[英]Kubernetes: cert-manager certificate is keep in pending state
I have installed cert-manager 0.12.0 for SSL certificate.我已经为 SSL 证书安装了 cert-manager 0.12.0。
My Issuer file is我的发行人文件是
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: my@email.com
privateKeySecretRef:
name: letsencrypt-prod
http01: {}
My certificate file我的证书文件
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: tls-secret
spec:
secretName: tls-secret-prod
dnsNames:
- mydomain.com
acme:
config:
- http01:
ingressClass: nginx
domains:
- mydomain.com
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
Ingress configuration is入口配置是
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: cms
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/tls-acme: "true"
spec:
tls:
- hosts:
- mydomain.com
secretName: tls-secret-prod
rules:
- host: mydomain.com
http:
paths:
- backend:
serviceName: apostrophe
servicePort: 80
path: /
But still, SSL certificated is not valid.但是,经过 SSL 认证的 SSL 仍然无效。 And Common name is “Kubernetes Ingress Controller Fake Certificate”.
通用名称是“Kubernetes Ingress Controller Fake Certificate”。
The following result to show orders and challenges以下结果显示订单和挑战
kubectl get orders, challenges -o wide
NAME STATE DOMAIN REASON AGE
challenge.certmanager.k8s.io/tls-secret-155743219-0 pending mydomain.com pods "cm-acme-http-solver-gk2zx" is forbidden: minimum cpu usage per Container is 100m, but request is 10m. 26m
I have updated the resources limit the range and reinstalled cert-manager with helm.我已经更新了资源限制范围并用 helm 重新安装了 cert-manager。 I am still getting this error.
我仍然收到此错误。 I am not sure what goes wrong or show how to fix this.
我不确定出了什么问题,也不知道如何解决这个问题。
Please let me know if you need anything.如果您需要什么,请告诉我。 Thanks in advance!
提前致谢!
The problem lays in cpu limits defined for specific pod.问题在于为特定 pod 定义的 CPU 限制。 You have to change minimum CPU limit in deployment configuration file.
您必须在部署配置文件中更改最低 CPU 限制。 As you can see pod ( cm-acme-http-solver ) is requesting 100m CPU usage while minimum CPU usage defined for specific pod is *10m**.
如您所见,pod ( cm-acme-http-solver ) 请求100m CPU 使用率,而为特定 pod 定义的最低 CPU 使用率是 *10m**。 So change CPU limits in deployment configuration file from 100m to 10m or less or you can also increase CPU requests.
因此,将部署配置文件中的 CPU 限制从100m更改为10m或更小,或者您也可以增加 CPU 请求。
Take a look here: cert-manager-kubernetes , pod-min-cpu-request .看看这里: cert-manager-kubernetes , pod-min-cpu-request 。
Useful article: resources-limits-kubernetes .有用的文章: resources-limits-kubernetes 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.