Open shicli opened 11 months ago
@czomo @mjnagel ,I am deploying Jaeger-operator 1.47 through helm-chart 1.46 and I would like to disable certificate manager as we have our own TLS platform. is it feasible? During deployment, it was found that even if valus is set to false, pod startup still looks for certs, resulting in pod startup failure.
solution:
1)
cat <<EOF | cfssl genkey - | cfssljson -bare server
{
"hosts": [
"kubernetes.default.svc.cluster.local",
"10.96.0.1"
],
"key": {
"algo": "ecdsa",
"size": 256
}
}
EOF
2)
cat <<EOF | kubectl apply -f -
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: kubernetes.default
spec:
request: $(cat server.csr | base64 | tr -d '\n')
signerName: example.com/serving
usages:
- digital signature
- key encipherment
- server auth
EOF
2.1) kubectl certificate approve test-kube-api
3)
cat <<EOF | cfssl gencert -initca - | cfssljson -bare ca
{
"CN": "My Example Signer",
"key": {
"algo": "rsa",
"size": 2048
}
}
EOF
4)
echo "
{
"signing": {
"default": {
"usages": [
"digital signature",
"key encipherment",
"server auth"
],
"expiry": "876000h",
"ca_constraint": {
"is_ca": false
}
}
}
}
" >> server-signing-config.json
5)
kubectl get csr kubernetes.default -o jsonpath='{.spec.request}' | \
base64 --decode | \
cfssl sign -ca ca.pem -ca-key ca-key.pem -config server-signing-config.json - | \
cfssljson -bare ca-signed-server
6)
kubectl get csr kubernetes.default -o json | \
jq '.status.certificate = "'$(base64 ca-signed-server.pem | tr -d '\n')'"' | \
kubectl replace --raw /apis/certificates.k8s.io/v1/certificatesigningrequests/kubernetes.default/status -f -
7)
kubectl get csr kubernetes.default -o jsonpath='{.status.certificate}' \
| base64 --decode > server.crt
8)
kubectl create secret tls jaeger-operator-service-cert --cert server.crt --key server-key.pem
@klinch0 thx
What happened?
I am deploying the jaeger-operator1.47.0 through helm-charts1.46.0 and would like to disable cert-manager as we have our own TLS service. But I disabled them in Value, but I still check Cert when starting the service. May I know how to handle this change?
Disable webhooks and certificates via values.yaml
Expected behavior
I disabled them in Value, but I still check Cert when starting the service. May I know how to handle this change?
Relevant log output
Version (please complete the following information):
helm-charts1.46.0 jaeger-operator1.47.0 Kubernetes v1.23 liunx