[英]kubernetes certs not working with let's encrypt cert-manager
I can't seem to get cert-manager working:我似乎无法让证书管理器工作:
$ kubectl get certificates -o wide
NAME READY SECRET ISSUER STATUS AGE
tls-secret False tls-secret letsencrypt Issuing certificate as Secret does not exist 115m
$ kubectl get CertificateRequest -o wide
NAME READY ISSUER STATUS AGE
tls-secret-xxxx False letsencrypt Referenced "ClusterIssuer" not found: clusterissuer.cert-manager.io "letsencrypt" not found 113m
my certificate.yaml is:我的 certificate.yaml 是:
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: tls-secret
namespace: default
spec:
secretName: tls-secret
dnsNames:
- aks-xxxx.xxxxx.xxxx.aksapp.io
acme:
config:
- http01:
ingress:
name: xxxxxx
domains:
- aks-xxxx.xxxxx.xxxx.aksapp.io
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
When i get cluster issuers当我获得集群发行者时
$ kubectl get clusterissuers
No resources found
any idea whats wrong?知道怎么了吗?
You have not created the clusterissuers so it wont be there.您还没有创建clusterissuers ,所以它不会在那里。
As you have created the certificate you can try the创建证书后,您可以尝试
kubectl get certificate
Your error is clearly saying the issue you have to create the clusterissuers您的错误清楚地说明了您必须创建集群发行者的问题
Referenced "ClusterIssuer" not found: clusterissuer.cert-manager.io "letsencrypt" not found
找不到引用的“ClusterIssuer”:找不到 clusterissuer.cert-manager.io“letsencrypt”
Cert-manager site: https://cert-manager.io/docs/证书管理器站点: https://cert-manager.io/docs/
Installation: https://cert-manager.io/docs/installation/安装: https://cert-manager.io/docs/installation/
in single line just apply:在单行中只需应用:
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml
how to configure & setup the clusterissuer : https://cert-manager.io/docs/configuration/acme/如何配置和设置集群发行者: https://cert-manager.io/docs/configuration/acme/
Example of cluster issuer
& ingress
cluster issuer
者和ingress
示例
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: cluster-issuer-name
namespace: development
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: harsh@example.com
privateKeySecretRef:
name: secret-name
solvers:
- http01:
ingress:
class: nginx-class-name
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx-class-name
cert-manager.io/cluster-issuer: cluster-issuer-name
nginx.ingress.kubernetes.io/rewrite-target: /
name: example-ingress
spec:
rules:
- host: sub.example.com
http:
paths:
- path: /api
backend:
serviceName: service-name
servicePort: 80
tls:
- hosts:
- sub.example.com
secretName: secret-name
Try with the latest cert-manager.尝试使用最新的证书管理器。 You'll also need issuer.yaml if you haven't set it up already
如果您还没有设置,您还需要 issuer.yaml
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.