl-redirect: "true" |
| 22 | # nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" |
| 23 | # nginx.ingress.kubernetes.io/auth-tls-secret: "cas-server/ca-secret" |
| 24 | # nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" |
| 25 | spec: |
| 26 | tls: |
| 27 | # - hosts: |
| 28 | # - cas.paas.xxx.edu.cn |
| 29 | # secretName: cas-ingress-tls |
| 30 | rules: |
| 31 | # 修改为学校的根域名 |
| 32 | - host: cas.paas.xxx.edu.cn |
| 33 | http: |
| 34 | paths: |
| 35 | - path: /cas |
| 36 | backend: |
| 37 | serviceName: cas-server-site-webapp-svc |
| 38 | servicePort: http |
| 39 | |
| 40 | |
| 41 | # TODO: https 配置说明 |