Kubernetes 只能通过HTTP而不是HTTPS访问我的应用程序
更新Kubernetes 只能通过HTTP而不是HTTPS访问我的应用程序,kubernetes,kubectl,traefik,traefik-ingress,cert-manager,Kubernetes,Kubectl,Traefik,Traefik Ingress,Cert Manager,更新 ingress.extensions "example-ingress" deleted NAME READY AGE example-issuer-staging True 15h NAME READY SECRET AGE domain-com True domain-com-tls
ingress.extensions "example-ingress" deleted
NAME READY AGE
example-issuer-staging True 15h
NAME READY SECRET AGE
domain-com True domain-com-tls 15h
NAME TYPE DATA AGE
domain-com-tls kubernetes.io/tls 2 19h
Name: domain-com
Namespace: example
Labels: <none>
Annotations: <none>
API Version: cert-manager.io/v1
Kind: Certificate
Metadata:
Creation Timestamp: 2020-09-15T17:41:27Z
Generation: 1
Managed Fields:
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:conditions:
f:notAfter:
f:notBefore:
f:renewalTime:
Manager: controller
Operation: Update
Time: 2020-09-15T17:41:27Z
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:commonName:
f:dnsNames:
f:issuerRef:
.:
f:kind:
f:name:
f:secretName:
Manager: kubectl
Operation: Update
Time: 2020-09-15T17:41:27Z
Resource Version: 2018179
Self Link: /apis/cert-manager.io/v1/namespaces/example/certificates/domain-com
UID: 1ddb2c20-0fa5-414b-af4f-32c4e02cf41f
Spec:
Common Name: example.com
Dns Names:
example.com
Issuer Ref:
Kind: Issuer
Name: example-issuer
Secret Name: domain-com-tls
Status:
Conditions:
Last Transition Time: 2020-09-15T17:41:27Z
Message: Certificate is up to date and has not expired
Reason: Ready
Status: True
Type: Ready
Not After: 2020-12-14T12:11:24Z
Not Before: 2020-09-15T12:11:24Z
Renewal Time: 2020-11-14T12:11:24Z
Events: <none>
是的
kubectl进入路线-A
NAMESPACE NAME AGE
example example-ingress 44h
example example-ingress-route 40h
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
example example-ingress <none> example.com 80, 443 13d
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
cert-manager cert-manager ClusterIP 10.245.95.66 <none> 9402/TCP 16h
cert-manager cert-manager-webhook ClusterIP 10.245.86.7 <none> 443/TCP 16h
default kubernetes ClusterIP 10.245.0.1 <none> 443/TCP 23d
example example-app ClusterIP 10.245.132.184 <none> 80/TCP,443/TCP 15m
kube-system kube-dns ClusterIP 10.245.0.10 <none> 53/UDP,53/TCP,9153/TCP 23d
routing traefik LoadBalancer 10.245.21.52 external-ip 80:31635/TCP,443:31142/TCP 2d1
然后我做到了
kubectl删除入口示例入口-n示例
ingress.extensions "example-ingress" deleted
NAME READY AGE
example-issuer-staging True 15h
NAME READY SECRET AGE
domain-com True domain-com-tls 15h
NAME TYPE DATA AGE
domain-com-tls kubernetes.io/tls 2 19h
Name: domain-com
Namespace: example
Labels: <none>
Annotations: <none>
API Version: cert-manager.io/v1
Kind: Certificate
Metadata:
Creation Timestamp: 2020-09-15T17:41:27Z
Generation: 1
Managed Fields:
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:conditions:
f:notAfter:
f:notBefore:
f:renewalTime:
Manager: controller
Operation: Update
Time: 2020-09-15T17:41:27Z
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:commonName:
f:dnsNames:
f:issuerRef:
.:
f:kind:
f:name:
f:secretName:
Manager: kubectl
Operation: Update
Time: 2020-09-15T17:41:27Z
Resource Version: 2018179
Self Link: /apis/cert-manager.io/v1/namespaces/example/certificates/domain-com
UID: 1ddb2c20-0fa5-414b-af4f-32c4e02cf41f
Spec:
Common Name: example.com
Dns Names:
example.com
Issuer Ref:
Kind: Issuer
Name: example-issuer
Secret Name: domain-com-tls
Status:
Conditions:
Last Transition Time: 2020-09-15T17:41:27Z
Message: Certificate is up to date and has not expired
Reason: Ready
Status: True
Type: Ready
Not After: 2020-12-14T12:11:24Z
Not Before: 2020-09-15T12:11:24Z
Renewal Time: 2020-11-14T12:11:24Z
Events: <none>
现在是404
但是,使用安全证书和所有证书都可以正常工作吗
我有一个集群,其中有一个简单的停靠php应用程序,只在页面上显示“hello”
在集群中,我通过他们的掌舵图安装了traefik和cert manager,因为我使用cert manager来加密:
当我通过http访问我的域时,它工作正常,我可以看到“hello”
但当我使用https访问我的域名时,它只会说“404页面未找到”
traefik吊舱中的错误:
E0916 10:48:39.456348 1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.3/tools/cache/reflector.go:105: Failed to list *v1alpha1.IngressRoute: v1alpha1.IngressRouteList.Items: []v1alpha1.IngressRoute: v1alpha1.IngressRoute.Spec: v1alpha1.IngressRouteSpec.TLS: readObjectStart: expect { or n, but found [, error found in #10 byte of ...|}],"tls":[{"hosts":[|..., bigger context ...|ices":[{"name":"example-app","port":80}]}],"tls":[{"hosts”:[“example.com"],"secretName|...
当我在浏览器上单击https屏蔽并单击“更多信息”时,它会通知我:
Verified by: CN=TRAEFIK DEFAULT CERT
DNS Name 31047792e374617b441b6f82cacde627.1dc1fc2f960b83b2f533f2ff411e82bf.traefik.default
对于设置cert manager,我遵循了本指南的大部分内容:
当我这样做时: kubectl获得发行人-n示例
ingress.extensions "example-ingress" deleted
NAME READY AGE
example-issuer-staging True 15h
NAME READY SECRET AGE
domain-com True domain-com-tls 15h
NAME TYPE DATA AGE
domain-com-tls kubernetes.io/tls 2 19h
Name: domain-com
Namespace: example
Labels: <none>
Annotations: <none>
API Version: cert-manager.io/v1
Kind: Certificate
Metadata:
Creation Timestamp: 2020-09-15T17:41:27Z
Generation: 1
Managed Fields:
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:conditions:
f:notAfter:
f:notBefore:
f:renewalTime:
Manager: controller
Operation: Update
Time: 2020-09-15T17:41:27Z
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:commonName:
f:dnsNames:
f:issuerRef:
.:
f:kind:
f:name:
f:secretName:
Manager: kubectl
Operation: Update
Time: 2020-09-15T17:41:27Z
Resource Version: 2018179
Self Link: /apis/cert-manager.io/v1/namespaces/example/certificates/domain-com
UID: 1ddb2c20-0fa5-414b-af4f-32c4e02cf41f
Spec:
Common Name: example.com
Dns Names:
example.com
Issuer Ref:
Kind: Issuer
Name: example-issuer
Secret Name: domain-com-tls
Status:
Conditions:
Last Transition Time: 2020-09-15T17:41:27Z
Message: Certificate is up to date and has not expired
Reason: Ready
Status: True
Type: Ready
Not After: 2020-12-14T12:11:24Z
Not Before: 2020-09-15T12:11:24Z
Renewal Time: 2020-11-14T12:11:24Z
Events: <none>
当我这样做时: kubectl获得证书-n示例
ingress.extensions "example-ingress" deleted
NAME READY AGE
example-issuer-staging True 15h
NAME READY SECRET AGE
domain-com True domain-com-tls 15h
NAME TYPE DATA AGE
domain-com-tls kubernetes.io/tls 2 19h
Name: domain-com
Namespace: example
Labels: <none>
Annotations: <none>
API Version: cert-manager.io/v1
Kind: Certificate
Metadata:
Creation Timestamp: 2020-09-15T17:41:27Z
Generation: 1
Managed Fields:
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:conditions:
f:notAfter:
f:notBefore:
f:renewalTime:
Manager: controller
Operation: Update
Time: 2020-09-15T17:41:27Z
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:commonName:
f:dnsNames:
f:issuerRef:
.:
f:kind:
f:name:
f:secretName:
Manager: kubectl
Operation: Update
Time: 2020-09-15T17:41:27Z
Resource Version: 2018179
Self Link: /apis/cert-manager.io/v1/namespaces/example/certificates/domain-com
UID: 1ddb2c20-0fa5-414b-af4f-32c4e02cf41f
Spec:
Common Name: example.com
Dns Names:
example.com
Issuer Ref:
Kind: Issuer
Name: example-issuer
Secret Name: domain-com-tls
Status:
Conditions:
Last Transition Time: 2020-09-15T17:41:27Z
Message: Certificate is up to date and has not expired
Reason: Ready
Status: True
Type: Ready
Not After: 2020-12-14T12:11:24Z
Not Before: 2020-09-15T12:11:24Z
Renewal Time: 2020-11-14T12:11:24Z
Events: <none>
当我在http和https上执行curl时,以下是我的结果: curl-v
当我这样做时: kubectl获取秘密-n示例
ingress.extensions "example-ingress" deleted
NAME READY AGE
example-issuer-staging True 15h
NAME READY SECRET AGE
domain-com True domain-com-tls 15h
NAME TYPE DATA AGE
domain-com-tls kubernetes.io/tls 2 19h
Name: domain-com
Namespace: example
Labels: <none>
Annotations: <none>
API Version: cert-manager.io/v1
Kind: Certificate
Metadata:
Creation Timestamp: 2020-09-15T17:41:27Z
Generation: 1
Managed Fields:
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:conditions:
f:notAfter:
f:notBefore:
f:renewalTime:
Manager: controller
Operation: Update
Time: 2020-09-15T17:41:27Z
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:commonName:
f:dnsNames:
f:issuerRef:
.:
f:kind:
f:name:
f:secretName:
Manager: kubectl
Operation: Update
Time: 2020-09-15T17:41:27Z
Resource Version: 2018179
Self Link: /apis/cert-manager.io/v1/namespaces/example/certificates/domain-com
UID: 1ddb2c20-0fa5-414b-af4f-32c4e02cf41f
Spec:
Common Name: example.com
Dns Names:
example.com
Issuer Ref:
Kind: Issuer
Name: example-issuer
Secret Name: domain-com-tls
Status:
Conditions:
Last Transition Time: 2020-09-15T17:41:27Z
Message: Certificate is up to date and has not expired
Reason: Ready
Status: True
Type: Ready
Not After: 2020-12-14T12:11:24Z
Not Before: 2020-09-15T12:11:24Z
Renewal Time: 2020-11-14T12:11:24Z
Events: <none>
当我这样做时: kubectl获得-A
NAMESPACE NAME AGE
example example-ingress 44h
example example-ingress-route 40h
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
example example-ingress <none> example.com 80, 443 13d
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
cert-manager cert-manager ClusterIP 10.245.95.66 <none> 9402/TCP 16h
cert-manager cert-manager-webhook ClusterIP 10.245.86.7 <none> 443/TCP 16h
default kubernetes ClusterIP 10.245.0.1 <none> 443/TCP 23d
example example-app ClusterIP 10.245.132.184 <none> 80/TCP,443/TCP 15m
kube-system kube-dns ClusterIP 10.245.0.10 <none> 53/UDP,53/TCP,9153/TCP 23d
routing traefik LoadBalancer 10.245.21.52 external-ip 80:31635/TCP,443:31142/TCP 2d1
内容: 示例入口路由.yml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
namespace: example
name: example-ingress-route
annotations:
kubernetes.io/ingress.class: "traefik"
cert-manager.io/cluster-issuer: example-issuer
traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
traefik.frontend.redirect.entryPoint: https
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`example.com`)
kind: Rule
services:
- name: example-app
namespace: example
port: 443
tls:
hosts:
- example.com
options:
namespace: example
secretName: domain-com-tls
apiVersion: apps/v1
kind: ReplicaSet
metadata:
namespace: example
name: 'example-app-main'
labels:
app: 'example-app'
tier: 'frontend'
spec:
replicas: 1
selector:
matchLabels:
app: 'example-app'
template:
metadata:
labels:
app: 'example-app'
spec:
containers:
- name: example-app-container
image: richarvey/nginx-php-fpm:1.10.3
imagePullPolicy: Always
env:
- name: SSH_KEY
value: ‘hidden’
- name: GIT_REPO
value: 'git@gitlab.example.com:project//source.git'
- name: GIT_EMAIL
value: ‘hidden’
- name: GIT_NAME
value: ‘hidden’
ports:
- containerPort: 80
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: example-issuer
namespace: example
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: letsencrypt@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: domain-com-tls
# Enable the HTTP-01 challenge provider
solvers:
# An empty 'selector' means that this solver matches all domains
- http01:
ingress:
class: traefik
apiVersion: v1
kind: Service
metadata:
namespace: example
name: 'example-app'
spec:
type: ClusterIP
ports:
- protocol: TCP
name: http
port: 80
targetPort: 80
- protocol: TCP
name: https
port: 443
targetPort: 443
selector:
app: 'example-app'
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: domain-com
namespace: example
spec:
secretName: domain-com-tls
issuerRef:
name: example-issuer
kind: Issuer
commonName: example.com
dnsNames:
- example.com
内容: 示例app.yml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
namespace: example
name: example-ingress-route
annotations:
kubernetes.io/ingress.class: "traefik"
cert-manager.io/cluster-issuer: example-issuer
traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
traefik.frontend.redirect.entryPoint: https
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`example.com`)
kind: Rule
services:
- name: example-app
namespace: example
port: 443
tls:
hosts:
- example.com
options:
namespace: example
secretName: domain-com-tls
apiVersion: apps/v1
kind: ReplicaSet
metadata:
namespace: example
name: 'example-app-main'
labels:
app: 'example-app'
tier: 'frontend'
spec:
replicas: 1
selector:
matchLabels:
app: 'example-app'
template:
metadata:
labels:
app: 'example-app'
spec:
containers:
- name: example-app-container
image: richarvey/nginx-php-fpm:1.10.3
imagePullPolicy: Always
env:
- name: SSH_KEY
value: ‘hidden’
- name: GIT_REPO
value: 'git@gitlab.example.com:project//source.git'
- name: GIT_EMAIL
value: ‘hidden’
- name: GIT_NAME
value: ‘hidden’
ports:
- containerPort: 80
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: example-issuer
namespace: example
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: letsencrypt@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: domain-com-tls
# Enable the HTTP-01 challenge provider
solvers:
# An empty 'selector' means that this solver matches all domains
- http01:
ingress:
class: traefik
apiVersion: v1
kind: Service
metadata:
namespace: example
name: 'example-app'
spec:
type: ClusterIP
ports:
- protocol: TCP
name: http
port: 80
targetPort: 80
- protocol: TCP
name: https
port: 443
targetPort: 443
selector:
app: 'example-app'
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: domain-com
namespace: example
spec:
secretName: domain-com-tls
issuerRef:
name: example-issuer
kind: Issuer
commonName: example.com
dnsNames:
- example.com
内容: 示例发卡机构.yml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
namespace: example
name: example-ingress-route
annotations:
kubernetes.io/ingress.class: "traefik"
cert-manager.io/cluster-issuer: example-issuer
traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
traefik.frontend.redirect.entryPoint: https
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`example.com`)
kind: Rule
services:
- name: example-app
namespace: example
port: 443
tls:
hosts:
- example.com
options:
namespace: example
secretName: domain-com-tls
apiVersion: apps/v1
kind: ReplicaSet
metadata:
namespace: example
name: 'example-app-main'
labels:
app: 'example-app'
tier: 'frontend'
spec:
replicas: 1
selector:
matchLabels:
app: 'example-app'
template:
metadata:
labels:
app: 'example-app'
spec:
containers:
- name: example-app-container
image: richarvey/nginx-php-fpm:1.10.3
imagePullPolicy: Always
env:
- name: SSH_KEY
value: ‘hidden’
- name: GIT_REPO
value: 'git@gitlab.example.com:project//source.git'
- name: GIT_EMAIL
value: ‘hidden’
- name: GIT_NAME
value: ‘hidden’
ports:
- containerPort: 80
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: example-issuer
namespace: example
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: letsencrypt@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: domain-com-tls
# Enable the HTTP-01 challenge provider
solvers:
# An empty 'selector' means that this solver matches all domains
- http01:
ingress:
class: traefik
apiVersion: v1
kind: Service
metadata:
namespace: example
name: 'example-app'
spec:
type: ClusterIP
ports:
- protocol: TCP
name: http
port: 80
targetPort: 80
- protocol: TCP
name: https
port: 443
targetPort: 443
selector:
app: 'example-app'
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: domain-com
namespace: example
spec:
secretName: domain-com-tls
issuerRef:
name: example-issuer
kind: Issuer
commonName: example.com
dnsNames:
- example.com
内容: 示例服务.yml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
namespace: example
name: example-ingress-route
annotations:
kubernetes.io/ingress.class: "traefik"
cert-manager.io/cluster-issuer: example-issuer
traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
traefik.frontend.redirect.entryPoint: https
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`example.com`)
kind: Rule
services:
- name: example-app
namespace: example
port: 443
tls:
hosts:
- example.com
options:
namespace: example
secretName: domain-com-tls
apiVersion: apps/v1
kind: ReplicaSet
metadata:
namespace: example
name: 'example-app-main'
labels:
app: 'example-app'
tier: 'frontend'
spec:
replicas: 1
selector:
matchLabels:
app: 'example-app'
template:
metadata:
labels:
app: 'example-app'
spec:
containers:
- name: example-app-container
image: richarvey/nginx-php-fpm:1.10.3
imagePullPolicy: Always
env:
- name: SSH_KEY
value: ‘hidden’
- name: GIT_REPO
value: 'git@gitlab.example.com:project//source.git'
- name: GIT_EMAIL
value: ‘hidden’
- name: GIT_NAME
value: ‘hidden’
ports:
- containerPort: 80
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: example-issuer
namespace: example
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: letsencrypt@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: domain-com-tls
# Enable the HTTP-01 challenge provider
solvers:
# An empty 'selector' means that this solver matches all domains
- http01:
ingress:
class: traefik
apiVersion: v1
kind: Service
metadata:
namespace: example
name: 'example-app'
spec:
type: ClusterIP
ports:
- protocol: TCP
name: http
port: 80
targetPort: 80
- protocol: TCP
name: https
port: 443
targetPort: 443
selector:
app: 'example-app'
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: domain-com
namespace: example
spec:
secretName: domain-com-tls
issuerRef:
name: example-issuer
kind: Issuer
commonName: example.com
dnsNames:
- example.com
内容: 示例解算器.yml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
namespace: example
name: example-ingress-route
annotations:
kubernetes.io/ingress.class: "traefik"
cert-manager.io/cluster-issuer: example-issuer
traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
traefik.frontend.redirect.entryPoint: https
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`example.com`)
kind: Rule
services:
- name: example-app
namespace: example
port: 443
tls:
hosts:
- example.com
options:
namespace: example
secretName: domain-com-tls
apiVersion: apps/v1
kind: ReplicaSet
metadata:
namespace: example
name: 'example-app-main'
labels:
app: 'example-app'
tier: 'frontend'
spec:
replicas: 1
selector:
matchLabels:
app: 'example-app'
template:
metadata:
labels:
app: 'example-app'
spec:
containers:
- name: example-app-container
image: richarvey/nginx-php-fpm:1.10.3
imagePullPolicy: Always
env:
- name: SSH_KEY
value: ‘hidden’
- name: GIT_REPO
value: 'git@gitlab.example.com:project//source.git'
- name: GIT_EMAIL
value: ‘hidden’
- name: GIT_NAME
value: ‘hidden’
ports:
- containerPort: 80
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: example-issuer
namespace: example
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: letsencrypt@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: domain-com-tls
# Enable the HTTP-01 challenge provider
solvers:
# An empty 'selector' means that this solver matches all domains
- http01:
ingress:
class: traefik
apiVersion: v1
kind: Service
metadata:
namespace: example
name: 'example-app'
spec:
type: ClusterIP
ports:
- protocol: TCP
name: http
port: 80
targetPort: 80
- protocol: TCP
name: https
port: 443
targetPort: 443
selector:
app: 'example-app'
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: domain-com
namespace: example
spec:
secretName: domain-com-tls
issuerRef:
name: example-issuer
kind: Issuer
commonName: example.com
dnsNames:
- example.com
您的YAML中有一些错误
示例入口路由.yml
中,您有“cert-manager.io/cluster-issuer:example issuer”
example issuer.yml
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: example-issuer
namespace: example
您可以在
example issuer.yml
中更改为群集颁发者。YAML中存在一些错误
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: example-issuer
namespace: example
示例入口路由.yml
中,您有“cert-manager.io/cluster-issuer:example issuer”
example issuer.yml
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: example-issuer
namespace: example
您可以在
示例颁发者中更改为群集颁发者。yml
您是手动创建证书还是由Ingress资源创建的?它是用Ingress资源创建的?您是手动创建证书还是由Ingress资源创建的?它是用Ingress资源创建的?我只想将颁发者命名为示例中的命名空间不是整个集群。我是否可以将cert-manager.io/issuer:example issuer替换为cert-manager.io/cluster-issuer:example issuer?我以为注释只是引用了我创建发行人的地方,以便链接它们?我应该删除注释部分中的整行吗?不,它是Issuer(在命名空间中工作)我改为cert-manager.io/issuer:example-issuer,并将example-issuer.yml保留为issuer,但我仍然有相同的问题。你能尝试将example-ingres-route.yml中的kind:ingres路由
改为kind:ingres
吗?我最初只有入口,但当时也不起作用(http是,而不是https)。我按照traefik文档中的建议进行了更改,以利用CRD方式:我只希望发行者作为名称空间,而不是整个集群。我是否可以将cert-manager.io/issuer:example issuer替换为cert-manager.io/cluster-issuer:example issuer?我以为注释只是引用了我创建发行人的地方,以便链接它们?我应该删除注释部分中的整行吗?不,它是Issuer(在命名空间中工作)我改为cert-manager.io/issuer:example-issuer,并将example-issuer.yml保留为issuer,但我仍然有相同的问题。你能尝试将example-ingres-route.yml中的kind:ingres路由
改为kind:ingres
吗?我最初只有入口,但当时也不起作用(http是,而不是https)。我根据traefik文档的建议进行了更改,以利用CRD方式:
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: example-issuer
namespace: example