[英]How to provide reference to the secret namespace in ClusterIssuer?
I have a ClusterIssuer that is expecting secretName
, I see in the ClusterIssuer
spec
, I can specify the secretName
:我有一个期望
secretName
的 ClusterIssuer ,我在ClusterIssuer
spec
中看到,我可以指定secretName
:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: postgres-operator-ca-certificate-cluster-issuer
spec:
ca:
secretName: postgres-operator-ca-certificate # <---- Here
but how to provide the reference to the secret namespace?但是如何提供对秘密命名空间的引用呢? This secret is created using
Certificate
:这个秘密是使用
Certificate
创建的:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: postgres-operator-self-signed-ca-certificate
namespace: postgres # <---- This namespace can not be changed to cert-manager
spec:
isCA: true
commonName: postgres-operator-ca-certificate
secretName: postgres-operator-ca-certificate
issuerRef:
name: postgres-operator-selfsigned-clusterissuer
kind: ClusterIssuer
As this is namespaced
is the suggestion is to use Issuer
instead of ClusterIssuer
?由于这是
namespaced
,因此建议使用Issuer
而不是ClusterIssuer
? Does ClusterIssuer
by default look in the cert-manager
namespace? ClusterIssuer
默认是否在cert-manager
命名空间中查找?
Typically it will look for the secret in the namespace cert-manager
by default.通常,默认情况下它会在命名空间
cert-manager
中查找密钥。 Which namespace it looks in can be changed by your cert-manager installation by using the --cluster-resource-namespace
argument, but not by individual ClusterIssuer.它查找的命名空间可以由您的 cert-manager 安装通过使用
--cluster-resource-namespace
参数进行更改,但不能由单个 ClusterIssuer 更改。
From the documentation:从文档中:
If the referent is a cluster-scoped resource (eg a ClusterIssuer), the reference instead refers to the resource with the given name in the configured 'cluster resource namespace', which is set as a flag on the controller component (and defaults to the namespace that cert-manager runs in).
如果引用是集群范围的资源(例如 ClusterIssuer),则引用改为引用配置的“集群资源命名空间”中具有给定名称的资源,该名称在 controller 组件上设置为标志(默认为cert-manager 运行的命名空间)。
https://cert-manager.io/docs/reference/api-docs/#meta.cert-manager.io/v1.LocalObjectReference https://cert-manager.io/docs/reference/api-docs/#meta.cert-manager.io/v1.LocalObjectReference
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.