我无法通过DNS挑战,我不确定为什么。问题似乎出在我的GCP设置中,但不确定我的配置错误。在下面的示例中,我删除了一些私有数据(例如,域,projectID)
错误:
挑战控制器:由于错误处理,重新排队项目“ default / ambassador-certs-519855222-0”:未找到与域
Certificate.yaml
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: ambassador-certs
spec:
secretName: ambassador-certs
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: "<mydomain>"
dnsNames:
# you can add multiple domains here
- "<mydomain>"
acme:
config:
- dns01:
provider: letsencrypt-prod
domains:
# you can add multiple domains here
- "<mydomain>"
集群发行人:
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: <MyEmail>
privateKeySecretRef:
name: ambassador-certs
dns01:
providers:
- name: letsencrypt-prod
clouddns:
# The ID of the GCP project
project: <MYPROJECTID>
# This is the secret used to access the service account
serviceAccountSecretRef:
name: cert-manager-credentials
key: token
我正在使用Terraform安装cert-manager并创建我的服务帐户。它实际上是创建一个服务帐户并将其绑定到“ dns.admin”角色。
resource "google_project_iam_binding" "dns-admin-role" {
role = "roles/dns.admin"
members = [
"serviceAccount:${google_service_account.dns-admin.email}"
]
}
resource "google_service_account_key" "dnskey" {
service_account_id = "${google_service_account.dns-admin.name}"
}
resource "kubernetes_secret" "google-application-credentials" {
metadata = {
name = "cert-manager-credentials"
namespace = "cert-manager"
}
data {
token = "${base64decode(google_service_account_key.dnskey.private_key)}"
}
}
我也在GCP中“验证了我的域名”,但这似乎没有任何影响。不知道我还需要做些什么来验证域。显然配置有误。
任何帮助将不胜感激。