0

我正在使用开发中的一些应用程序运行 Skaffold:

Skaffold.yaml

apiVersion: skaffold/v2alpha3
kind: Config
deploy:
  kubectl:
    manifests:
      - ./infra/k8s/*
build:
  local:
    push: false
  artifacts:    
    - image: MYDOCKERID/client
      context: client
      docker:
        dockerfile: Dockerfile
      sync:
        manual:
          - src: '**/*.js'
            dest: .

客户端的 Dockerfile:

FROM node:alpine

WORKDIR /app
COPY package.json .
RUN npm install
COPY . .

CMD ["npm", "run", "dev"]

客户端 depl.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: client-depl
spec:
  replicas: 1
  selector:
    matchLabels:
      app: client
  template:
    metadata:
      labels:
        app: client
    spec:
      containers:
        - name: client
          image: MYDOCKERID/client
---
apiVersion: v1
kind: Service
metadata:
  name: client-srv
spec:
  selector:
    app: client
  ports:
    - name: client
      protocol: TCP
      port: 3000
      targetPort: 3000

skaffold dev从命令行执行时,一切都完美编译:

[92m[client-depl-5bdc8cffcd-s9z9r client] [0mevent - compiled successfully
[92m[client-depl-5bdc8cffcd-s9z9r client] [0mwait  - compiling...
[92m[client-depl-5bdc8cffcd-s9z9r client] [0mAttention: Next.js now collects completely anonymous telemetry regarding usage.
[92m[client-depl-5bdc8cffcd-s9z9r client] [0mThis information is used to shape Next.js' roadmap and prioritize features.
[92m[client-depl-5bdc8cffcd-s9z9r client] [0mYou can learn more, including how to opt-out if you'd not like to participate in this anonymous program, by visiting the following URL:
[92m[client-depl-5bdc8cffcd-s9z9r client] [0mhttps://nextjs.org/telemetry
[92m[client-depl-5bdc8cffcd-s9z9r client] [0m
[92m[client-depl-5bdc8cffcd-s9z9r client] [0mevent - compiled successfully

我在 Windows 等文件夹的 Hosts 文件中添加了域:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#   127.0.0.1       localhost
#   ::1             localhost

127.0.0.1 ticketing.dev

但是,在 Chrome 中输入时,ticketing.dev我得到:

在此处输入图像描述

如何在 Chrome 中运行该应用程序并克服此消息?

4

2 回答 2

1

您缺少确保连接安全的证书。您还需要配置ingress以使用您创建的证书。

您应该阅读在集群中管理 TLS 证书

Kubernetes 提供了一个certificates.k8s.ioAPI,它允许您提供由您控制的证书颁发机构 (CA) 签名的 TLS 证书。您的工作负载可以使用这些 CA 和证书来建立信任。

您可以查看一个很好的指南,了解如何以Kubernetes-native 方式向应用程序添加 SSL/TLS 支持

您可以创建自签名证书,这篇中型文章展示了如何在 Windows 上执行此操作。

在 Linux 上,您可以执行以下操作:

[root]# mkdir certs
[root]# openssl req -nodes -newkey rsa:2048 -keyout certs/ticketing.key -out certs/ticketing.csr -subj "/C=/ST=/L=/O=/OU=/CN=default"
[root]# openssl x509 -req -sha256 -days 365 -in certs/ticketing.csr -signkey certs/ticketing.key -out certs/ticketing.crt

这将创建一个有效期为 365 天的证书。然后创建一个secret将保存您的证书:

kubectl create secret generic ticketing-certs --from-file=certs -n default

一旦证书secret准备就绪,您应该创建一个ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example1-ingress
spec:
tls:
  - hosts:
    - www.ticketing.dev
    secretName: ticketing-cert
  rules:
  - host: www.ticketing.dev
  http:
   paths:
   - path: /
   backend:
     serviceName: client-srv
     servicePort: 3000

如果您需要更多信息,请告诉我。

于 2020-06-22T12:43:59.410 回答
0

我假设您正在将该项目用于开发目的。如果您想在 chrome 上运行该应用程序。要绕过此安全警告,只需在显示警告的网页上设置此选项即可:

thisisunsafe

于 2021-03-06T06:37:25.910 回答