[英]Kubernetes Ingress SSL certificate invalid
I have migrated a django web application to kubernetes.我已将 django Web 应用程序迁移到 kubernetes。 For this application, I am running a service which can be accessed from a domain name.
对于这个应用程序,我正在运行一个可以从域名访问的服务。 Following are the yaml files for my Service, Ingress and Certificate:-
以下是我的服务、入口和证书的 yaml 文件:-
Service:-服务:-
kind: Service
apiVersion: v1
metadata:
name: app-service
namespace: my-namespace
labels:
app: my-app
spec:
type: ClusterIP
selector:
app: my-app
ports:
- protocol: TCP
port: 8000
targetPort: 8000
Ingress:-入口:-
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: app-ingress
namespace: my-namespace
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/acme-challenge-type: http01
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.allow-http: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: abc
http:
paths:
- path: /
backend:
serviceName: app-service
servicePort: 8000
tls:
- secretName: sname
hosts:
- abc
Certificate:-证书:-
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: sname
namespace: my-namespace
spec:
secretName: sname
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- abc
acme:
config:
- dns01:
provider: route53
domains:
- abc
Note: abc is my company url.注意:abc 是我公司的网址。
When I try to open my django web app in the url I get the error as:当我尝试在 url 中打开我的 django web 应用程序时,我收到错误消息:
NET::ERR_CERT_AUTHORITY_INVALID Subject: Kubernetes Ingress Controller Fake Certificate NET::ERR_CERT_AUTHORITY_INVALID 主题:Kubernetes 入口控制器假证书
I have referred to Kubernetes Ingress SSL certificate post but it did not help.我已经提到了Kubernetes Ingress SSL 证书帖子,但它没有帮助。 I would like to know if there is anything I am missing or anything which I have configured wrong.
我想知道是否有我遗漏的任何内容或我配置错误的任何内容。
When I try to run the command kubectl get ing -n my-namespace ;当我尝试运行命令kubectl get ing -n my-namespace ; I don't see any address in the ingress.
我在入口中没有看到任何地址。
Many Thanks!非常感谢!
Let's Encrypt, as every other CA, is not meant to obtain and won't deliver certificates for non public domains.与其他所有 CA 一样,Let's Encrypt 并不打算获取也不会为非公共域提供证书。 abc is not public domain.
abc不是公共领域。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.