Update Kubernetes TLS doc with info for distributed setups (#5971)

Also, add details on how to create wildcard self-signed certificates
using openssl
This commit is contained in:
Nitish Tiwari 2018-05-24 09:11:25 +05:30 committed by Harshavardhana
parent 000e360196
commit 5afd856355
2 changed files with 13 additions and 1 deletions

View File

@ -70,8 +70,16 @@ openssl rsa -in private-pkcs8-key.key -aes256 -passout pass:PASSWORD -out privat
**Generate the self-signed certificate**:
Generate self-signed certificate using the below command (remember to replace `<domain.com>` with your actual domain name)
```sh
openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=domain"
openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=<domain.com>"
```
Generate self-signed wildcard certificate using the below command. This certificate will be valid for all the sub-domains under `domain.com`. Wildcard certificates come in handy while deploying distributed Minio instances where there may be multiple sub-domains under a single domain, with each one running a separate Minio instance.
```sh
openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=<*.domain.com>"
```
### Using OpenSSL (with IP address)

View File

@ -10,6 +10,10 @@ This document explains how to configure Minio server with TLS certificates on Ku
- Acquire TLS certificates, either from a CA or [create self-signed certificates](https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls).
For a [distributed Minio setup](https://docs.minio.io/docs/distributed-minio-quickstart-guide), where there are multiple pods with different domain names expected to run, you will either need wildcard certificates valid for all the domains or have specific certificates for each domain. If you are going to use specific certificates, make sure to create Kubernetes secrets accordingly.
For testing purposes, here is [how to create self-signed certificates](https://github.com/minio/minio/tree/master/docs/tls#3-generate-self-signed-certificates).
## 2. Create Kubernetes secret
[Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret) are intended to hold sensitive information.