Using cert-manager on AKS with LetsEncrypt and multiple certs

时间:2019-02-25 17:22:40

标签: azure kubernetes-ingress azure-kubernetes azure-aks cert-manager

Are there any working samples of using cert-manager on AKS with an Nginx ingress where multiple domains have been granted SSL via LetsEncrypt, and then those dns names are directed to separate containers?

I’ve had a single SSL setup for a while, but upon adding a second everything stopped working.

I have several clusters I’ll need to apply this to, so I’m hoping to ind a bullet proof example.

1 个答案:

答案 0 :(得分:3)

我认为这并不重要,我没有真正测试过,但是如果您添加2个具有不同域\秘密的单独入口资源,它应该可以工作(至少我看不出任何不应该这样做的原因):

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tls-example-ingress
  annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
    kubernetes.io/tls-acme: "true"
    certmanager.k8s.io/issuer: letsencrypt-production
    kubernetes.io/ingress.class: "nginx
spec:
  tls:
  - hosts:
    - sslexample.foo.com
    secretName: testsecret-tls
  rules:
    - host: sslexample.foo.com
      http:
        paths:
        - path: /
          backend:
            serviceName: service1
            servicePort: 80

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tls-example-ingress
  annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
    kubernetes.io/tls-acme: "true"
    certmanager.k8s.io/issuer: letsencrypt-production
    kubernetes.io/ingress.class: "nginx
spec:
  tls:
  - hosts:
    - sslexample1.foo.com
    secretName: testsecret-tls1
  rules:
    - host: sslexample1.foo.com
      http:
        paths:
        - path: /
          backend:
            serviceName: service2
            servicePort: 80

tls是一个数组,因此应包含多个项。不过,我不确定与cert-manager进行交互

tls:
- hosts:
  - sslexample.foo.com
  secretName: testsecret-tls
- hosts:
  - sslexample1.foo.com
  secretName: testsecret1-tls