Kubernetes 主要更新后证书管理器停止工作
该问题是在cert manager从0.6.0版升级到0.11.0版后开始的。 已通过配置备份、证书管理器删除、头盔更新、证书管理器安装和备份还原处理更新。更新期间没有配置更改 Pod和服务已启动,但更新后未颁发证书 有证书管理器服务的日志:Kubernetes 主要更新后证书管理器停止工作,kubernetes,cert-manager,Kubernetes,Cert Manager,该问题是在cert manager从0.6.0版升级到0.11.0版后开始的。 已通过配置备份、证书管理器删除、头盔更新、证书管理器安装和备份还原处理更新。更新期间没有配置更改 Pod和服务已启动,但更新后未颁发证书 有证书管理器服务的日志: E0114 04:34:18.126497 1 sync.go:57] cert-manager/controller/ingress-shim "msg"="failed to determine issuer to be used for
E0114 04:34:18.126497 1 sync.go:57] cert-manager/controller/ingress-shim "msg"="failed to determine issuer to be used for ingress resource" "error"="failed to determine issuer name to be used for ingress resource" "resource_kind"="Ingress" "resource_name"="ucb-sandbox-ingress" "resource_namespace"="cloud-engagement-sandbox"
I0114 04:34:18.126791 1 controller.go:135] cert-manager/controller/ingress-shim "level"=0 "msg"="finished processing work item" "key"="cloud-engagement-sandbox/ucb-sandbox-ingress"
I0114 04:34:18.127064 1 controller.go:129] cert-manager/controller/ingress-shim "level"=0 "msg"="syncing item" "key"="cloud-engagement-sandbox/ucf-sandbox-ingress"
E0114 04:34:18.127294 1 sync.go:57] cert-manager/controller/ingress-shim "msg"="failed to determine issuer to be used for ingress resource" "error"="failed to determine issuer name to be used for ingress resource" "resource_kind"="Ingress" "resource_name"="ucf-sandbox-ingress" "resource_namespace"="cloud-engagement-sandbox"
I0114 04:34:18.127534 1 controller.go:135] cert-manager/controller/ingress-shim "level"=0 "msg"="finished processing work item" "key"="cloud-engagement-sandbox/ucf-sandbox-ingress"
apiVersion: certmanager.k8s.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: [removed]
privateKeySecretRef:
name: letsencrypt-prod
http01: {}
ClusterIssuer letsencrypt-prod
Name: letsencrypt-prod
Namespace:
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"certmanager.k8s.io/v1alpha1","kind":"ClusterIssuer","metadata":{"annotations":{},"creationTimestamp":"2019-02-17T22:42:55Z"...
API Version: certmanager.k8s.io/v1alpha1
Kind: ClusterIssuer
Metadata:
Creation Timestamp: 2019-02-17T22:42:55Z
Generation: 1
Resource Version: 53383155
Self Link: /apis/certmanager.k8s.io/v1alpha1/clusterissuers/letsencrypt-prod
UID: 5e0c332f-3305-11e9-93cb-069443f5754c
Spec:
Acme:
Email: [removed]
Http 01:
Private Key Secret Ref:
Key:
Name: letsencrypt-prod
Server: https://acme-v02.api.letsencrypt.org/directory
Status:
Acme:
Uri: https://acme-v02.api.letsencrypt.org/acme/acct/51694394
Conditions:
Last Transition Time: 2019-02-17T22:42:57Z
Message: The ACME account was registered with the ACME server
Reason: ACMEAccountRegistered
Status: True
Type: Ready
Events: <none>
apiVersion已从certmanager.k8s.io/v1alpha1更改为cert-manager.io/v1alpha2。但您仍然有旧版本的CRD,需要删除 按照以下步骤升级cert manager,注意 步骤3和4 1.按照备份现有证书管理器资源 二, 3.确保旧的cert manager CRD资源也已删除:kubectl get CRD | grep certmanager.k8s.io 4.更新所有备份资源的apiVersion,从certmanager.k8s.io/v1alpha1到cert-manager.io/v1alpha2 5.根据以下说明从头开始重新安装cert manager:
这是官方的apiVersion已从certmanager.k8s.io/v1alpha1更改为cert-manager.io/v1alpha2。但您仍然有旧版本的CRD,需要删除 按照以下步骤升级cert manager,注意 步骤3和4 1.按照备份现有证书管理器资源 二, 3.确保旧的cert manager CRD资源也已删除:kubectl get CRD | grep certmanager.k8s.io 4.更新所有备份资源的apiVersion,从certmanager.k8s.io/v1alpha1到cert-manager.io/v1alpha2 5.根据以下说明从头开始重新安装cert manager: 这是官方的谢谢回复。 在helm purge cert manager之后,我删除了旧的CRD,并使用清单安装了新版本0.12。 我目前的CRD如下:
kubectl get crd
NAME CREATED AT
certificaterequests.cert-manager.io 2019-11-01T01:37:03Z
certificates.cert-manager.io 2019-11-01T01:37:03Z
challenges.acme.cert-manager.io 2019-11-01T01:37:03Z
challenges.certmanager.k8s.io 2020-01-15T05:31:48Z
clusterissuers.cert-manager.io 2019-11-01T01:37:03Z
healthstates.azmon.container.insights 2019-08-29T10:13:59Z
issuers.cert-manager.io 2019-11-01T01:37:03Z
orders.acme.cert-manager.io 2019-11-01T01:37:03Z
orders.certmanager.k8s.io 2020-01-15T05:31:49Z
kubectl describe ClusterIssuer letsencrypt-prod
Name: letsencrypt-prod
Namespace:
Labels: <none>
Annotations: <none>
API Version: cert-manager.io/v1alpha2
Kind: ClusterIssuer
Metadata:
Creation Timestamp: 2020-01-15T05:38:32Z
Generation: 1
Resource Version: 71299934
Self Link: /apis/cert-manager.io/v1alpha2/clusterissuers/letsencrypt-prod
UID: 4465c9ce-3759-11ea-be9c-0a7022c023e8
Spec:
Acme:
Email:
Private Key Secret Ref:
Name: letsencrypt-prod
Server: https://acme-v02.api.letsencrypt.org/directory
Solvers:
Http 01:
Ingress:
Class: nginx
Selector:
Events: <none>
kubectl get crd
NAME CREATED AT
certificaterequests.cert-manager.io 2019-11-01T01:37:03Z
certificates.cert-manager.io 2019-11-01T01:37:03Z
challenges.acme.cert-manager.io 2019-11-01T01:37:03Z
challenges.certmanager.k8s.io 2020-01-15T05:31:48Z
clusterissuers.cert-manager.io 2019-11-01T01:37:03Z
healthstates.azmon.container.insights 2019-08-29T10:13:59Z
issuers.cert-manager.io 2019-11-01T01:37:03Z
orders.acme.cert-manager.io 2019-11-01T01:37:03Z
orders.certmanager.k8s.io 2020-01-15T05:31:49Z
kubectl describe ClusterIssuer letsencrypt-prod
Name: letsencrypt-prod
Namespace:
Labels: <none>
Annotations: <none>
API Version: cert-manager.io/v1alpha2
Kind: ClusterIssuer
Metadata:
Creation Timestamp: 2020-01-15T05:38:32Z
Generation: 1
Resource Version: 71299934
Self Link: /apis/cert-manager.io/v1alpha2/clusterissuers/letsencrypt-prod
UID: 4465c9ce-3759-11ea-be9c-0a7022c023e8
Spec:
Acme:
Email:
Private Key Secret Ref:
Name: letsencrypt-prod
Server: https://acme-v02.api.letsencrypt.org/directory
Solvers:
Http 01:
Ingress:
Class: nginx
Selector:
Events: <none>
我在cert manager命名空间下没有入口。此外,我的备份包括旧证书、CRD、颁发者、证书和证书请求等,但我不知道如何恢复所需内容。已排序。罪魁祸首是1个未完成的cert manager安装。 2我还修改了备份,并用cert-manager.io替换了所有certmanager.k8s.io,用v1alpha2替换了v1alpha1。
3手动删除了与certmanager.k8s.io CRD相关的其他文件,已排序。罪魁祸首是1个未完成的cert manager安装。 2我还修改了备份,并用cert-manager.io替换了所有certmanager.k8s.io,用v1alpha2替换了v1alpha1。
3手动删除与certmanager.k8s.io CRD相关的其他内容发布入口资源发布入口资源