# 1. 创建配置文件
cat > gitlab-cert.conf <<EOF [req] default_bits = 2048 prompt = no default_md = sha256 distinguished_name = dn req_extensions = v3_req [dn] CN = gitlab.devops.global-fairy.top O = Global Fairy DevOps OU = GitLab [v3_req] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = gitlab.devops.global-fairy.top EOF
# 2. 生成私钥和证书
openssl req -x509 -newkey rsa:2048 -sha256 -days 3650 \ -keyout gitlab.key -out gitlab.crt -config gitlab-cert.conf -nodes
# 3. 验证证书
openssl x509 -in gitlab.crt -text -noout | grep -A2 "Subject:\|Subject Alternative Name"
# 4. 创建新的
Secret kubectl create secret tls gitlab-tls-secret-new \ --cert=gitlab.crt --key=gitlab.key -n devops
# 5. 替换旧 Secret(先删除再创建,或直接 patch)
kubectl delete secret gitlab-tls-secret -n devops kubectl create secret tls gitlab-tls-secret \ --cert=gitlab.crt --key=gitlab.key -n devops