Nginx 为什么入口无法识别证书？_Nginx_Kubernetes_Certificate_Cert Manager

Nginx 为什么入口无法识别证书？

nginx kubernetes certificate

Nginx 为什么入口无法识别证书？,nginx,kubernetes,certificate,cert-manager,Nginx,Kubernetes,Certificate,Cert Manager,我已在我的K8S上安装并创建了群集颁发者： apiVersion: v1 kind: Secret metadata: name: digitalocean-dns namespace: cert-manager data: # insert your DO access token here access-token: secret --- apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata:

我已在我的K8S上安装并创建了群集颁发者：

apiVersion: v1
kind: Secret
metadata:
  name: digitalocean-dns
  namespace: cert-manager
data:
  # insert your DO access token here
  access-token: secret

---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    email: mail@example.io
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: secret
    solvers:
      - dns01:
          digitalocean:
            tokenSecretRef:
              name: digitalocean-dns
              key: access-token
        selector:
          dnsNames:
            - "*.tool.databaker.io"
            #- "*.service.databaker.io"
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: mail@example.io
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: secret
    solvers:
      - dns01:
          digitalocean:
            tokenSecretRef:
              name: digitalocean-dns
              key: access-token
        selector:
          dnsNames:
            - "*.tool.databaker.io"

还创建了一个证书：

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: hello-cert
spec:
  secretName: hello-cert-prod
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  commonName: "*.tool.databaker.io"
  dnsNames:
    - "*.tool.databaker.io"

并成功创建了：

Normal  Requested  8m31s  cert-manager  Created new CertificateRequest resource "hello-cert-2824719253"
  Normal  Issued     7m22s  cert-manager  Certificate issued successfully

为了确定证书是否有效，我部署了一个服务：

apiVersion: v1
kind: Service
metadata:
  name: hello-kubernetes-first
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 8080
  selector:
    app: hello-kubernetes-first
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-kubernetes-first
spec:
  replicas: 3
  selector:
    matchLabels:
      app: hello-kubernetes-first
  template:
    metadata:
      labels:
        app: hello-kubernetes-first
    spec:
      containers:
        - name: hello-kubernetes
          image: paulbouwer/hello-kubernetes:1.7
          ports:
            - containerPort: 8080
          env:
            - name: MESSAGE
              value: Hello from the first deployment!
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: hello-kubernetes-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  rules:
    - host: hello.tool.databaker.io
      http:
        paths:
          - backend:
              serviceName: hello-kubernetes-first
              servicePort: 80
---

但它不能正常工作

我做错了什么？

您没有指定包含证书的机密：

spec:
  tls:
  - hosts:
    - hello.tool.databaker.io
    secretName: <secret containing the certificate>
  rules:
   ...

spec:
tls：
-主持人：
-hello.tool.databaker.io
秘书长姓名：
规则：
...