From 4e7fe359b657981c90a7ec79a4f0b72fa82211e1 Mon Sep 17 00:00:00 2001 From: Yecheng Fu Date: Mon, 2 Mar 2020 19:18:28 +0800 Subject: [PATCH] selfsigned tls cert created by cert-manager --- examples/selfsigned-tls/selfsigned-ca.yaml | 11 +++++++ .../selfsigned-cert-issuer.yaml | 7 +++++ .../selfsigned-tls/selfsigned-issuer.yaml | 6 ++++ examples/selfsigned-tls/tidb-client-cert.yaml | 30 +++++++++++++++++++ examples/selfsigned-tls/tidb-cluster.yaml | 29 ++++++++++++++++++ 5 files changed, 83 insertions(+) create mode 100644 examples/selfsigned-tls/selfsigned-ca.yaml create mode 100644 examples/selfsigned-tls/selfsigned-cert-issuer.yaml create mode 100644 examples/selfsigned-tls/selfsigned-issuer.yaml create mode 100644 examples/selfsigned-tls/tidb-client-cert.yaml create mode 100644 examples/selfsigned-tls/tidb-cluster.yaml diff --git a/examples/selfsigned-tls/selfsigned-ca.yaml b/examples/selfsigned-tls/selfsigned-ca.yaml new file mode 100644 index 00000000000..806a78be55c --- /dev/null +++ b/examples/selfsigned-tls/selfsigned-ca.yaml @@ -0,0 +1,11 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: selfsigned-ca-cert +spec: + secretName: selfsigned-ca-cert + commonName: "certmanager" + isCA: true + issuerRef: + name: selfsigned-issuer + kind: Issuer diff --git a/examples/selfsigned-tls/selfsigned-cert-issuer.yaml b/examples/selfsigned-tls/selfsigned-cert-issuer.yaml new file mode 100644 index 00000000000..934b53124dc --- /dev/null +++ b/examples/selfsigned-tls/selfsigned-cert-issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Issuer +metadata: + name: selfsigned-cert-issuer +spec: + ca: + secretName: selfsigned-ca-cert diff --git a/examples/selfsigned-tls/selfsigned-issuer.yaml b/examples/selfsigned-tls/selfsigned-issuer.yaml new file mode 100644 index 00000000000..7f06abf08a9 --- /dev/null +++ b/examples/selfsigned-tls/selfsigned-issuer.yaml @@ -0,0 +1,6 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Issuer +metadata: + name: selfsigned-issuer +spec: + selfSigned: {} diff --git a/examples/selfsigned-tls/tidb-client-cert.yaml b/examples/selfsigned-tls/tidb-client-cert.yaml new file mode 100644 index 00000000000..b698c3011e5 --- /dev/null +++ b/examples/selfsigned-tls/tidb-client-cert.yaml @@ -0,0 +1,30 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: tidb-client-cert +spec: + secretName: tidb-client-cert + subject: + organizationalUnits: + - "TiDB Operator" + organization: + - "PingCAP" + duration: "8760h" # 364 days + commonName: "basic-tidb" + dnsNames: + - basic-tidb.default + - basic-tidb.default.svc + - basic-tidb-peer.default + - basic-tidb-peer.default.svc + - "*.basic-tidb-peer.default" + - "*.basic-tidb-peer.default.svc" + - "localhost" + ipAddresses: + - "127.0.0.1" + - "::1" + usages: + - "client auth" + - "server auth" + issuerRef: + name: selfsigned-cert-issuer + kind: Issuer diff --git a/examples/selfsigned-tls/tidb-cluster.yaml b/examples/selfsigned-tls/tidb-cluster.yaml new file mode 100644 index 00000000000..43f78fe2181 --- /dev/null +++ b/examples/selfsigned-tls/tidb-cluster.yaml @@ -0,0 +1,29 @@ +apiVersion: pingcap.com/v1alpha1 +kind: TidbCluster +metadata: + name: basic +spec: + version: v3.0.8 + timezone: UTC + pvReclaimPolicy: Delete + pd: + baseImage: pingcap/pd + replicas: 3 + requests: + storage: "1Gi" + config: {} + tikv: + baseImage: pingcap/tikv + replicas: 3 + requests: + storage: "1Gi" + config: {} + tidb: + baseImage: pingcap/tidb + replicas: 2 + service: + type: ClusterIP + config: {} + tlsClient: + enabled: true + secretName: tidb-client-cert