给出: 我想通过证书管理器使用letencrypt证书运行Web应用程序
问题 我可以使用http访问该站点,但是https无效,即使我看到cert-manager创建了一个证书,该证书也保存为秘密。
我做什么
1。)我安装了带头盔的cert-manager
helm install --name cert-manager --namespace kube-system stable/cert-manager rbac.create=false
然后我应用了我的k8s yaml。
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: myEmail
privateKeySecretRef:
name: letsencrypt-staging
http01: {}
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: myEmail
privateKeySecretRef:
name: letsencrypt-prod
http01: {}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: api-runtime
labels:
name: api-runtime
app: api-runtime
spec:
replicas: 1
template:
metadata:
labels:
app: api-runtime
spec:
containers:
- name: clickouts-api-host
image: microsoft/dotnet-samples:aspnetapp
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: api-host-svc
labels:
app: api-runtime
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: api-runtime
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
kubernetes.io/ingress.class: "gce"
kubernetes.io/ingress.global-static-ip-name: api
kubernetes.io/tls-acme: "true"
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- mydomain.comt
secretName: api-tls
rules:
- host: mydomain.com
http:
paths:
- path: /*
backend:
serviceName: api-host-svc
servicePort: 80
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: api-tls
spec:
secretName: api-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: mydomain.com
dnsNames:
- mydomain.com
acme:
config:
- http01:
ingress: nginx-ingress
domains:
- mydomain.com
我还想获得一个https路由吗?
答案 0 :(得分:0)
我在tls中发现了一个错字:-主机:-mydomain.comt