Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Installing with install.sh should generate SSL certifcates with only containerd installed #3861

Closed
Smithx10 opened this issue Mar 23, 2024 · 2 comments · Fixed by #4068
Closed

Installing with install.sh should generate SSL certifcates with only containerd installed #3861

Smithx10 opened this issue Mar 23, 2024 · 2 comments · Fixed by #4068
Labels
documents Need documents

Comments

@Smithx10
Copy link

Smithx10 commented Mar 23, 2024
edited
Loading

Installing with install.sh should generate SSL certifcates with only containerd installed

if [[ $ENABLE_SSL = "true" ]];then
  echo "[Step 0/6] Generate SSL key and cert"
  exist=$(kubectl get secret -n kube-system kube-ovn-tls --ignore-not-found)
  if [[ $exist == "" ]];then
    docker run --rm -v "$PWD":/etc/ovn $REGISTRY/kube-ovn:$VERSION bash generate-ssl.sh
    kubectl create secret generic -n kube-system kube-ovn-tls --from-file=cacert=cacert.pem --from-file=cert=ovn-cert.pem --from-file=key=ovn-privkey.pem
    rm -rf cacert.pem ovn-cert.pem ovn-privkey.pem ovn-req.pem
  fi
  echo "-------------------------------"
  echo ""
fi
@Smithx10 Smithx10 changed the title Installing with install.sh should generating SSL certifcates with crictl if docker not present Installing with install.sh should generate SSL certifcates with crictl if docker not present Mar 23, 2024
@Smithx10 Smithx10 changed the title Installing with install.sh should generate SSL certifcates with crictl if docker not present Installing with install.sh should generate SSL certifcates with only containerd installed Mar 23, 2024
@Smithx10
Copy link
Author

Here is the command for doing so:

    ctr image pull $REGISTRY/kube-ovn:$VERSION
    ctr run --rm --mount type=bind,src="$PWD",dst=/etc/ovn,options=rbind:rw $REGISTRY/kube-ovn:$VERSION 0 bash generate-ssl.sh

@zhangzujian zhangzujian added the documents Need documents label Mar 26, 2024
@zhangzujian
Copy link
Member

Helm chart is the recommanded method for installation with SSL certifcates.

@oilbeater oilbeater mentioned this issue May 22, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documents Need documents
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

support ctr to generate ssl certs kubeovn/kube-ovn
2 participants
@Smithx10 @zhangzujian