stackoom
  简体   繁体   中英

Certificate not issued by clusterIssuer EKS

 原文  2022-12-22 06:36:10       amazon-eks/ cert-manager

Question

I have tried using jetstack/cert-manager to secure my application launched on EKS but I still see a Not Secure I am not sure what i missed. Here is what i have done

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-production
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: something@gmail.com
    privateKeySecretRef:
      name: letsencrypt-production
    solvers:
      - http01:
          ingress:
            class: nginx

My manifest looks as follows

apiVersion: apps/v1
kind: Deployment
metadata:
  name: wordpress
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wordpress
  template:
    metadata:
      labels:
        app: wordpress
    spec:
      containers:
        - name: wordpress
          image: wordpress:latest
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: wordpress
spec:
  selector:
    app: wordpress
  ports:
    - protocol: TCP
      port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: wordpress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-production
spec:
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: wordpress
                port:
                  number: 80
  tls:
    - hosts:
      - mydomain.com
      secretName: letsencrypt-production

When i do

kubectl describe certificate letsencrypt-production

I dont see anything under events like Issued or Requested

Status:
  Conditions:
    Last Transition Time:  2022-12-22T06:04:30Z
    Message:               Certificate is up to date and has not expired
    Observed Generation:   1
    Reason:                Ready
    Status:                True
    Type:                  Ready
  Not After:               2023-03-21T11:04:22Z
  Not Before:              2022-12-21T11:04:23Z
  Renewal Time:            2023-02-19T11:04:22Z
Events:                    <none>

When i open my domain i see NET::ERR_CERT_AUTHORITY_INVALID

What did i miss any help?

1 answers

solution1
 0  2023-01-03 05:33:17

I can get it to work by creating a cluster-issuer

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-production
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: <my_email_id>
    privateKeySecretRef:
      name: letsencrypt-production
    solvers:
      - http01:
          ingress:
            class: nginx

creating an ingress resource as follows.

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: wordpress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-production
spec:
  rules:
  - host: mydomain.com
    http:
      paths:
      - backend:
          service:
            name: wordpress
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
    - hosts:
      - mydomain.com
      secretName: letsencrypt-production

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why is my ACM Certificate still not issued / validated? Autoscaling of PODs in AWS EKS AWS EKS service account authentication Deploy AWS EKS Fargate with Terraform coredns not deploying in new EKS cluster? Enable featuregate EKS via eksctl Detach/Attach of persistent volumes in EKS Pod limit on Node - AWS EKS Migrating to ECS Fargate from EKS How deploy application to eks from gitlab
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM