为什么证书不被入口识别?

【问题标题】:Why the certificate is not recognized by the ingress?为什么证书不被入口识别?
【发布时间】:2020-05-05 20:28:15
【问题描述】:

我已经在我的 K8S 上安装了https://cert-manager.io 并创建了集群颁发者:

apiVersion: v1
kind: Secret
metadata:
  name: digitalocean-dns
  namespace: cert-manager
data:
  # insert your DO access token here
  access-token: secret

---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    email: mail@example.io
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: secret
    solvers:
      - dns01:
          digitalocean:
            tokenSecretRef:
              name: digitalocean-dns
              key: access-token
        selector:
          dnsNames:
            - "*.tool.databaker.io"
            #- "*.service.databaker.io"
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: mail@example.io
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: secret
    solvers:
      - dns01:
          digitalocean:
            tokenSecretRef:
              name: digitalocean-dns
              key: access-token
        selector:
          dnsNames:
            - "*.tool.databaker.io"

还创建了一个证书:

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: hello-cert
spec:
  secretName: hello-cert-prod
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  commonName: "*.tool.databaker.io"
  dnsNames:
    - "*.tool.databaker.io"

并成功创建:

Normal  Requested  8m31s  cert-manager  Created new CertificateRequest resource "hello-cert-2824719253"
  Normal  Issued     7m22s  cert-manager  Certificate issued successfully

为了弄清楚,如果证书有效,我已经部署了一个服务:

apiVersion: v1
kind: Service
metadata:
  name: hello-kubernetes-first
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 8080
  selector:
    app: hello-kubernetes-first
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-kubernetes-first
spec:
  replicas: 3
  selector:
    matchLabels:
      app: hello-kubernetes-first
  template:
    metadata:
      labels:
        app: hello-kubernetes-first
    spec:
      containers:
        - name: hello-kubernetes
          image: paulbouwer/hello-kubernetes:1.7
          ports:
            - containerPort: 8080
          env:
            - name: MESSAGE
              value: Hello from the first deployment!
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: hello-kubernetes-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  rules:
    - host: hello.tool.databaker.io
      http:
        paths:
          - backend:
              serviceName: hello-kubernetes-first
              servicePort: 80
---

但它不能正常工作。

我做错了什么?

【问题讨论】:

    标签: nginx kubernetes certificate cert-manager


    【解决方案1】:

    您尚未指定包含您的证书的机密:

    spec:
  tls:
  - hosts:
    - hello.tool.databaker.io
    secretName: <secret containing the certificate>
  rules:
   ...

    【讨论】:

      猜你喜欢
      • 2017-07-20
      • 1970-01-01
      • 2013-07-09
      • 1970-01-01
      • 1970-01-01
      • 2018-01-18
      • 2022-11-26
      • 2019-10-23
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode