使用dns挑战向AKS PublicIP(AzureDNS)颁发证书

时间:2020-02-26 11:32:38

标签: kubernetes azure-aks azure-kubernetes

我想使用dns挑战(即 blabla.westeurope.cloudapp.azure.com )为Kubernetes应用程序创建证书。 根据下面的链接,我必须在azure中创建我的自定义dns区域,并且必须将其用于相同的目的:

https://cert-manager.io/docs/configuration/acme/dns01/azuredns/ 

kind: Issuer
metadata:
  name: example-issuer
spec:
  acme:
    ...
    solvers:
    - dns01:
        azuredns:
          clientID: AZURE_CERT_MANAGER_SP_APP_ID
          clientSecretSecretRef:
          # The following is the secret we created in Kubernetes. Issuer will use this to present challenge to Azure DNS.
            name: azuredns-config
            key: client-secret
          subscriptionID: AZURE_SUBSCRIPTION_ID
          tenantID: AZURE_TENANT_ID
          resourceGroupName: AZURE_DNS_ZONE_RESOURCE_GROUP
          hostedZoneName: AZURE_DNS_ZONE
          # Azure Cloud Environment, default to AzurePublicCloud
          environment: AzurePublicCloud

任何人都可以在这里帮助我,如何使用Azure提供的DNS颁发证书?

1 个答案:

答案 0 :(得分:1)

如果您已根据本文配置了所有内容,则下一步将是创建证书:

apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: domain.AZURE_DNS_ZONE
spec:
  acme:
    config:
      - domains:
          - "domain.AZURE_DNS_ZONE"
        dns01:
          provider: azure
  commonName: "domain.AZURE_DNS_ZONE"
  dnsNames:
    - "domain.AZURE_DNS_ZONE"
  issuerRef:
    kind: Issuer
    name: example-issuer
  secretName: secretname

此外,您无法使用DNS质询为westeurope.cloudapp.azure.com颁发证书,因此只能为您AZURE_DNS_ZONE颁发证书

相关问题
最新问题