我试图在openshift上使用边缘终止来配置TLS,在values.yaml中传递TLS证书和私钥,并在route.yaml文件中引用它,当我执行helm图表时,由于在将证书从values.yaml复制到route.yaml文件时引入了不正确的缩进和换行,路由的创建失败。
下面是values.yaml文件,我从中引用route.yaml文件中的证书。做这件事的更好方法是什么?如何通过适当的缩进从values.yaml传递tls证书和私钥。
Values.yaml
route:
Enabled: true
annotations:
haproxy.router.openshift.io/cookie_name: SESSION_XLD
haproxy.router.openshift.io/disable_cookies: "false"
haproxy.router.openshift.io/rewrite-target: /
path: /
hosts:
- www.example.com
tls:
key:
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
certificate:
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
caCertificate:
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
insecureEdgeTerminationPolicy: Redirect
route.yaml
{{- if $.Values.route.tls }}
tls:
termination: edge
{{- with $.Values.route.tls }}
key: |
{{ .key }}
certificate: |
{{ .certificate }}
caCertificate: |
{{ .caCertificate }}
insecureEdgeTerminationPolicy: {{ .insecureEdgeTerminationPolicy }}
{{- end }}
{{- end }}
尝试将每个证书传递给route.yaml和|,以便在Values.yaml中保留缩进,如下所示?
tls:
key: | <--- add
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
certificate: | <--- add
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
caCertificate: | <--- add
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
在证书之前添加|,如@Daein回答,但也在路由yaml中添加引用证书:{证书|报价}}
我在这里找到了一个例子:
spec:
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
certificate: |-
{{ .Values.deploy.route.tls.cert | nindent 6 }}
key: |-
{{ .Values.deploy.route.tls.key | nindent 6 }}