Skip to content

Commit aa43279

Browse files
colin404colin404
committed
feat: add support to cluster.local cluster domain
1 parent c795119 commit aa43279

File tree

2 files changed

+13
-7
lines changed

2 files changed

+13
-7
lines changed

manifests/env.k8s

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,16 @@
22

33
ONEX_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
44

5-
export ONEX_MYSQL_HOST=mariadb.infra.svc.onex.io
6-
export ONEX_REDIS_HOST=redis.infra.svc.onex.io
7-
export ONEX_ETCD_HOST=etcd.infra.svc.onex.io
8-
export ONEX_MONGO_HOST=mongo.infra.svc.onex.io
9-
export ONEX_KAFKA_HOST=onex-kafka.infra.svc.onex.io
10-
export ONEX_JAEGER_HOST=jaeger.infra.svc.onex.io
5+
# If deployed in a kubernetes cluster with cluster domain as
6+
# cluster.local, please set KUBERNETES_CLUSTER_DOMAIN to cluster.local.
7+
export KUBERNETES_CLUSTER_DOMAIN=${KUBERNETES_CLUSTER_DOMAIN:-onex.io}
8+
9+
export ONEX_MYSQL_HOST=mariadb.infra.svc.${KUBERNETES_CLUSTER_DOMAIN}
10+
export ONEX_REDIS_HOST=redis.infra.svc.${KUBERNETES_CLUSTER_DOMAIN}
11+
export ONEX_ETCD_HOST=etcd.infra.svc.${KUBERNETES_CLUSTER_DOMAIN}
12+
export ONEX_MONGO_HOST=mongo.infra.svc.${KUBERNETES_CLUSTER_DOMAIN}
13+
export ONEX_KAFKA_HOST=onex-kafka.infra.svc.${KUBERNETES_CLUSTER_DOMAIN}
14+
export ONEX_JAEGER_HOST=jaeger.infra.svc.${KUBERNETES_CLUSTER_DOMAIN}
1115

1216
# 将组件的访问地址改为 Kubernetes 服务名
1317
export ONEX_USERCENTER_HOST=onex-usercenter

scripts/gen-certs.sh

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ source "${ONEX_ROOT}/scripts/lib/init.sh"
1515
readonly LOCAL_OUTPUT_ROOT="${ONEX_ROOT}/${OUT_DIR:-_output}"
1616
readonly LOCAL_OUTPUT_CAPATH="${LOCAL_OUTPUT_ROOT}/cert"
1717
readonly ONEX_DOMAIN="onex.io"
18+
# To ensure that access is available in the default k8s cluster (with cluster domain as cluster.local).
19+
readonly DEFAULT_KUBERNETES_CLUSTER_DOMAIN="cluster.local"
1820

1921
# Hostname for the cert
2022
#readonly CERT_HOSTNAME="${CERT_HOSTNAME:-onex-apiserver},127.0.0.1,localhost,"
@@ -94,7 +96,7 @@ EOF
9496

9597
#echo "Generate "${prefix}" certificates..."
9698
echo '{"CN":"'"${prefix}"'","hosts":[],"key":{"algo":"rsa","size":2048},"names":[{"C":"CN","ST":"Shenzhen","L":"Shenzhen","O":"tencent","OU":"'"${prefix}"'"}]}' \
97-
| ${CFSSL_BIN} gencert -hostname="${CERT_HOSTNAME},${prefix/-/.}.${ONEX_DOMAIN}" -ca=ca.pem -ca-key=ca-key.pem \
99+
| ${CFSSL_BIN} gencert -hostname="${CERT_HOSTNAME},${prefix/-/.}.${DEFAULT_KUBERNETES_CLUSTER_DOMAIN},${prefix/-/.}.${ONEX_DOMAIN}" -ca=ca.pem -ca-key=ca-key.pem \
98100
-config=ca-config.json -profile=node - | ${CFSSLJSON_BIN} -bare "${prefix}"
99101

100102
# the popd will access `directory stack`, no `real` parameters is actually needed

0 commit comments

Comments
 (0)