具有大使API网关的Azure Kubernetes上的自定义域
[英]Custom Domain on Azure Kubernetes with Ambassador API Gateway
问题描述
I am trying to configure an Ambassador Gateway on Kubernetes with Letsencrypt & cert-manager on Azure. 
我正在尝试在Azure上使用Letsencrypt和cert-manager在Kubernetes上配置一个大使网关。
I am receiving the following errors in the cert-manager logs - 我在cert-manager日志中收到以下错误-
Error getting certificate 'ambassador-certs': secret "ambassador-
certs" not found
certificates controller: Re-queuing item "default/<certificate-name>" due
to error
processing: http-01 self check failed for domain "<certificate-name>"
If I then create the secret in Kubernetes called ambassador-certs it starts to log the following - 如果我随后在Kubernetes中创建称为ambassador-certs的秘密,它将开始记录以下内容-
Re-queuing item "default/<certificate-name>" due to error processing:
no data for "tls.crt" in secret 'default/ambassador-certs'
My configuration is as follows - 我的配置如下-
Kubernetes Secret Kubernetes的秘密
apiVersion: v1
kind: Secret
metadata:
name: ambassador-certs
namespace: default
type: Opaque
Kubernetes Certificate Kubernetes证书
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: <name>
spec:
secretName: ambassador-certs
commonName: <domain-name>
dnsNames:
- <domain-name>
acme:
config:
- http01:
ingressClass: nginx
domains:
- <domain-name>
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
Kubernetes ClusterIssuer Kubernetes ClusterIssuer
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod
http01: {}
I installed Ambassador as directed from their site - 我按照其网站的指示安装了大使-
kubectl apply -f
https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml
WhenI tried this with an Ingress Controller the certificates were created and added to the secrets successfully. 当我使用Ingress Controller尝试此操作时,将成功创建证书并将其添加到机密中。 What am I missing with Ambassador please? 请问我想念大使什么?
Finally, according to the Ambassador website this is all I need to do 最后,根据大使网站,这就是我要做的全部
Certificate Manager
Jetstack's cert-manager lets you easily provision and manage TLS certificates on Kubernetes.
Once cert-manager is running and you have successfully created the >issuer, you can request a certificate such as the following:
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: cloud-foo-com
namespace: default
spec:
secretName: ambassador-certs
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: cloud.foo.com
dnsNames:
- cloud.foo.com
acme:
config:
- dns01:
provider: clouddns
domains:
- cloud.foo.com
Note the secretName line above.
Thank you. 谢谢。 Slowly dying inside trying to resolve this :-) 慢慢死在里面试图解决这个问题:-)
EDIT 编辑
I deleted everything and reconfigured firstly with Ambassador using http. 我删除了所有内容,并首先使用http重新配置了大使。 That worked. 那行得通。 I was able to browse to my httpbin.org route over http successfully. 我能够通过http浏览到我的httpbin.org路由。 I then switched to port 443 on the Ambassador Service yaml and re-applied all as above. 然后,我切换到Ambassador Service yaml上的端口443,并如上所述重新应用所有端口。
This is still being logged in the cert-manager logs 仍在cert-manager日志中记录
Re-queuing item "default/<certificate-name>" due to error processing: no data
for "tls.crt" in secret 'default/ambassador-certs'
kubectl describe secret ambassador-certs
Name: ambassador-certs
Namespace: default
Labels: <none>
Annotations:
Type: Opaque
Data
====
1 个解决方案
解决方案1
0 2019-05-06 17:01:40
这基本上意味着挑战失败了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.