[英]Kubernetes cert-manager certificate is created but can not get vertified
[英]Can't get a TLS certificate in cert-manager
所以这就是我所拥有的和我所做的......几乎遵循了我遇到的最新文档和一些教程:
cert-manager
命名空间: kubectl create namespace cert-manager
cert-manager
: kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.13.0/cert-manager.yaml
kubectl get pods --namespace cert-manager
运行测试以确保它能够颁发证书类型...通过。
制作一个issuer.yaml
:
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: 'my@email.com'
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- http01:
ingress:
class: nginx
certificate.yaml
:apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: examplewebsite-com-tls
spec:
secretName: examplewebsite-com
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
commonName: examplewebsite.com
dnsNames:
- test.examplewebsite.com
acme:
config:
- http01:
ingressClass: nginx
domains:
- test.examplewebsite.com
ingress.yaml
以反映这一点:apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/add-base-url: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
cert-manager.io/cluster-issuer: "letsencrypt-staging"
nginx.ingress.kubernetes.io/ssl-redirect: 'false'
name: ingress-service
namespace: default
spec:
tls:
- hosts:
- test.examplewebsite.com"
secretName: examplewebsite-com
rules:
- host: test.examplewebsite.com
http:
paths:
- path: /?(.*)
backend:
serviceName: client-cluster-ip-service
servicePort: 3000
- path: /api/?(.*)
backend:
serviceName: api-cluster-ip-service
servicePort: 5000
应用所有这些并遇到以下问题。
$ kubectl describe certificate examplewebsite-com-tls
Status:
Conditions:
Last Transition Time: 2020-01-28T23:52:45Z
Message: Waiting for CertificateRequest "examplewebsite-com-tls-2527238951" to complete
Reason: InProgress
Status: False
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Requested 117s cert-manager Created new CertificateRequest resource "examplewebsite-com-tls-2527238951"
它只是无限期地坐在那里。
$ kubectl describe secret examplewebsite-com`
Type: kubernetes.io/tls
Data
====
ca.crt: 0 bytes
tls.crt: 0 bytes
tls.key: 1675 bytes
DNS 设置正确,因为我可以导航到网站并查看应用程序, HTTPS://
不起作用。
我在这里做错了什么?
根本不需要certification.yaml
。
真的,只需要按照安装说明进行操作:
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: <email>
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/add-base-url: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
name: ingress
namespace: default
spec:
tls:
- hosts:
- test.domain.com
secretName: test-domain-com
rules:
- host: test.domain.com
http:
paths:
- path: /?(.*)
backend:
serviceName: client-cluster-ip-service
servicePort: 3000
- path: /api/?(.*)
backend:
serviceName: api-cluster-ip-service
servicePort: 5000
写得很好,最新的(截至 20 年 1 月 30 日)教程在这里:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.