gpt4 book ai didi

ssl - 无法在 cert-manager 中获取 TLS 证书

转载 作者:行者123 更新时间:2023-12-04 22:41:27 25 4
gpt4 key购买 nike

这就是我所拥有的以及我所做的......几乎遵循latest documentation以及我遇到的一些教程:

  • 安装 cert-manager命名空间:
  •    kubectl create namespace cert-manager
  • 安装 cert-manager :
  •    kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.13.0/cert-manager.yaml
  • 验证安装...应该是三个正在运行的 Pod,它们是:
  •    kubectl get pods --namespace cert-manager
  • Run test确保它能够颁发证书类型...通过。
  • 制作 issuer.yaml :
  • apiVersion: cert-manager.io/v1alpha2
    kind: ClusterIssuer
    metadata:
    name: letsencrypt-staging
    spec:
    acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: 'my@email.com'
    privateKeySecretRef:
    name: letsencrypt-staging
    solvers:
    - http01:
    ingress:
    class: nginx
  • 制作 certificate.yaml :
  • apiVersion: cert-manager.io/v1alpha2
    kind: Certificate
    metadata:
    name: examplewebsite-com-tls
    spec:
    secretName: examplewebsite-com
    issuerRef:
    name: letsencrypt-staging
    kind: ClusterIssuer
    commonName: examplewebsite.com
    dnsNames:
    - test.examplewebsite.com
    acme:
    config:
    - http01:
    ingressClass: nginx
    domains:
    - test.examplewebsite.com
  • 更新 ingress.yaml反射(reflect)这一点:
  • apiVersion: networking.k8s.io/v1beta1
    kind: Ingress
    metadata:
    annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/add-base-url: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    cert-manager.io/cluster-issuer: "letsencrypt-staging"
    nginx.ingress.kubernetes.io/ssl-redirect: 'false'
    name: ingress-service
    namespace: default
    spec:
    tls:
    - hosts:
    - test.examplewebsite.com"
    secretName: examplewebsite-com
    rules:
    - host: test.examplewebsite.com
    http:
    paths:
    - path: /?(.*)
    backend:
    serviceName: client-cluster-ip-service
    servicePort: 3000
    - path: /api/?(.*)
    backend:
    serviceName: api-cluster-ip-service
    servicePort: 5000

    应用所有这些并遇到以下问题。
    $ kubectl describe certificate examplewebsite-com-tls

    Status:
    Conditions:
    Last Transition Time: 2020-01-28T23:52:45Z
    Message: Waiting for CertificateRequest "examplewebsite-com-tls-2527238951" to complete
    Reason: InProgress
    Status: False
    Type: Ready
    Events:
    Type Reason Age From Message
    ---- ------ ---- ---- -------
    Normal Requested 117s cert-manager Created new CertificateRequest resource "examplewebsite-com-tls-2527238951"

    它只是无限期地坐在那里。
    $ kubectl describe secret examplewebsite-com`

    Type: kubernetes.io/tls

    Data
    ====
    ca.crt: 0 bytes
    tls.crt: 0 bytes
    tls.key: 1675 bytes

    DNS 设置正确,因为我可以导航到网站并查看应用程序 HTTPS://只是行不通。

    我在这里做错了什么?

    最佳答案

    certification.yaml根本没有必要。

    真的,只有在遵循安装说明后才需要这个:

    apiVersion: cert-manager.io/v1alpha2
    kind: ClusterIssuer
    metadata:
    name: letsencrypt-prod
    namespace: cert-manager
    spec:
    acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: <email>
    privateKeySecretRef:
    name: letsencrypt-prod
    solvers:
    - http01:
    ingress:
    class: nginx
    apiVersion: networking.k8s.io/v1beta1
    kind: Ingress
    metadata:
    annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/add-base-url: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    name: ingress
    namespace: default
    spec:
    tls:
    - hosts:
    - test.domain.com
    secretName: test-domain-com
    rules:
    - host: test.domain.com
    http:
    paths:
    - path: /?(.*)
    backend:
    serviceName: client-cluster-ip-service
    servicePort: 3000
    - path: /api/?(.*)
    backend:
    serviceName: api-cluster-ip-service
    servicePort: 5000


    写得很好,当前(截至 2020 年 1 月 30 日)教程在这里:

    https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes

    关于ssl - 无法在 cert-manager 中获取 TLS 证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59958837/

    25 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com