![[17.0.0.3 以及更新版本]](../ng_v17003plus.gif)
在 IBM Cloud Private 中使用 SSL 來部署具有「入口」的 Liberty
當您要求「入口」時,指向 Proxy 的瀏覽器是安全的。不過,如果您想維護後端連線的安全,請完成這項作業。
關於這項作業
程序
範例
apiVersion: v1
kind: Service
metadata:
name: liberty
labels:
name: liberty
spec:
selector:
name: liberty
ports:
- name: http
protocol: TCP
port: 9080
targetPort: 9080
- name: https
protocol: TCP
port: 9443
targetPort: 9443
type: NodePort
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: liberty
spec:
replicas: 1
template:
metadata:
labels:
name: liberty
spec:
containers:
- name: liberty
image: master.cfc:8500/admin/liberty:latest
ports:
- containerPort: 9080
- containerPort: 9443
readinessProbe:
httpGet:
path: /
port: 9080
env:
- name: MB_KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: mb-keystore-password
key: password
- name: MB_TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: mb-truststore-password
key: password
volumeMounts:
- name: keystores
mountPath: /etc/wlp/config/keystore
readOnly: true
- name: truststores
mountPath: /etc/wlp/config/truststore
readOnly: true
- name: liberty-ssl
mountPath: /config/configDropins
readOnly: true
volumes:
- name: keystores
secret:
secretName: mb-keystore
- name: truststores
secret:
secretName: mb-truststore
- name: liberty-ssl
configMap:
name: liberty-ssl
items:
- key: libertyssl.xml
path: defaults/libertyssl.xml
imagePullSecrets:
- name: admin.registrykey
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: liberty
labels:
name: liberty
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/affinity: "cookie"
ingress.kubernetes.io/session-cookie-name: "route"
ingress.kubernetes.io/session-cookie-hash: "sha1"
ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/secure-backends: "true"
spec:
rules:
- host:
http:
paths:
- path: /liberty
backend:
serviceName: liberty
servicePort: 9443
下一步
https://<yourproxyip>/liberty