堆栈内存溢出
  简体   繁体   English

如何在 ClusterIssuer 中提供对秘密命名空间的引用?

[英]How to provide reference to the secret namespace in ClusterIssuer?

 原文  2022-09-23 20:50:41       kubernetes/ ca/ kubernetes-secrets/ cert-manager

问题描述

I have a ClusterIssuer that is expecting secretName , I see in the ClusterIssuer spec , I can specify the secretName :我有一个期望secretName的 ClusterIssuer ,我在ClusterIssuer spec中看到,我可以指定secretName

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: postgres-operator-ca-certificate-cluster-issuer
spec:
  ca:
    secretName: postgres-operator-ca-certificate     # <---- Here

but how to provide the reference to the secret namespace?但是如何提供对秘密命名空间的引用呢? This secret is created using Certificate :这个秘密是使用Certificate创建的:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: postgres-operator-self-signed-ca-certificate
  namespace: postgres                 # <---- This namespace can not be changed to cert-manager
spec:
  isCA: true
  commonName: postgres-operator-ca-certificate
  secretName: postgres-operator-ca-certificate
  issuerRef:
    name: postgres-operator-selfsigned-clusterissuer
    kind: ClusterIssuer

As this is namespaced is the suggestion is to use Issuer instead of ClusterIssuer ?由于这是namespaced ,因此建议使用Issuer而不是ClusterIssuer Does ClusterIssuer by default look in the cert-manager namespace? ClusterIssuer默认是否在cert-manager命名空间中查找?

1 个解决方案

解决方案1
 0  2022-09-24 04:22:07

Typically it will look for the secret in the namespace cert-manager by default.通常,默认情况下它会在命名空间cert-manager中查找密钥。 Which namespace it looks in can be changed by your cert-manager installation by using the --cluster-resource-namespace argument, but not by individual ClusterIssuer.它查找的命名空间可以由您的 cert-manager 安装通过使用--cluster-resource-namespace参数进行更改,但不能由单个 ClusterIssuer 更改。

From the documentation:从文档中:

If the referent is a cluster-scoped resource (eg a ClusterIssuer), the reference instead refers to the resource with the given name in the configured 'cluster resource namespace', which is set as a flag on the controller component (and defaults to the namespace that cert-manager runs in).如果引用是集群范围的资源(例如 ClusterIssuer),则引用改为引用配置的“集群资源命名空间”中具有给定名称的资源,该名称在 controller 组件上设置为标志(默认为cert-manager 运行的命名空间)。

https://cert-manager.io/docs/reference/api-docs/#meta.cert-manager.io/v1.LocalObjectReference https://cert-manager.io/docs/reference/api-docs/#meta.cert-manager.io/v1.LocalObjectReference

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何配置 ClusterIssuer 来自定义证书有效期和续订? - How to configurre ClusterIssuer to customize certificate duration and renewal? 如何测试 ClusterIssuer 求解器? - How do I test a ClusterIssuer solver? 知道如何从 kubernetes 命名空间中删除机密的任何方式 - Any way to know how a secret got deleted from kubernetes namespace Springboot:如何从 Kubernetes 秘密中引用变量 - Springboot: How to reference a variable from Kubernetes secret 使用命名空间在 YML 中指定机密 - Specify a secret in YML WITH a namespace 如何允许来自默认命名空间的 pod,从其他命名空间读取秘密 - How allow pod from default namespace, read secret from other namespace 使用 terraform 设置 letsencrypt ClusterIssuer - setup letsencrypt ClusterIssuer with terraform kubed 同步密钥到多个命名空间 - kubed syncing secret to more than one namespace 创建命名空间和机密,仅在不存在时才打补丁 - Create namespace and secret, do patch only if not existing 秘密不是从当前命名空间中获取的,而是从默认命名空间中获取的 - Secret not fetched from current namespace, but from the default namespace
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM