![](/img/trans.png)
[英]Configure SSL certificates in kubernetes with cert-manager istio ingress and LetsEncrypt
[英]kubernetes cert-manager ignores ingress annotations
我已经使用 nginx 入口和证书管理器设置了 Kubernetes。 我想使用 ECDSA 证书而不是 RSA 证书,所以我遵循文档并在入口配置中设置cert-manager.io/private-key-algorithm: ECDSA
。 不幸的是 cert-manager 似乎忽略了这个设置并创建了一个 RSA 证书。
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: {{ include "myapp.fullname" . }}-ingress
labels:
{{- include "myapp.labels" . | nindent 4 }}
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/issuer: {{ .Values.certManager.name }}
cert-manager.io/private-key-algorithm: ECDSA
spec:
ingressClassName: nginx
tls:
- hosts:
- {{ .Values.ingressHostName }}
secretName: "{{ include "myapp.fullname" . }}-{{ .Values.certManager.privateKeySecretRef }}"
rules:
- host: {{ .Values.ingressHostName }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ .Values.landingpage.frontend.service.fullname }}
port:
number: {{ .Values.landingpage.frontend.service.port }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ .Values.certManager.name }}
spec:
acme:
# The ACME server URL
server: {{ .Values.certManager.server }}
# Email address used for ACME registration
email: {{ .Values.certManager.email }}
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: "{{ include "myapp.fullname" . }}-cert-manager-key"
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
您似乎还不能通过入口资源执行此操作,但您可以通过证书资源执行此操作:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.