kube.netes 證書不能與讓我們加密證書管理器一起使用
[英]kubernetes certs not working with let's encrypt cert-manager
問題描述
我似乎無法讓證書管理器工作:
$ kubectl get certificates -o wide
NAME READY SECRET ISSUER STATUS AGE
tls-secret False tls-secret letsencrypt Issuing certificate as Secret does not exist 115m
$ kubectl get CertificateRequest -o wide
NAME READY ISSUER STATUS AGE
tls-secret-xxxx False letsencrypt Referenced "ClusterIssuer" not found: clusterissuer.cert-manager.io "letsencrypt" not found 113m
我的 certificate.yaml 是:
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: tls-secret
namespace: default
spec:
secretName: tls-secret
dnsNames:
- aks-xxxx.xxxxx.xxxx.aksapp.io
acme:
config:
- http01:
ingress:
name: xxxxxx
domains:
- aks-xxxx.xxxxx.xxxx.aksapp.io
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
當我獲得集群發行者時
$ kubectl get clusterissuers
No resources found
知道怎么了嗎?
2 個解決方案
解決方案1
1 2021-08-25 18:57:55
您還沒有創建clusterissuers ,所以它不會在那里。
創建證書后,您可以嘗試
kubectl get certificate
您的錯誤清楚地說明了您必須創建集群發行者的問題
找不到引用的“ClusterIssuer”:找不到 clusterissuer.cert-manager.io“letsencrypt”
證書管理器站點: https://cert-manager.io/docs/
安裝: https://cert-manager.io/docs/installation/
在單行中只需應用:
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml
如何配置和設置集群發行者: https://cert-manager.io/docs/configuration/acme/
cluster issuer者和ingress示例
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: cluster-issuer-name
namespace: development
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: harsh@example.com
privateKeySecretRef:
name: secret-name
solvers:
- http01:
ingress:
class: nginx-class-name
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx-class-name
cert-manager.io/cluster-issuer: cluster-issuer-name
nginx.ingress.kubernetes.io/rewrite-target: /
name: example-ingress
spec:
rules:
- host: sub.example.com
http:
paths:
- path: /api
backend:
serviceName: service-name
servicePort: 80
tls:
- hosts:
- sub.example.com
secretName: secret-name
解決方案2
0 2021-08-25 11:50:38
嘗試使用最新的證書管理器。 如果您還沒有設置,您還需要 issuer.yaml
在 Kubernetes 和 nginx 入口上使用客戶端證書身份驗證時,如何修復 cert-manager 對 Let's Encrypt ACME 挑戰的響應?
[英]How to fix cert-manager responses to Let's Encrypt ACME challenges when using client certificate authentication on Kubernetes with nginx ingress?
帶有證書管理器和自簽名 ClusterIssuer 的 Kubernetes TLS Ingress 路由不起作用
[英]Kubernetes TLS Ingress route with cert-manager and SelfSigned ClusterIssuer not working
Kubernetes cert-manager 證書已創建但無法驗證
[英]Kubernetes cert-manager certificate is created but can not get vertified
使用cert-manager istio ingress和LetsEncrypt在kubernetes中配置SSL證書
[英]Configure SSL certificates in kubernetes with cert-manager istio ingress and LetsEncrypt
kubernetes - Nginx,證書管理器,安裝的秘密文件更新問題
[英]kubernetes - Nginx, cert-manager, mounted secret file renewal issue
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
讓我們使用Cert-manager在GKE上加密:無效的證書
在 Kubernetes 和 nginx 入口上使用客戶端證書身份驗證時,如何修復 cert-manager 對 Let's Encrypt ACME 挑戰的響應?
無法使用 cert-manager 獲得證書
Kubernetes 證書管理器 GoDaddy
Kubernetes 證書管理器問題
帶有證書管理器和自簽名 ClusterIssuer 的 Kubernetes TLS Ingress 路由不起作用
aks cert-manager不會使用let-encrypt創建證書
Kubernetes cert-manager 證書已創建但無法驗證
使用cert-manager istio ingress和LetsEncrypt在kubernetes中配置SSL證書
kubernetes - Nginx,證書管理器,安裝的秘密文件更新問題
相關標簽