1

我正在尝试设置 ElasticSearch OpenDistro,但我无法理解<CERTIFICATE_DATA_REDACTED>链接中的含义

https://github.com/opendistro-for-elasticsearch/community/blob/master/open-distro-elasticsearch-kubernetes/elasticsearch/35-es-bootstrap-secrets.yml

我应该如何使用这个 yaml 文件?我是否需要将 base64 编码值放在这里替换然后kubectl apply -f secrets.yaml或什么?

有人可以提供任何对此进行解释的参考链接吗?

kind: Secret
metadata:
  name: elasticsearch-tls-data
  namespace: elasticsearch
type: Opaque
stringData:
  elk-crt.pem: |-
    <CERTIFICATE_DATA_REDACTED>
  elk-key.pem: |-
    <CERTIFICATE_DATA_REDACTED>
  elk-root-ca.pem: |-
    <CERTIFICATE_DATA_REDACTED>
  admin-crt.pem: |-
    <CERTIFICATE_DATA_REDACTED>
  admin-key.pem: |-
    <CERTIFICATE_DATA_REDACTED>
  admin-root-ca.pem: |-
    <CERTIFICATE_DATA_REDACTED> ````
4

1 回答 1

1

我以前没有使用过这个配置,但我认为你应该做的是elk-crt.pem, elk-key.pem, elk-root-ca.pem, admin-crt.pem, admin-key.pem, admin-root-ca.pem用 Kibana 创建你自己的证书(如果你会使用它),然后用原始值创建你的 Secret,

请阅读这个:

For certain scenarios, you may wish to use the stringData field instead. This field allows you to put a non-base64 encoded string directly into the Secret, and the string will be encoded for you when the Secret is created or updated.

https://kubernetes.io/docs/concepts/configuration/secret/

于 2019-07-14T23:33:14.847 回答