我的书签
添加书签
移除书签NATS Cluster and Cert Manager
If you are running Kubernetes < 1.15, use instead.
apiVersion: cert-manager.io/v1alpha2kind: ClusterIssuermetadata:name: selfsigningspec:selfSigned: {}
clusterissuer.certmanager.k8s.io/selfsigning unchanged
Now create the certs that will match the DNS name used by the clients to connect, in this case traffic is within Kubernetes so we are using the name nats which is backed up by a headless service (here is an example of sample deployment)
---apiVersion: cert-manager.io/v1alpha2kind: Certificatemetadata:name: nats-server-tlsspec:secretName: nats-server-tlsduration: 2160h # 90 daysrenewBefore: 240h # 10 daysissuerRef:name: nats-cakind: Issuer- signing- key encipherment- server authorganization:- Your organizationcommonName: nats.default.svc.cluster.localdnsNames:- nats.default.svc
---apiVersion: cert-manager.io/v1alpha2kind: Certificatemetadata:name: nats-routes-tlsspec:secretName: nats-routes-tlsduration: 2160h # 90 daysrenewBefore: 240h # 10 daysissuerRef:name: nats-causages:- signing- key encipherment- server auth- client authorganization:- Your organizationcommonName: "*.nats-mgmt.default.svc.cluster.local"dnsNames:- "*.nats-mgmt.default.svc"
Now let’s create an example NATS cluster with the operator:
kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODEnats-1 1/1 Running 0 4s 172.17.0.8 minikube <none>nats-2 1/1 Running 0 3s 172.17.0.9 minikube <none>nats-3 1/1 Running 0 2s 172.17.0.10 minikube <none>
Follow the logs:
[1] 2019/12/18 12:27:23.920417 [INF] Starting nats-server version 2.1.4[1] 2019/12/18 12:27:23.920590 [INF] Git commit [not set][1] 2019/12/18 12:27:23.921024 [INF] Listening for client connections on 0.0.0.0:4222[1] 2019/12/18 12:27:23.921047 [INF] Server id is NDA6JC3TGEADLLBEPFAQ4BN4PM3WBN237KIXVTFCY3JSTDOSRRVOJCXN
