Ibm datapower 未能在IBM私有云中部署datapower helm图表

我尝试使用以下参数在IPC内部部署datapower

{
  "ibm-datapower-dev": {
    "name": "ibm-datapower-dev",
    "crypto.frontsideCert": "-----BEGIN CERTIFICATE REQUEST----- MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAK2cJ7rtqGPsFoFNLjOQ08knGO429u+EdIEPiXvc nvumhIoSmOquUOzyIOqPCY35Wso2EjS97dH3Qa+X8Qo8L6FfmWDBn4C6RWVPxxh1 a2P0TM1eSzPP/bVU0yghgdgPkU6jYfA0OmnBN3KOHl39gc86cI8tXUxstnlACzv+ me1RKmvMfy+IE3C0qBvvPjhNjIU4vx9OJ/DaxMh2shJxHlt718mZTCy/fAqE5bc5 19Atxy7aPD9LFWQ6/mGbnLzH8l4MqrZYFkVkZx8h3uYt3eyN0co4FicBuGtgs97s VcpZz9tC2yFEi25Iql+AdGuaK+hMNU2pF5GdNaARlyLjemECAwEAAaAAMA0GCSqG SIb3DQEBCwUAA4IBAQBvGtz0xYQOX1SqTdutLLKSJdlUt3jin3NoEvvDKAHhmpnc DDMfamqM4wjXb1JlTQKSHAdgLB/KHMgJPlb4pn9pHVCsZ9cEwz0Qz0oGPyr/rmYC IZRfmImqKdDLDhVWyK8GLv6cYwQEkuRMzytXX8DMcJcWRXuJj3cuyVGQ7BKxSnl7 0U9pbUb8mNwcvJnZfsfL4AIQR2//NoTVI+XKXg9INoJXa4WaWXAYR4QlV1+Ow52P uGnBaCsCx+JbD+2hhbbGJNzPqG1ZaZUEvnQiqOTcVseeGg6uLZ4KAGaJ52ZVWcmT Lmt+TMkML8Ajm11mJnqJIclMXs61rsHVPHbjVl5q -----END CERTIFICATE REQUEST-----",
    "crypto.frontsideKey": "-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEArZwnuu2oY+wWgU0uM5DTyScY7jb274R0gQ+Je9ye+6aEihKY 6q5Q7PIg6o8JjflayjYSNL3t0fdBr5fxCjwvoV+ZYMGfgLpFZU/HGHVrY/RMzV5L M8/9tVTTKCGB2A+RTqNh8DQ6acE3co4eXf2Bzzpwjy1dTGy2eUALO/6Z7VEqa8x/ L4gTcLSoG+8+OE2MhTi/H04n8NrEyHayEnEeW3vXyZlMLL98CoTltznX0C3HLto8 P0sVZDr+YZucvMfyXgyqtlgWRWRnHyHe5i3d7I3RyjgWJwG4a2Cz3uxVylnP20Lb IUSLbkiqX4B0a5or6Ew1TakXkZ01oBGXIuN6YQIDAQABAoIBAEI3znuhDFpYgVj+ PEIU2oLd88dglZ1T8zAK4hCpXMZ1hBY587OHm3xU+jMdLbLGSlfYeec+DkjIu3gj Rx/1RuGRWioqkBEEe1WiMTlmB/kPBIBMl/iCO63/Va734NOtVGofLUr2UNVniiOa i4CkIfANxUMHNY/h41OqFt7iRInci3ILaHBwvLQLUc0ZHZcP1jHH/6zLxsx7ueap XbOFOrRgVt620HIDBtCntJBO24KN3TveKuLSrZPGU3G/dilOEA8kTdl9ftD4Qgbe Y4sZ0sz72WjHNSVOrdTNfyLKPOmbTs+qGW7SZWOWkDmvmLO5fu6fPWnjZqTikaUz ZWfuhJUCgYEA3x1+573AblgZGshKWFa33dYHvCOVjaqUfbNyvqWEA64vl/VBhOGU 8WUFAVlqX5tN1NxUF9KLF5Ed2iIRb8d1VUb4gTCs8BVX1rJN2VFzYIBwr66G/9bO KHAH2ABq7PgRWxEBvsvgbD6gwPAgWtx+KiSGaX1V3qvmASoz1Vj4wMcCgYEAxzK+ 1YngK9Jc4JgJMYqkfRHKwjBq99CzKJHKtXzaHVqcFmH2OqmwGWb4t0DyQsi5PKVM u4OFS3/vgSKpEwem94dB6OwuAioeX6pSkYW4qGLhOm9V9iPrjg/Q4v5+ym6iNMB+ 0CZdeR1TGI1qLFkv8ziSdN1K2Ycv2fYGSRpNE5cCgYEAgTG2M4C39e1DlDOYgTCt xWHTFslQJzk4RNVtQyHaoLrzSj21E7oAIgvJ6y8YnoXyeqiedTDwY9QfAhmqGRzZ P2kaKszBxz/EnkifNZCpi560Ibag63I57EZ69EPBprg6bI4bgZzStjtJoI8rXRHC aKq/vkPaPlcxl0kVvJuJZy8CgYEApqw7KQl4XLJjrDkKWD2dbFjawqkol7o0bhmu 9zREfJM4TzIgiO06v8Z9DTh2fJLfC3N0ROHDQm0FxZNuzNF2T18JMw+LX5xGVd15 wPGWlK5HrlFCJ/XePrvVGFnBVThE2MbIVPoE9DYpNT3+PKVTjbskMEyJOIH48/L7 R2eOXnkCgYBRCjh9ns9PSneKWGfz+ymlB0b4kCZBU69Q3ladgN50oxG6QmiccObT EXEeUl+XqhlhyR7MeNSz7IUugHSVKqpa2fGFTQ3Uk7k6QslSXHcJFl3HBjK/Ejcc H8zB9FPVe1gOqeK2HBnThC7zWOseGrBMWhyeH2cNdGXnw+dexWUTig== -----END RSA PRIVATE KEY-----",
    "datapowerEnv.workerThreads": "4",
    "image.pullPolicy": "IfNotPresent",
    "image.repository": "ibmcom/datapower",
    "image.tag": "7.6.0",
    "patternName": "webApplicationProxy",
    "replicaCount": "1",
    "resources.limits.cpu": "4",
    "resources.limits.memory": "8Gi",
    "resources.requests.cpu": "2",
    "resources.requests.memory": "4Gi",
    "service.name": "datapower",
    "service.type": "NodePort",
    "webApplicationProxy.backendURL": "https://www.ibm.com",
    "webApplicationProxy.containerPort": "8443"
  }
}

但它失败了（并且没有可用的日志信息）

为了完成信息，我使用以下命令在linux内部生成证书/密钥

generate key
    openssl genrsa -out /tmp/hostname.key 2048

genrate cert
    openssl req -new -key /tmp/hostname.key -out /tmp/hostname-2017.req

---

怎么了？在哪里可以使用信息/日志来理解错误？

您应该对密钥和证书进行base64编码。它们将用作k8s机密，并且需要进行base64编码

首先，让我们了解这些值的作用

每个密钥

crypto.frontsideCert

和

crypto.frontsideKey

映射到Kubernetes秘密中使用的值。您可以在图表中看到这些值是如何被替换的：

为了向Kubernetes提供一个秘密，该值必须是base-64编码的。虽然这个秘密并没有真正加密，但它会被不经意的观察所掩盖

您可以在您喜爱的linux发行版上使用

base64

对这些字符串进行base64编码：

cat /tmp/hostname.key | base64
# Outputs a large block of text, which typically ends in "=="    cat 

cat /tmp/hostname-2017.req | base64
# Outputs a large block of text, which typically ends in "=="

如果您担心机密中的值不是您期望的值，您可以随时验证它：

echo "This is an obscured secret." | base64
VGhpcyBpcyBhbiBvYnNjdXJlZCBzZWNyZXQuCg==

echo VGhpcyBpcyBhbiBvYnNjdXJlZCBzZWNyZXQuCg== | base64 --decode
This is an obscured secret.

---

让ICP GUI接受密钥和证书的唯一方法是去掉页眉、页脚和换行符。只剩下一个连续的加密字符串。

我想你在公共论坛上发布了你的私钥。除非是测试证书，否则你应该删除此帖子。