堆栈内存溢出
  简体   繁体   English

在带有LetsEncrypt和多个证书的AKS上使用证书管理器

[英]Using cert-manager on AKS with LetsEncrypt and multiple certs

 原文  2019-02-25 17:22:39       azure/ kubernetes/ azure-aks/ azure-kubernetes/ cert-manager

问题描述

Are there any working samples of using cert-manager on AKS with an Nginx ingress where multiple domains have been granted SSL via LetsEncrypt, and then those dns names are directed to separate containers? 是否有在Nginx入口的AKS上使用cert-manager的工作示例,其中通过LetsEncrypt向多个域授予SSL,然后将这些dns名称定向到单独的容器?

I've had a single SSL setup for a while, but upon adding a second everything stopped working. 我已经有一个SSL设置了一段时间,但是添加一秒钟后一切都停止了工作。

I have several clusters I'll need to apply this to, so I'm hoping to ind a bullet proof example. 我需要将其应用于多个群集,因此我希望编写一个防弹示例。

1 个解决方案

解决方案1
 3 已采纳  2019-02-25 17:37:09

I dont think it should matter, i didnt really test that, but if you add 2 individual ingress resources with different domains\\secrets, it should work (at least I dont see any reason why it shouldnt): 我不认为这很重要,我没有真正测试过,但是如果您添加2个具有不同domains \\ secrets的单独入口资源,它应该可以工作(至少我看不出为什么不应该这样做)。 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tls-example-ingress
  annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
    kubernetes.io/tls-acme: "true"
    certmanager.k8s.io/issuer: letsencrypt-production
    kubernetes.io/ingress.class: "nginx
spec:
  tls:
  - hosts:
    - sslexample.foo.com
    secretName: testsecret-tls
  rules:
    - host: sslexample.foo.com
      http:
        paths:
        - path: /
          backend:
            serviceName: service1
            servicePort: 80

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tls-example-ingress
  annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
    kubernetes.io/tls-acme: "true"
    certmanager.k8s.io/issuer: letsencrypt-production
    kubernetes.io/ingress.class: "nginx
spec:
  tls:
  - hosts:
    - sslexample1.foo.com
    secretName: testsecret-tls1
  rules:
    - host: sslexample1.foo.com
      http:
        paths:
        - path: /
          backend:
            serviceName: service2
            servicePort: 80

tls is an array, so should take more than 1 item. tls是一个数组,因此应包含1个以上的项目。 not sure about interaction with cert-manager, though 尽管不确定与证书管理器的交互 

tls:
- hosts:
  - sslexample.foo.com
  secretName: testsecret-tls
- hosts:
  - sslexample1.foo.com
  secretName: testsecret1-tls

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有 LetsEncrypt 的 AKS 和用于不同容器的多个证书 - AKS with LetsEncrypt and multiple certs for different containers 对于 AKS 入口,letsencrypt 证书请求失败 - letsencrypt cert request failing for AKS ingress 使用Cert-Manager,NGINX Ingress和Let's Encrypt为Kubernetes服务配置TLS / SSL - Configure TLS/SSL for Kubernetes Services using Cert-Manager, NGINX Ingress and Let’s Encrypt 发行人更改后,Kubernetes证书经理不更新证书 - Kubernetes cert-manager not updating certificates after issuer change 无法使用 Kubernetes 和 Letsencrypt 使用 Azure DNS 区域创建通配符 (*) 证书 - Unable to create wildcard (*) Cert with Kubernetes and Letsencrypt using Azure DNS zone 出现 CreateServerCertificateAsync 错误:在 IoT Edge 设备上使用测试证书时无法获取服务器证书(天蓝色) - Getting error falling CreateServerCertificateAsync: Could not get server cert while using test certs at IoT Edge device(azure) 使用 azure 演示证书在 IoT Edge 设备上设置产品证书时出现错误“无法加载 ID 为“aziot-edged-ca”的证书” - getting error "could not load cert with ID "aziot-edged-ca"" while setting up prod certs at IoT Edge Device using azure demo certs 具有静态IP和自定义证书/ AKS入口问题的AKS - AKS with Static IP and Custom Cert / AKS Ingress issues Azure AKS 负载均衡器使用同一 IP 上的服务为多个 pod 提供服务 - Azure AKS Loadbalancer serving multiple pods using service on same IP Azure 流量管理器上的 AKS 入口终结点 - AKS Ingress endpoint on Azure Traffic Manager
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM