使用docker compose为Rancher 2.x的cert manager创建发卡机构
我正在测试Rancher 2作为Kubernetes接口。Rancher 2与docker compose一起发布,使用图像Rancher/Rancher:latest 集群、节点和吊舱的一切都正常。然后我尝试用证书保护一些负载平衡器。若要执行此操作,我将从目录/头盔安装cert manager 我试着按照这个视频教程()来学习,它解释了如何创建颁发者和证书,以及如何将其链接到负载平衡器 我为发行人创建一个文件:使用docker compose为Rancher 2.x的cert manager创建发卡机构,docker,kubernetes,lets-encrypt,rancher,kubernetes-helm,Docker,Kubernetes,Lets Encrypt,Rancher,Kubernetes Helm,我正在测试Rancher 2作为Kubernetes接口。Rancher 2与docker compose一起发布,使用图像Rancher/Rancher:latest 集群、节点和吊舱的一切都正常。然后我尝试用证书保护一些负载平衡器。若要执行此操作,我将从目录/头盔安装cert manager 我试着按照这个视频教程()来学习,它解释了如何创建颁发者和证书,以及如何将其链接到负载平衡器 我为发行人创建一个文件: apiVersion: certmanager.k8s.io/v1alpha1
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: root@example.com
privateKeySecretRef:
name: letsencrypt-private-key
http01: {}
kubectl create -f etc/cert-manager/cluster-issuer.yaml
error: unable to recognize "etc/cert-manager/cluster-issuer.yaml": no matches for certmanager.k8s.io/, Kind=ClusterIssuer
现在是创建发行人的时候了
sudo docker-compose exec rancher bash
我已连接到Rancher容器<已安装code>kubectl和helm
我尝试创建发行人:
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: root@example.com
privateKeySecretRef:
name: letsencrypt-private-key
http01: {}
kubectl create -f etc/cert-manager/cluster-issuer.yaml
error: unable to recognize "etc/cert-manager/cluster-issuer.yaml": no matches for certmanager.k8s.io/, Kind=ClusterIssuer
其他信息:
当我执行舵手列表时
:
Error: could not find a ready tiller pod
我拿豆荚去找蒂勒:
kubectl get pods
NAME READY STATUS RESTARTS AGE
tiller-deploy-6ffc49c5df-zbjg8 0/1 Pending 0 39m
我描述这个豆荚:
kubectl describe pod tiller-deploy-6ffc49c5df-zbjg8
Name: tiller-deploy-6ffc49c5df-zbjg8
Namespace: default
Node: <none>
Labels: app=helm
name=tiller
pod-template-hash=2997057189
Annotations: kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"default","name":"tiller-deploy-6ffc49c5df","uid":"46f74523-7f8f-11e8-9d04-0242ac1...
Status: Pending
IP:
Created By: ReplicaSet/tiller-deploy-6ffc49c5df
Controlled By: ReplicaSet/tiller-deploy-6ffc49c5df
Containers:
tiller:
Image: gcr.io/kubernetes-helm/tiller:v2.8.0-rancher3
Ports: 44134/TCP, 44135/TCP
Liveness: http-get http://:44135/liveness delay=1s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:44135/readiness delay=1s timeout=1s period=10s #success=1 #failure=3
Environment:
TILLER_NAMESPACE: default
TILLER_HISTORY_MAX: 0
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from tiller-token-hbfgz (ro)
Conditions:
Type Status
PodScheduled False
Volumes:
tiller-token-hbfgz:
Type: Secret (a volume populated by a Secret)
SecretName: tiller-token-hbfgz
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.alpha.kubernetes.io/notReady:NoExecute for 300s
node.alpha.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 4m (x125 over 39m) default-scheduler no nodes available to schedule pods
kubectl描述pod tiller-deploy-6ffc49c5df-zbjg8
名称:tiller-deploy-6ffc49c5df-zbjg8
名称空间:默认值
节点:
标签:app=helm
名称=舵柄
pod模板哈希=2997057189
注释:kubernetes.io/创建人={“种类”:“序列化引用”,“apiVersion”:“v1”,“引用”:{“种类”:“复制集”,“命名空间”:“默认”,“名称”:“tiller-deploy-6ffc49c5df”,“uid”:“46f74523-7f8f-11e8-9d04-0242ac1…”。。。
状态:待定
知识产权:
创建人:ReplicaSet/tiller-deploy-6ffc49c5df
控制人:ReplicaSet/tiller-deploy-6ffc49c5df
容器:
舵柄:
图片:gcr.io/kubernetes-helm/tiller:v2.8.0-rancher3
端口:44134/TCP、44135/TCP
活跃度:http get http://:44135/活跃度延迟=1s超时=1s周期=10s#成功=1#失败=3
准备就绪:http get http://:44135/准备就绪延迟=1s超时=1s周期=10s 35;成功=1#失败=3
环境:
TILLER_名称空间:默认值
舵柄历史最大值:0
挂载:
/var/run/secrets/kubernetes.io/serviceaccount来自tiller token hbfgz(ro)
条件:
类型状态
播客计划错误
卷数:
舵柄标记hbfgz:
类型:Secret(由Secret填充的卷)
SecretName:tiller token hbfgz
可选:false
QoS等级:最佳努力
节点选择器:
容差:node.alpha.kubernetes.io/notReady:NoExecute持续300秒
node.alpha.kubernetes.io/不可访问:不执行300秒
活动:
从消息中键入原因年龄
---- ------ ---- ---- -------
警告失败调度4m(x125大于39m)默认调度程序没有可用于调度POD的节点
这个问题有点特殊:rancher/kubernetes/docker compose……如果有人有一些想法,欢迎您;)
提前感谢!我刚找到一条信息来解除这种情况 多亏了 第一步是加载集群的配置。我正在处理默认集群。所以
/root/.kube/config
如果它能帮助某人;)你可以在网上找到答案。