证书:
k8s里创建证书(使用证书文件命令创建):
kubectl create secret tls scdsc-org-cn --cert=/etc/letsencrypt/live/scdsc.org.cn/fullchain.pem --key=/etc/letsencrypt/live/scdsc.org.cn/privkey.pem -n gymop
k8s里创建证书(yaml文件创建):
apiVersion: v1 data: tls.crt: (certtag) tls.key: (keytag) kind: Secret metadata: labels: cattle.io/creator: norman name: scdsc-org-cn namespace: gymop type: kubernetes.io/tls
#其中tls.crt是证书文件内容的base64转码,tls.key是key文件内容的base64转码
#转码命令:cat fullchain.pem | base64 | tr ' ' ' ' | sed s/[[:space:]]//g
#########其中会去掉换行符和空格
kubectl -n gymop create -f cert.yaml
k8s里更新证书:
kubectl -n gymop replace -f cert.yaml
查看证书详情:
openssl x509 -text -in fullchain.pem
查看证书指纹:
openssl x509 -fingerprint -sha1 -in fullchain.pem