[英]kubernetes certs not working with let's encrypt cert-manager
我似乎無法讓證書管理器工作:
$ kubectl get certificates -o wide
NAME READY SECRET ISSUER STATUS AGE
tls-secret False tls-secret letsencrypt Issuing certificate as Secret does not exist 115m
$ kubectl get CertificateRequest -o wide
NAME READY ISSUER STATUS AGE
tls-secret-xxxx False letsencrypt Referenced "ClusterIssuer" not found: clusterissuer.cert-manager.io "letsencrypt" not found 113m
我的 certificate.yaml 是:
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: tls-secret
namespace: default
spec:
secretName: tls-secret
dnsNames:
- aks-xxxx.xxxxx.xxxx.aksapp.io
acme:
config:
- http01:
ingress:
name: xxxxxx
domains:
- aks-xxxx.xxxxx.xxxx.aksapp.io
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
當我獲得集群發行者時
$ kubectl get clusterissuers
No resources found
知道怎么了嗎?
您還沒有創建clusterissuers ,所以它不會在那里。
創建證書后,您可以嘗試
kubectl get certificate
您的錯誤清楚地說明了您必須創建集群發行者的問題
找不到引用的“ClusterIssuer”:找不到 clusterissuer.cert-manager.io“letsencrypt”
證書管理器站點: https://cert-manager.io/docs/
安裝: https://cert-manager.io/docs/installation/
在單行中只需應用:
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml
如何配置和設置集群發行者: https://cert-manager.io/docs/configuration/acme/
cluster issuer
者和ingress
示例
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: cluster-issuer-name
namespace: development
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: harsh@example.com
privateKeySecretRef:
name: secret-name
solvers:
- http01:
ingress:
class: nginx-class-name
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx-class-name
cert-manager.io/cluster-issuer: cluster-issuer-name
nginx.ingress.kubernetes.io/rewrite-target: /
name: example-ingress
spec:
rules:
- host: sub.example.com
http:
paths:
- path: /api
backend:
serviceName: service-name
servicePort: 80
tls:
- hosts:
- sub.example.com
secretName: secret-name
嘗試使用最新的證書管理器。 如果您還沒有設置,您還需要 issuer.yaml
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.