来自Let’的SSL证书;s通过cert manager对Kubernetes入口进行加密
我正在尝试使用证书管理器v0.16.0为lets加密证书进行登录。我使用microk8,并遵循了一些教程,没有一个让我达到目标 因此,我一直在创建发卡机构,并在尝试应用它时收到一条错误消息:来自Let’的SSL证书;s通过cert manager对Kubernetes入口进行加密,kubernetes,certificate,kubernetes-ingress,cert-manager,Kubernetes,Certificate,Kubernetes Ingress,Cert Manager,我正在尝试使用证书管理器v0.16.0为lets加密证书进行登录。我使用microk8,并遵循了一些教程,没有一个让我达到目标 因此,我一直在创建发卡机构,并在尝试应用它时收到一条错误消息: kc apply -f clusterIssuer.yaml namespace/cloud unchanged Error from server (InternalError): error when creating "clusterIssuer.yaml": Internal e
kc apply -f clusterIssuer.yaml
namespace/cloud unchanged
Error from server (InternalError): error when creating "clusterIssuer.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": Post "https://certmgr-cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": service "certmgr-cert-manager-webhook" not found
找不到该服务,因为这不是它的名称。尝试查找:certmgr cert manager webhook,但服务名称为:cert manager webhook。也没有dns别名或任何可以证明这一点的东西。创建cert manager和webhook的部署如下:
如果我将发卡机构的类型从ClusterIssuer更改为我获得的发卡机构:
kc apply -f clusterIssuer.yaml
namespace/git created
error: unable to recognize "clusterIssuer.yaml": no matches for kind "Issuer" in version "cert-manager.io/v1"
一些调试帮助将不胜感激
---更多信息
clustersuser.yaml:
kind: Namespace
apiVersion: v1
metadata:
name: cloud
---
apiVersion: cert-manager.io/v1beta1
kind: Issuer
metadata:
name: letsencrypt-staging
namespace: cloud
spec:
acme:
# Staging API
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: mail@mail.de
privateKeySecretRef:
name: cloud-account-key-staging
solvers:
- http01:
ingress:
class: nginx
似乎证书管理器未正确设置CRD,您可以尝试从官方文档中删除并设置证书管理器一次: 您可以直接设置最新版本,此YAML包含CRD、部署、svc的所有内容:
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.3.0/cert-manager.yaml
应用YAML后,您可以检查部署
kubectl get pods -n cert-manager
如果一切正常,您可以应用集群颁发者和入口的配置来获取SSL/TLS证书,该证书将存储到Kubernetes机密中
这里是一个简单而正确的集群发布器和入口YAML示例(请注意,如果可能,您正在尝试使用暂存API,请使用生产服务器地址,以便适合所有浏览器)
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: cluster-issuer-name
namespace: development
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: harsh@example.com
privateKeySecretRef:
name: secret-name
solvers:
- http01:
ingress:
class: nginx-class-name
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx-class-name
cert-manager.io/cluster-issuer: cluster-issuer-name
nginx.ingress.kubernetes.io/rewrite-target: /
name: example-ingress
spec:
rules:
- host: sub.example.com
http:
paths:
- path: /api
backend:
serviceName: service-name
servicePort: 80
tls:
- hosts:
- sub.example.com
secretName: secret-name