我的集群中有一个 wehook 正在运行。
我创建了一个证书并成功签名。
证书配置:
cat > csr.conf <<EOF
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = s-controller.ns-controller
DNS.2 = s-controller.ns-controller.svc
EOF
我按如下方式创建证书:
openssl genrsa -out server-key.pem 2048
openssl req -new -key server-key.pem -subj "/CN=s-controller.ns-controller.svc" -out server.csr -config csr.conf
证书签名请求 ( v1beta1)
cat <<EOF | kubectl create -f -
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: csr-controller
spec:
groups:
- …我正在使用将执行 docker 命令(docker ps等)的映像设置 kubernetes 部署。
我的 yaml 如下所示:
kind: Deployment
apiVersion: apps/v1
metadata:
name: discovery
namespace: kube-system
labels:
discovery-app: kubernetes-discovery
spec:
selector:
matchLabels:
discovery-app: kubernetes-discovery
strategy:
type: Recreate
template:
metadata:
labels:
discovery-app: kubernetes-discovery
spec:
containers:
- image: docker:dind
name: discover
ports:
- containerPort: 8080
name: my-awesome-port
imagePullSecrets:
- name: regcred3
volumes:
- name: some-volume
emptyDir: {}
serviceAccountName: kubernetes-discovery
通常我会运行一个 docker 容器,如下所示:
docker run -v /var/run/docker.sock:/var/run/docker.sock docker:dind
现在,kubernetes yaml 支持commands,args但由于某种原因不支持options.
正确的做法是什么?
也许我应该配置一个卷,但是,它是 …