Javascript 将Kubernetes与Skaffold一起使用并运行Next JS Products;您的连接不是私人的”;在Chrome中的HTTPS下
我正在使用一些正在开发的应用程序运行Skaffold: Skaffold.yamlJavascript 将Kubernetes与Skaffold一起使用并运行Next JS Products;您的连接不是私人的”;在Chrome中的HTTPS下,javascript,docker,kubernetes,dockerfile,skaffold,Javascript,Docker,Kubernetes,Dockerfile,Skaffold,我正在使用一些正在开发的应用程序运行Skaffold: Skaffold.yaml apiVersion: skaffold/v2alpha3 kind: Config deploy: kubectl: manifests: - ./infra/k8s/* build: local: push: false artifacts: - image: MYDOCKERID/client context: client d
apiVersion: skaffold/v2alpha3
kind: Config
deploy:
kubectl:
manifests:
- ./infra/k8s/*
build:
local:
push: false
artifacts:
- image: MYDOCKERID/client
context: client
docker:
dockerfile: Dockerfile
sync:
manual:
- src: '**/*.js'
dest: .
apiVersion: apps/v1
kind: Deployment
metadata:
name: client-depl
spec:
replicas: 1
selector:
matchLabels:
app: client
template:
metadata:
labels:
app: client
spec:
containers:
- name: client
image: MYDOCKERID/client
---
apiVersion: v1
kind: Service
metadata:
name: client-srv
spec:
selector:
app: client
ports:
- name: client
protocol: TCP
port: 3000
targetPort: 3000
客户端的Dockerfile:
FROM node:alpine
WORKDIR /app
COPY package.json .
RUN npm install
COPY . .
CMD ["npm", "run", "dev"]
客户部门yaml
apiVersion: skaffold/v2alpha3
kind: Config
deploy:
kubectl:
manifests:
- ./infra/k8s/*
build:
local:
push: false
artifacts:
- image: MYDOCKERID/client
context: client
docker:
dockerfile: Dockerfile
sync:
manual:
- src: '**/*.js'
dest: .
apiVersion: apps/v1
kind: Deployment
metadata:
name: client-depl
spec:
replicas: 1
selector:
matchLabels:
app: client
template:
metadata:
labels:
app: client
spec:
containers:
- name: client
image: MYDOCKERID/client
---
apiVersion: v1
kind: Service
metadata:
name: client-srv
spec:
selector:
app: client
ports:
- name: client
protocol: TCP
port: 3000
targetPort: 3000
从命令行执行skaffolddev
时,所有内容都被完美编译:
[92m[client-depl-5bdc8cffcd-s9z9r client] [0mevent - compiled successfully
[92m[client-depl-5bdc8cffcd-s9z9r client] [0mwait - compiling...
[92m[client-depl-5bdc8cffcd-s9z9r client] [0mAttention: Next.js now collects completely anonymous telemetry regarding usage.
[92m[client-depl-5bdc8cffcd-s9z9r client] [0mThis information is used to shape Next.js' roadmap and prioritize features.
[92m[client-depl-5bdc8cffcd-s9z9r client] [0mYou can learn more, including how to opt-out if you'd not like to participate in this anonymous program, by visiting the following URL:
[92m[client-depl-5bdc8cffcd-s9z9r client] [0mhttps://nextjs.org/telemetry
[92m[client-depl-5bdc8cffcd-s9z9r client] [0m
[92m[client-depl-5bdc8cffcd-s9z9r client] [0mevent - compiled successfully
我已在Windows etc文件夹中的主机文件中添加了域:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 ticketing.dev
但是,在Chrometicketing.dev
中键入时,我得到:
如何在Chrome中运行应用程序并克服此消息?您缺少连接安全的证书。您还需要配置
入口
以使用您创建的证书
你应该读书
Kubernetes提供了一个certificates.k8s.io
API,允许您提供由您控制的证书颁发机构(CA)签名的TLS证书。您的工作负载可以使用这些CA和证书来建立信任
你可以看看一本很好的指南,了解如何使用它
您可以创建自签名证书,演示了如何在Windows上创建自签名证书
在Linux上,您可以执行以下操作:
[root]# mkdir certs
[root]# openssl req -nodes -newkey rsa:2048 -keyout certs/ticketing.key -out certs/ticketing.csr -subj "/C=/ST=/L=/O=/OU=/CN=default"
[root]# openssl x509 -req -sha256 -days 365 -in certs/ticketing.csr -signkey certs/ticketing.key -out certs/ticketing.crt
这将创建一个有效期为365天的证书。
然后创建一个密码
,它将保存您的证书:
kubectl create secret generic ticketing-certs --from-file=certs -n default
一旦证书和密码
准备就绪,您应该创建一个入口
:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example1-ingress
spec:
tls:
- hosts:
- www.ticketing.dev
secretName: ticketing-cert
rules:
- host: www.ticketing.dev
http:
paths:
- path: /
backend:
serviceName: client-srv
servicePort: 3000
如果您还需要什么,请告诉我。我假设您将该项目用于开发目的。如果你想在chrome上运行应用程序。要绕过此安全警告,只需在网页上正确显示此警告即可:
这是不安全的
缺少从tls到secretName的缩进