Skip to content

Commit

Permalink
add set-cert doc. (labring#4772)
Browse files Browse the repository at this point in the history
  • Loading branch information
nowinkeyy authored and wallyxjh committed Jun 28, 2024
1 parent a7ed8cd commit 8aef228
Show file tree
Hide file tree
Showing 11 changed files with 105 additions and 0 deletions.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
54 changes: 54 additions & 0 deletions docs/4.0/docs/guides/applaunchpad/set-cert.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
---
sidebar_position: 8
---

# Set a Custom Domain Certificate

Successfully set up a custom domain in "App Launchpad" but cannot access the domain, and it shows the certificate is not
secure. This is because cert-manager did not successfully issue the certificate. To resolve this issue, we can manually
set up the certificate.

First, make sure you have successfully set up CNAME in your cloud provider and have downloaded the certificate
corresponding to your domain.

Open "App Launchpad", set a custom domain.

![](./images/set-cert1.png)

Open the "Terminal", and execute the following commands in sequence.

```bash
# Create tls.crt using the certificate file information (replace xxxx with the actual certificate file information).
cat > tls.crt <<EOF
-----BEGIN CERTIFICATE-----
xxxx
-----END CERTIFICATE-----
EOF

# Create tls.key using the certificate private key information (replace xxxx with the actual private key information).
cat > tls.key <<EOF
-----BEGIN RSA PRIVATE KEY-----
xxxx
-----END RSA PRIVATE KEY-----
EOF

# Create a secret using tls.crt and tls.key.
kubectl create secret tls network-test --cert tls.crt --key tls.key

# Check the ingress for the corresponding application.
kubectl get ingress
```

![](./images/set-cert2.png)

Modify the ingress (replace xzy-dev.sealos.run with your own custom domain).

```bash
kubectl patch ingress network-twvuqmjzckur -p '{"spec":{"tls":[{"hosts":["xzy-dev.sealos.run"],"secretName":"network-test"}]}}'
```

![](./images/set-cert3.png)

Test the effect.

![](./images/set-cert4.png)
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
51 changes: 51 additions & 0 deletions docs/4.0/i18n/zh-Hans/guides/applaunchpad/set-cert.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
---
sidebar_position: 8
---

# 设置自定义域名证书

在「应用管理」中成功设置自定义域名,但是无法访问域名并显示证书不安全。 这是因为 cert-manager 没有成功签发证书。为了解决这个问题,我们可以手动设置证书。

首先,确认在云厂商中成功设置 CNAME,并且下载域名对应的证书。

打开「应用管理」,设置自定义域名。

![](./images/set-cert1.png)

打开「终端」,依次执行以下命令。

```bash
# 用证书文件信息创建 tls.crt(使用证书文件信息替换掉 xxxx)
cat > tls.crt <<EOF
-----BEGIN CERTIFICATE-----
xxxx
-----END CERTIFICATE-----
EOF

# 用证书私钥信息创建 tls.key(使用证书私钥信息替换掉 xxxx)
cat > tls.key <<EOF
-----BEGIN RSA PRIVATE KEY-----
xxxx
-----END RSA PRIVATE KEY-----
EOF

# 使用 tls.crt 和 tls.key 创建 secret
kubectl create secret tls network-test --cert tls.crt --key tls.key

# 查看应用对应的 ingress
kubectl get ingress
```

![](./images/set-cert2.png)

修改 ingress(使用自己的自定义域名替换掉 xzy-dev.sealos.run)。

```bash
kubectl patch ingress network-twvuqmjzckur -p '{"spec":{"tls":[{"hosts":["xzy-dev.sealos.run"],"secretName":"network-test"}]}}'
```

![](./images/set-cert3.png)

测试效果。

![](./images/set-cert4.png)

0 comments on commit 8aef228

Please sign in to comment.