使用 cert-manager 获取 Rancher 的 Letencrypt 证书时连接被拒绝
[英]Connection refused when using cert-manager to get a letsencrypt certificate for rancher
问题描述
I installed MicroK8s on my freshly installed Ubuntu 20.04 server using these instructions: https://microk8s.io/
我使用以下说明在新安装的 Ubuntu 20.04 服务器上安装了 MicroK8s: https ://microk8s.io/
Then I installed helm following these instructions: https://helm.sh/docs/intro/install/然后我按照以下说明安装了 helm: https : //helm.sh/docs/intro/install/
And finally I installed rancher using these instructions: https://rancher.com/docs/rancher/v2.x/en/installation/install-rancher-on-k8s/最后我使用这些说明安装了牧场主: https : //rancher.com/docs/rancher/v2.x/en/installation/install-rancher-on-k8s/
It appeared to work.它似乎有效。 The rancher pods are running, however rancher itself isn't reachable. Rancher Pod 正在运行,但无法访问 Rancher 本身。 There is no firewall active on the system.系统上没有活动的防火墙。 So I had a look at the logs:于是我查看了日志:
kubectl -n cattle-system describe certificate
...
Spec:
Dns Names:
<domain>
Issuer Ref:
Group: cert-manager.io
Kind: Issuer
Name: rancher
Secret Name: tls-rancher-ingress
Status:
Conditions:
Last Transition Time: 2020-10-16T16:12:11Z
Message: Waiting for CertificateRequest "tls-rancher-ingress-3273743932" to complete
Reason: InProgress
Status: False
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal GeneratedKey 78m cert-manager Generated a new private key
Normal Requested 78m cert-manager Created new CertificateRequest resource "tls-rancher-ingress-3273743932"
kubectl -n cert-manager logs cert-manager-86b8b4f4b7-jvrg9
I1016 17:25:13.476038 1 sync.go:86] cert-manager/controller/issuers "msg"="Error initializing issuer: Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.53:53: read udp 127.0.0.1:34709-\u003e127.0.0.53:53: read: connection refused" "resource_kind"="Issuer" "resource_name"="rancher" "resource_namespace"="cattle-system"
I'm kind of new to kubernetes and this log isn't great.我是 kubernetes 的新手,这个日志不是很好。 Where exactly is the connection getting refused?连接究竟在哪里被拒绝? At the issuer (letsencrypt) itself?在发行人(letsencrypt)本身? How do I fix it?我如何解决它?
EDIT: Mainly I'm having trouble interpreting this last log message which is trying to tell me what's wrong.编辑:主要是我在解释最后一条试图告诉我出了什么问题的日志消息时遇到了麻烦。 "lookup acme-v02.api.letsencrypt.org on 127.0.0.53:53" reads like it's incorrectly resolving that dns entry. “在 127.0.0.53:53 上查找 acme-v02.api.letsencrypt.org”读起来好像它错误地解析了那个 dns 条目。 If I ping it on the host, it correctly resolves it though.如果我在主机上 ping 它,它会正确解决它。 Is there some DNS config I need to do for kubernetes pods to be able to use the host's dns?我需要为 kubernetes pod 做一些 DNS 配置才能使用主机的 dns 吗? I might also be entirely wrong here.我在这里也可能完全错了。
1 个解决方案
解决方案1
0 已采纳 2020-11-19 13:56:54
安装 microk8s dns 和 ingress 插件解决了这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.