1. 首页
  2. 问答
  3. 失败部署的DataPower掌舵图表

失败部署的DataPower掌舵图表

2017-10-11 97 views
0

我尝试用下面的参数失败部署的DataPower掌舵图表

{ 
    "ibm-datapower-dev": { 
    "name": "ibm-datapower-dev", 
    "crypto.frontsideCert": "-----BEGIN CERTIFICATE REQUEST----- MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAK2cJ7rtqGPsFoFNLjOQ08knGO429u+EdIEPiXvc nvumhIoSmOquUOzyIOqPCY35Wso2EjS97dH3Qa+X8Qo8L6FfmWDBn4C6RWVPxxh1 a2P0TM1eSzPP/bVU0yghgdgPkU6jYfA0OmnBN3KOHl39gc86cI8tXUxstnlACzv+ me1RKmvMfy+IE3C0qBvvPjhNjIU4vx9OJ/DaxMh2shJxHlt718mZTCy/fAqE5bc5 19Atxy7aPD9LFWQ6/mGbnLzH8l4MqrZYFkVkZx8h3uYt3eyN0co4FicBuGtgs97s VcpZz9tC2yFEi25Iql+AdGuaK+hMNU2pF5GdNaARlyLjemECAwEAAaAAMA0GCSqG SIb3DQEBCwUAA4IBAQBvGtz0xYQOX1SqTdutLLKSJdlUt3jin3NoEvvDKAHhmpnc DDMfamqM4wjXb1JlTQKSHAdgLB/KHMgJPlb4pn9pHVCsZ9cEwz0Qz0oGPyr/rmYC IZRfmImqKdDLDhVWyK8GLv6cYwQEkuRMzytXX8DMcJcWRXuJj3cuyVGQ7BKxSnl7 0U9pbUb8mNwcvJnZfsfL4AIQR2//NoTVI+XKXg9INoJXa4WaWXAYR4QlV1+Ow52P uGnBaCsCx+JbD+2hhbbGJNzPqG1ZaZUEvnQiqOTcVseeGg6uLZ4KAGaJ52ZVWcmT Lmt+TMkML8Ajm11mJnqJIclMXs61rsHVPHbjVl5q -----END CERTIFICATE REQUEST-----", 
    "crypto.frontsideKey": "-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEArZwnuu2oY+wWgU0uM5DTyScY7jb274R0gQ+Je9ye+6aEihKY 6q5Q7PIg6o8JjflayjYSNL3t0fdBr5fxCjwvoV+ZYMGfgLpFZU/HGHVrY/RMzV5L M8/9tVTTKCGB2A+RTqNh8DQ6acE3co4eXf2Bzzpwjy1dTGy2eUALO/6Z7VEqa8x/ L4gTcLSoG+8+OE2MhTi/H04n8NrEyHayEnEeW3vXyZlMLL98CoTltznX0C3HLto8 P0sVZDr+YZucvMfyXgyqtlgWRWRnHyHe5i3d7I3RyjgWJwG4a2Cz3uxVylnP20Lb IUSLbkiqX4B0a5or6Ew1TakXkZ01oBGXIuN6YQIDAQABAoIBAEI3znuhDFpYgVj+ PEIU2oLd88dglZ1T8zAK4hCpXMZ1hBY587OHm3xU+jMdLbLGSlfYeec+DkjIu3gj Rx/1RuGRWioqkBEEe1WiMTlmB/kPBIBMl/iCO63/Va734NOtVGofLUr2UNVniiOa i4CkIfANxUMHNY/h41OqFt7iRInci3ILaHBwvLQLUc0ZHZcP1jHH/6zLxsx7ueap XbOFOrRgVt620HIDBtCntJBO24KN3TveKuLSrZPGU3G/dilOEA8kTdl9ftD4Qgbe Y4sZ0sz72WjHNSVOrdTNfyLKPOmbTs+qGW7SZWOWkDmvmLO5fu6fPWnjZqTikaUz ZWfuhJUCgYEA3x1+573AblgZGshKWFa33dYHvCOVjaqUfbNyvqWEA64vl/VBhOGU 8WUFAVlqX5tN1NxUF9KLF5Ed2iIRb8d1VUb4gTCs8BVX1rJN2VFzYIBwr66G/9bO KHAH2ABq7PgRWxEBvsvgbD6gwPAgWtx+KiSGaX1V3qvmASoz1Vj4wMcCgYEAxzK+ 1YngK9Jc4JgJMYqkfRHKwjBq99CzKJHKtXzaHVqcFmH2OqmwGWb4t0DyQsi5PKVM u4OFS3/vgSKpEwem94dB6OwuAioeX6pSkYW4qGLhOm9V9iPrjg/Q4v5+ym6iNMB+ 0CZdeR1TGI1qLFkv8ziSdN1K2Ycv2fYGSRpNE5cCgYEAgTG2M4C39e1DlDOYgTCt xWHTFslQJzk4RNVtQyHaoLrzSj21E7oAIgvJ6y8YnoXyeqiedTDwY9QfAhmqGRzZ P2kaKszBxz/EnkifNZCpi560Ibag63I57EZ69EPBprg6bI4bgZzStjtJoI8rXRHC aKq/vkPaPlcxl0kVvJuJZy8CgYEApqw7KQl4XLJjrDkKWD2dbFjawqkol7o0bhmu 9zREfJM4TzIgiO06v8Z9DTh2fJLfC3N0ROHDQm0FxZNuzNF2T18JMw+LX5xGVd15 wPGWlK5HrlFCJ/XePrvVGFnBVThE2MbIVPoE9DYpNT3+PKVTjbskMEyJOIH48/L7 R2eOXnkCgYBRCjh9ns9PSneKWGfz+ymlB0b4kCZBU69Q3ladgN50oxG6QmiccObT EXEeUl+XqhlhyR7MeNSz7IUugHSVKqpa2fGFTQ3Uk7k6QslSXHcJFl3HBjK/Ejcc H8zB9FPVe1gOqeK2HBnThC7zWOseGrBMWhyeH2cNdGXnw+dexWUTig== -----END RSA PRIVATE KEY-----", 
    "datapowerEnv.workerThreads": "4", 
    "image.pullPolicy": "IfNotPresent", 
    "image.repository": "ibmcom/datapower", 
    "image.tag": "7.6.0", 
    "patternName": "webApplicationProxy", 
    "replicaCount": "1", 
    "resources.limits.cpu": "4", 
    "resources.limits.memory": "8Gi", 
    "resources.requests.cpu": "2", 
    "resources.requests.memory": "4Gi", 
    "service.name": "datapower", 
    "service.type": "NodePort", 
    "webApplicationProxy.backendURL": "https://www.ibm.com", 
    "webApplicationProxy.containerPort": "8443" 
    } 
}

部署内部IPC一个DataPower的,但是失败(没有日志信息可用)

只是为了完成信息我使用以下命令在linux内部生成证书/密钥

generate key 
    openssl genrsa -out /tmp/hostname.key 2048 

genrate cert 
    openssl req -new -key /tmp/hostname.key -out /tmp/hostname-2017.req

有什么不对?信息/日志可用于了解错误?

来源

2017-10-11 LucaAmato

+0

我想你在一个公共论坛上发布了你的私钥。除非它是一个测试证书,否则你应该删除这篇文章。 –

回答

0

你应该base64编码的密钥和证书。他们将被用作k8s的秘密,并且这些秘密需要被base64编码。

来源

2017-10-12 11:58:33

0

首先,让我们了解这些值在做什么。

每个键crypto.frontsideCertcrypto.frontsideKey都映射到Kubernetes秘密中使用的值。你可以看到这些值是如何在图表中取代:

https://github.com/IBM/charts/blob/master/stable/ibm-datapower-dev/templates/secrets.yaml#L7-L8

,并提供一种秘密Kubernetes,其值必须是base-64编码。虽然秘密没有真正加密,但它会被随意观察遮蔽。

您可以Base64编码,在你最喜欢的Linux发行版使用base64这些字符串:

cat /tmp/hostname.key | base64 
# Outputs a large block of text, which typically ends in "==" cat 

cat /tmp/hostname-2017.req | base64 
# Outputs a large block of text, which typically ends in "=="

如果你曾经担心,在一个秘密的价值是不是你所期望的,你可以随时验证:

echo "This is an obscured secret." | base64 
VGhpcyBpcyBhbiBvYnNjdXJlZCBzZWNyZXQuCg== 

echo VGhpcyBpcyBhbiBvYnNjdXJlZCBzZWNyZXQuCg== | base64 --decode 
This is an obscured secret.

来源

2017-10-13 03:19:25

1

我可以让ICP GUI接受我的密钥和证书的唯一方法是去掉页眉,页脚和换行符。只有一个连续的加密字符串保留。

来源

2017-12-22 02:22:33 lmcwilli

相关问题

 相关问题