Openshift:创建直通安全路线

编程问答 2022-08-14

问题描述

我是Openshift的新手,目前正在尝试学习如何创建安全的直通路线。到目前为止,我必须创建一个私钥,生成一个CSR并生成一个自签名证书。我陷入了下一步。我相信我必须创建一个TLS机密,然后在容器中安装cert吗?有人可以告诉我下一步吗?

生成私钥

namespace App\Entity;

use Doctrine\ORM\Mapping as ORM; //doctrine orm annotations
use Doctrine\Common\Collections\ArrayCollection;
use Gedmo\Mapping\Annotation as Gedmo; //gedmo annotations
use JMS\Serializer\Annotation as Serializer; //jms serializer annotations

use App\Entity\QuotationItem;

/**
 * @ORM\Entity(repositoryClass="App\Repository\QuotationRepository")
 * @ORM\Table(name="sy_quotation")
 * @Serializer\ExclusionPolicy("all")
 * 
 * Class Quotation
 * 
 * la classe Quotation definisce un preventivo di spesa associato ad un progetto
 * 
 * @author
 */
class Quotation
{
    /**
     * @ORM\Id()
     * @ORM\GeneratedValue()
     * @ORM\Column(type="integer")
     */
    private $id;
    
    /**
     * @ORM\ManyToOne(targetEntity="App\Entity\User")
     */
    private $user;
    
    /**
     * @ORM\OnetoOne(targetEntity="App\Entity\Project",inversedBy="quotation")
     */
    private $project;
    
    /**
     * @ORM\Column(type="json",nullable=false)
     * @Serializer\Expose()
     * @Serializer\Type("ArrayCollection<App\Entity\QuotationItem>")
     */
    private $items;
    
    /**
     * @ORM\Column(type="decimal",precision=6,scale=2,nullable=false)
     */
    private $price;
    
    /**
     * @ORM\Column(type="datetime")
     * @Gedmo\Timestampable(on="create")
     */
    private $createdAt;
    
    /**
     * @ORM\Column(type="datetime")
     * @Gedmo\Timestampable(on="update")
     */
    private $updatedAt;
    
    public function __construct()
    {
        $this->items            = new ArrayCollection();
        $this->setPrice(0);
    }
    
    public function getId(): ?int
    {
        return $this->id;
    }
    
    public function setUser(?User $user): self
    {
        $this->user             = $user;
        
        return $this;
    }
    
    public function getUser(): ?User
    {
        return $this->user;
    }
    
    public function setProject(?Project $project): self
    {
        $this->project          = $project;
        
        return $this;
    }
    
    public function getProject(): ?Project
    {
        return $this->project;
    }
    
    public function setItems(?ArrayCollection $items): self
    {
        $this->items            = $items;
        
        return $this;
    }
    
    public function getItems(): ?ArrayCollection
    {
        return $this->items;
    }
    
    public function addItem(QuotationItem $item): self
    {
        if(!$this->items->contains($item)) {
            $this->items[]      = $item;
        }
        
        return $this;
    }
    
    public function removeItem(QuotationItem $item): self
    {
        if($this->items->contains($item)) {
            $this->items->removeElement($item);
        }
        
        return $this;
    }
    
    public function setPrice(?float $price): self
    {
        $this->price            = $price;
        
        return $this;
    }
    
    public function getPrice(): ?float
    {
        return $this->price;
    }
}

namespace App\Entity;

use Doctrine\ORM\Mapping as ORM;
use JMS\Serializer\Annotation as Serializer; //jms serializer annotations

use App\Enum\ProjectTypeEnum;

/**
 * @ORM\Entity(repositoryClass="App\Repository\QuotationItemRepository")
 * @ORM\Table(name="sy_quotation_item")
 * @Serializer\ExclusionPolicy("none")
 * 
 * Class QuotationItem
 * 
 * la classe QuotationItem definisce una singola voce per calcolare
 * il preventivo di spesa per un nuovo progetto
 * 
 * @author
 */
class QuotationItem
{
    /**
     * @ORM\Id()
     * @ORM\GeneratedValue()
     * @ORM\Column(type="integer")
     * @Serializer\Type("integer")
     */
    private $id;
    
    /**
     * @ORM\Column(type="string",length=25,nullable=false)
     * @Serializer\Type("string")
     */
    private $type;
    
    /**
     * @ORM\Column(type="string",nullable=false)
     * @Serializer\Type("string")
     * @Serializer\Inline
     */
    private $item;
    
    /**
     * @ORM\Column(type="string",nullable=false)
     * @Serializer\Type("string")
     */
    private $value;
    
    /**
     * @ORM\Column(type="decimal",nullable=false)
     * @Serializer\Type("float")
     */
    private $price;
    
    public function __construct()
    {
        $this->setType(ProjectTypeEnum::TYPE_BASIC);
        $this->setPrice(0);
    }
    
    public function getId(): ?int
    {
        return $this->id;
    }
    
    public function setType(?string $type): self
    {
        $this->type             = $type;
        
        return $this;
    }
    
    public function getType(): ?string
    {
        return $this->type;
    }
    
    public function setItem(?string $item): self
    {
        $this->item             = $item;
        
        return $this;
    }
    
    public function getItem(): ?string
    {
        return $this->item;
    }
    
    public function setValue(?string $value): self
    {
        $this->value            = $value;
        
        return $this;
    }
    
    public function getValue(): ?string
    {
        return $this->value;
    }
    
    public function setPrice(?float $price): self
    {
        $this->price            = $price;
        
        return $this;
    }
    
    public function getPrice(): ?float
    {
        return $this->price;
    }
}

生成CSR 

$ openssl genrsa -out PHP.key 2048

生成自签名证书

$ openssl req -new -key PHP.key -out PHP.csr  \
-subj "/C=GB/ST=London/L=London/O=IT/OU=IT/CN=www.example.com"

此步骤后,我不确定如何执行TLS机密并将证书安装在容器中

解决方法

  1. 在同一项目下创建秘密 $ oc创建秘密tls php --cert = php.crt --key = php.key

  2. 在部署中注入机密。 $ oc设置卷dc php --add -t secret --secret-name = php -m / usr / local / etc / ssl / certs

  3. 公开您的服务 $ oc创建路由直通php --service = php --hostname = php.apps.example.com

注意:/ CN名称应为“ php.apps.example.com”

openshiftopenssl