oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update Kubernetes TLS doc with info for distributed setups (#5971)

Browse Source 
Also, add details on how to create wildcard self-signed certificates
using openssl
master
Nitish Tiwari 7 years ago committed by Harshavardhana
parent 000e360196
commit 5afd856355
2 changed files with 13 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 10
      docs/tls/README.md
  2. 4
      docs/tls/kubernetes/README.md

10
docs/tls/README.md
Unescape View File

@ -70,8 +70,16 @@ openssl rsa -in private-pkcs8-key.key -aes256 -passout pass:PASSWORD -out privat
**Generate the self-signed certificate**: **Generate the self-signed certificate**:
Generate self-signed certificate using the below command (remember to replace `<domain.com>` with your actual domain name)
```sh
openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=<domain.com>"
```
Generate self-signed wildcard certificate using the below command. This certificate will be valid for all the sub-domains under `domain.com`. Wildcard certificates come in handy while deploying distributed Minio instances where there may be multiple sub-domains under a single domain, with each one running a separate Minio instance.
```sh ```sh
openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=domain" openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=<*.domain.com>"
``` ```
### Using OpenSSL (with IP address) ### Using OpenSSL (with IP address)

4
docs/tls/kubernetes/README.md
Unescape View File

@ -10,6 +10,10 @@ This document explains how to configure Minio server with TLS certificates on Ku
- Acquire TLS certificates, either from a CA or [create self-signed certificates](https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls). - Acquire TLS certificates, either from a CA or [create self-signed certificates](https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls).
For a [distributed Minio setup](https://docs.minio.io/docs/distributed-minio-quickstart-guide), where there are multiple pods with different domain names expected to run, you will either need wildcard certificates valid for all the domains or have specific certificates for each domain. If you are going to use specific certificates, make sure to create Kubernetes secrets accordingly.
For testing purposes, here is [how to create self-signed certificates](https://github.com/minio/minio/tree/master/docs/tls#3-generate-self-signed-certificates).
## 2. Create Kubernetes secret ## 2. Create Kubernetes secret
[Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret) are intended to hold sensitive information. [Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret) are intended to hold sensitive information.

Write Preview
Loading…
Cancel
Save