Kubernetes让我们加密未颁发的证书 [英] Kubernetes Let's Encrypt Certificate Not Issuing

问题描述

我已经完成了以下所有必需的配置，以便从kubernetes中的letsencrypt获取证书，但是我看不到任何已颁发的证书.

I've done all required configurations as below to get certificate from letsencrypt in kubernetes, however I cannot see any certificate issued.

• 使用头盔安装Nginx插件

helm install my-nginx-ingress stable/nginx-ingress --set controller.publishService.enabled=true

• 证书管理器安装

kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml
kubectl create namespace cert-manager
helm repo add jetstack https://charts.jetstack.io
helm install my-cert-manager --namespace spinnaker jetstack/cert-manager --set ingressShim.defaultIssuerName=letsencrypt-prod --set ingressShim.defaultIssuerKind=ClusterIssuer

• ClusterIssuer

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: test@test.test
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx

• 入口

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: spinnaker-ingress
  namespace: spinnaker
  annotations:
    kubernetes.io/ingress.class: nginx
    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
spec:
  tls:
  - hosts:
    - SpinnakerApiDomain
    - SpinnakerDeckDomain
    secretName: spinnaker
  rules:
  - host: SpinnakerApiDomain
    http:
      paths:
      - backend:
          serviceName: spin-gate
          servicePort: 8084
  - host: SpinnakerDeckDomain
    http:
      paths:
      - backend:
          serviceName: spin-deck
          servicePort: 9000

我正在关注以下文档:

我也浏览了其他URL，它们具有相同的步骤，但是当我执行kubectl get certificates --all-namespaces时，看不到任何已颁发的证书.

I've gone through other URLs as well which has same steps but when I do kubectl get certificates --all-namespaces I cannot see any certificate issued.

基本上我是在HTTPS后面配置Spinnaker.

Basically I'm configuring Spinnaker behind HTTPS.

请告知.谢谢.

推荐答案

当您要将自己的自签名证书用于Ingress时，必须创建TLS密钥.

When you want to use your own self-signed certificate for Ingress, you have to create TLS secret.

首先，您必须生成自签名证书和私钥，例如:

First you have to generate self-signed certificate and private key, for example:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem -subj "/CN=${HOST}/O=${HOST}"

它会提示您一些事情，例如国家名称"或州"，但是您可以点击 Enter接受默认值.

It will prompt you for few things, like Country Name or State but you can just hit Enter to accept defaults.

然后创建您的tls机密:

Then create your tls secret:

kubectl create secret tls <secret_name> --key key.pem --cert cert.pem

然后您可以在Ingress中使用它:

Then you can use it in your Ingress:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: spinnaker-ingress
  namespace: spinnaker
  annotations:
    kubernetes.io/ingress.class: nginx
    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
spec:
  tls:
  - hosts:
    - SpinnakerApiDomain
    - SpinnakerDeckDomain
    secretName: <secret_name>
  rules:
  - host: SpinnakerApiDomain
    http:
      paths:
      - backend:
          serviceName: spin-gate
          servicePort: 8084
  - host: SpinnakerDeckDomain
    http:
      paths:
      - backend:
          serviceName: spin-deck
          servicePort: 9000

这篇关于Kubernetes让我们加密未颁发的证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！