taigrr/nats.docs
1
0
Fork 0
mirror of https://github.com/taigrr/nats.docs synced 2025-01-18 04:03:23 -08:00
Code Issues Projects Releases Wiki Activity

Merge pull request #78 from egoon/patch-1

Browse Source 
Update cert-manager docs after changed behaviour
This commit is contained in:
Ginger Collison 2020-05-01 13:38:51 -05:00 committed by GitHub
commit a5d5529f7d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
nats-on-kubernetes/nats-cluster-and-cert-manager.md
View File

@ -5,11 +5,12 @@ First we need to install the cert-manager component from [jetstack](https://gith
```text ```text
kubectl create namespace cert-manager kubectl create namespace cert-manager
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.7/deploy/manifests/cert-manager.yaml kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.0/cert-manager.yaml
``` ```
If you are running Kubernetes < 1.15, use `cert-manager-legacy.yaml` instead.
```yaml ```yaml
apiVersion: certmanager.k8s.io/v1alpha1 apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:
name: selfsigning name: selfsigning
@ -25,7 +26,7 @@ Next, let's create the CA for the certs:
```yaml ```yaml
--- ---
apiVersion: certmanager.k8s.io/v1alpha1 apiVersion: cert-manager.io/v1alpha2
kind: Certificate kind: Certificate
metadata: metadata:
name: nats-ca name: nats-ca
@ -37,11 +38,13 @@ spec:
name: selfsigning name: selfsigning
kind: ClusterIssuer kind: ClusterIssuer
commonName: nats-ca commonName: nats-ca
usages:
- cert sign
organization: organization:
- Your organization - Your organization
isCA: true isCA: true
--- ---
apiVersion: certmanager.k8s.io/v1alpha1 apiVersion: cert-manager.io/v1alpha2
kind: Issuer kind: Issuer
metadata: metadata:
name: nats-ca name: nats-ca
@ -54,7 +57,7 @@ Now create the certs that will match the DNS name used by the clients to connect
```yaml ```yaml
--- ---
apiVersion: certmanager.k8s.io/v1alpha1 apiVersion: cert-manager.io/v1alpha2
kind: Certificate kind: Certificate
metadata: metadata:
name: nats-server-tls name: nats-server-tls
@ -65,6 +68,10 @@ spec:
issuerRef: issuerRef:
name: nats-ca name: nats-ca
kind: Issuer kind: Issuer
usages:
- signing
- key encipherment
- server auth
organization: organization:
- Your organization - Your organization
commonName: nats.default.svc.cluster.local commonName: nats.default.svc.cluster.local
@ -87,6 +94,11 @@ spec:
issuerRef: issuerRef:
name: nats-ca name: nats-ca
kind: Issuer kind: Issuer
usages:
- signing
- key encipherment
- server auth
- client auth
organization: organization:
- Your organization - Your organization
commonName: "*.nats-mgmt.default.svc.cluster.local" commonName: "*.nats-mgmt.default.svc.cluster.local"
@ -104,7 +116,7 @@ metadata:
spec: spec:
# Number of nodes in the cluster # Number of nodes in the cluster
size: 3 size: 3
version: "1.4.1" version: "2.1.4"
tls: tls:
# Certificates to secure the NATS client connections: # Certificates to secure the NATS client connections:
@ -152,7 +164,7 @@ kubectl logs nats-1
``` ```
```text ```text
[1] 2019/12/18 12:27:23.920417 [INF] Starting nats-server version 2.1.2 [1] 2019/12/18 12:27:23.920417 [INF] Starting nats-server version 2.1.4
[1] 2019/12/18 12:27:23.920590 [INF] Git commit [not set] [1] 2019/12/18 12:27:23.920590 [INF] Git commit [not set]
[1] 2019/12/18 12:27:23.921024 [INF] Listening for client connections on 0.0.0.0:4222 [1] 2019/12/18 12:27:23.921024 [INF] Listening for client connections on 0.0.0.0:4222
[1] 2019/12/18 12:27:23.921047 [INF] Server id is NDA6JC3TGEADLLBEPFAQ4BN4PM3WBN237KIXVTFCY3JSTDOSRRVOJCXN [1] 2019/12/18 12:27:23.921047 [INF] Server id is NDA6JC3TGEADLLBEPFAQ4BN4PM3WBN237KIXVTFCY3JSTDOSRRVOJCXN