Kubernetes让我们加密未颁发的证书 [英] Kubernetes Let's Encrypt Certificate Not Issuing
问题描述
我已经完成了以下所有必需的配置,以便从kubernetes中的letsencrypt获取证书,但是我看不到任何已颁发的证书.
I've done all required configurations as below to get certificate from letsencrypt in kubernetes, however I cannot see any certificate issued.
- 使用头盔安装Nginx插件
helm install my-nginx-ingress stable/nginx-ingress --set controller.publishService.enabled=true
- 证书管理器安装
kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml
kubectl create namespace cert-manager
helm repo add jetstack https://charts.jetstack.io
helm install my-cert-manager --namespace spinnaker jetstack/cert-manager --set ingressShim.defaultIssuerName=letsencrypt-prod --set ingressShim.defaultIssuerKind=ClusterIssuer
- ClusterIssuer
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: test@test.test
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
- 入口
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: spinnaker-ingress
namespace: spinnaker
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- SpinnakerApiDomain
- SpinnakerDeckDomain
secretName: spinnaker
rules:
- host: SpinnakerApiDomain
http:
paths:
- backend:
serviceName: spin-gate
servicePort: 8084
- host: SpinnakerDeckDomain
http:
paths:
- backend:
serviceName: spin-deck
servicePort: 9000
我正在关注以下文档:
我也浏览了其他URL,它们具有相同的步骤,但是当我执行kubectl get certificates --all-namespaces
时,看不到任何已颁发的证书.
I've gone through other URLs as well which has same steps but when I do kubectl get certificates --all-namespaces
I cannot see any certificate issued.
基本上我是在HTTPS后面配置Spinnaker.
Basically I'm configuring Spinnaker behind HTTPS.
请告知.谢谢.
推荐答案
当您要将自己的自签名证书用于Ingress时,必须创建TLS密钥.
When you want to use your own self-signed certificate for Ingress, you have to create TLS secret.
首先,您必须生成自签名证书和私钥,例如:
First you have to generate self-signed certificate and private key, for example:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem -subj "/CN=${HOST}/O=${HOST}"
它会提示您一些事情,例如国家名称"或州",但是您可以点击
Enter
接受默认值.
It will prompt you for few things, like Country Name or State but you can just hit
Enter
to accept defaults.
然后创建您的tls机密:
Then create your tls secret:
kubectl create secret tls <secret_name> --key key.pem --cert cert.pem
然后您可以在Ingress中使用它:
Then you can use it in your Ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: spinnaker-ingress
namespace: spinnaker
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- SpinnakerApiDomain
- SpinnakerDeckDomain
secretName: <secret_name>
rules:
- host: SpinnakerApiDomain
http:
paths:
- backend:
serviceName: spin-gate
servicePort: 8084
- host: SpinnakerDeckDomain
http:
paths:
- backend:
serviceName: spin-deck
servicePort: 9000
这篇关于Kubernetes让我们加密未颁发的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!