merlin/test
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity
This repository has been archived on 2025-11-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
7c7522001eadc5970b5761b2a65ca7a959af1d6d
test/tls-sync/readme.md
merlin 3df0658949
Some checks failed
Docker Image CI / build (push) Failing after 21s
Details
ci test
2025-10-20 15:09:42 +08:00

42 lines
1.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 使用说明
建议直接拉取镜像:
```
docker pull forever4526/tls:{tag}
```
编写yaml后使用kubectl apply应用
# 镜像运行必备环境变量
**中转服务器与pod相关**
CLUSTER_HOST = "10.0.0.4" //集群相对ip
NGINX_HOST = "10.0.0.1" //nginx主机地址
NGINX_USER = "nginx" //ssh链接nginx主机的用户名
NGINX_CERT_DIR = "/etc/nginx/certs" //存放证书的目录
NGINX_CONF_DIR = "/etc/nginx/conf.d" //存放server配置块的目录
NAMESPACE = "basic" //pod运行的命名空间
TEMP_DIR = "/tmp/nginx_certs" //临时目录
RSA_DIR = "/root/.ssh" //存放 SSH 密钥对
PUBLIC_KEY_COMMENT = "generated-key" //ssh公钥后缀
**上传重试相关**
MAX_RETRIES = 10 // 最大重试次数
RETRY_DELAY = 20 // 每次重试的时间间隔(秒)
# 创建serviceAccount供其使用
关键监听单namespace
```
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["watch", "get", "list"]
```
监听全部namespace需要更高的权限,default用户就无法使用了关键的rules是一样的只不过需要自己创建用户绑定权限部署时绑定创建的用户即可
# 请注意
**部署完成之后需要进入容器手动复制ssh公钥到中转服务器的对应用户下的.ssh/authorized_keys中**
**配置完公钥之后需要在pod中手动进行一次ssh远程连接目的是为了验证指纹信息目前我还没自动实现**
**可以使用固定的ssh密钥对只是我的环境走docker hub中转镜像比较方便所以就写了一个通用的个人感觉麻烦程度差不多**
Reference in New Issue View Git Blame Copy Permalink