Comments (3)
@czomo @mjnagel ,I am deploying Jaeger-operator 1.47 through helm-chart 1.46 and I would like to disable certificate manager as we have our own TLS platform. is it feasible?
During deployment, it was found that even if valus is set to false, pod startup still looks for certs, resulting in pod startup failure.
from helm-charts.
solution:
cat <<EOF | cfssl genkey - | cfssljson -bare server
{
"hosts": [
"kubernetes.default.svc.cluster.local",
"10.96.0.1"
],
"key": {
"algo": "ecdsa",
"size": 256
}
}
EOF
cat <<EOF | kubectl apply -f -
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: kubernetes.default
spec:
request: $(cat server.csr | base64 | tr -d '\n')
signerName: example.com/serving
usages:
- digital signature
- key encipherment
- server auth
EOF
2.1) kubectl certificate approve test-kube-api
cat <<EOF | cfssl gencert -initca - | cfssljson -bare ca
{
"CN": "My Example Signer",
"key": {
"algo": "rsa",
"size": 2048
}
}
EOF
echo "
{
"signing": {
"default": {
"usages": [
"digital signature",
"key encipherment",
"server auth"
],
"expiry": "876000h",
"ca_constraint": {
"is_ca": false
}
}
}
}
" >> server-signing-config.json
kubectl get csr kubernetes.default -o jsonpath='{.spec.request}' | \
base64 --decode | \
cfssl sign -ca ca.pem -ca-key ca-key.pem -config server-signing-config.json - | \
cfssljson -bare ca-signed-server
kubectl get csr kubernetes.default -o json | \
jq '.status.certificate = "'$(base64 ca-signed-server.pem | tr -d '\n')'"' | \
kubectl replace --raw /apis/certificates.k8s.io/v1/certificatesigningrequests/kubernetes.default/status -f -
kubectl get csr kubernetes.default -o jsonpath='{.status.certificate}' \
| base64 --decode > server.crt
kubectl create secret tls jaeger-operator-service-cert --cert server.crt --key server-key.pem
from helm-charts.
@klinch0 thx
from helm-charts.
Related Issues (20)
- [Feature]: Add ability to set resources for the Oauth2 sidecar HOT 1
- [Bug]: both otlp services have to be defined
- [Feature]: Badger support for all-in-one jaeger helm chart
- [Feature]: Add initContainers for query-deploy.yaml
- [Bug]: tls.enabled value is bound with hardcoded values
- [Feature]: Allow setting annotations on the allinone Service Account
- [Feature]: Manage cluster role rules for jaeger-operator Service Account
- [Bug]: jaeger-chart: does not exist .Values.storage.elasticsearch.tls in es-rollover-hook.yml
- [Bug]: jaeger query oauth2-proxy sidecar issues with config HOT 1
- [Feature]: Chart should use versioned jaeger jaegertracing/all-in-one image, instead of latest HOT 1
- [Bug]: jaeger chart incompatible with recent bitnami charts HOT 2
- [Feature]: Update helm-chart to use elasticsearch 8+ HOT 8
- [Feature]: set the 'number_of_replicas' in elasticsearch to a variable HOT 3
- [Feature]: Support Jaeger-v2 HOT 3
- [Bug]: Jaeger Operator image tag is lagging behind
- [Bug]: extraObjects accepts only string as templates HOT 1
- [Feature]: Add appProtocol
- [Bug]: helm chart is not working with kafka . Both (kafka and exisitng kafka).
- [Feature]: Add toleration to cassandra-schema-job manifest file
- [Feature]: global.PullSecerts HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm-charts.