Skip to content

Commit

Permalink
selfsigned tls cert created by cert-manager
Browse files Browse the repository at this point in the history
  • Loading branch information
@cofyc
cofyc committed Mar 2, 2020
1 parent 494e09a commit 75175aa
Show file tree
Hide file tree
Showing 5 changed files with 85 additions and 0 deletions.
11 changes: 11 additions & 0 deletions examples/selfsigned-tls/selfsigned-ca.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: selfsigned-ca-cert
spec:
secretName: selfsigned-ca-cert
commonName: "certmanager"
isCA: true
issuerRef:
name: selfsigned-issuer
kind: Issuer
7 changes: 7 additions & 0 deletions examples/selfsigned-tls/selfsigned-cert-issuer.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: selfsigned-cert-issuer
spec:
ca:
secretName: selfsigned-ca-cert
6 changes: 6 additions & 0 deletions examples/selfsigned-tls/selfsigned-issuer.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: selfsigned-issuer
spec:
selfSigned: {}
32 changes: 32 additions & 0 deletions examples/selfsigned-tls/tidb-client-cert.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: tidb-client-cert
spec:
secretName: tidb-client-cert
subject:
organizationalUnits:
- "TiDB Operator"
organization:
- "PingCAP"
duration: "8760h"
commonName: "basic-tidb"
#isCA: true # necessary for self-signed certificate
dnsNames:
- basic-tidb.default
- basic-tidb.default.svc
- basic-tidb-peer.default
- basic-tidb-peer.default.svc
- "*.basic-tidb-peer.default"
- "*.basic-tidb-peer.default.svc"
- "localhost"
ipAddresses:
- "127.0.0.1"
- "::1"
usages:
- "client auth"
- "server auth"
issuerRef:
name: selfsigned-cert-issuer
kind: Issuer
# DNS:basic-tidb, DNS:basic-tidb.default, DNS:basic-tidb.default.svc, DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP Address:10.102.253.44
29 changes: 29 additions & 0 deletions examples/selfsigned-tls/tidb-cluster.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: pingcap.com/v1alpha1
kind: TidbCluster
metadata:
name: basic
spec:
version: v3.0.8
timezone: UTC
pvReclaimPolicy: Delete
pd:
baseImage: pingcap/pd
replicas: 3
requests:
storage: "1Gi"
config: {}
tikv:
baseImage: pingcap/tikv
replicas: 3
requests:
storage: "1Gi"
config: {}
tidb:
baseImage: pingcap/tidb
replicas: 2
service:
type: ClusterIP
config: {}
tlsClient:
enabled: true
secretName: tidb-client-cert

0 comments on commit 75175aa

Please sign in to comment.