Kubernetes让我们加密未颁发的证书

时间:2020-01-08 09:24:36

标签: kubernetes lets-encrypt kubernetes-ingress nginx-ingress spinnaker

我已经完成了以下所有必需的配置,以从kubernetes中的letsencrypt获取证书,但是我看不到任何已颁发的证书。

  • 使用头盔安装Nginx插件

helm install my-nginx-ingress stable/nginx-ingress --set controller.publishService.enabled=true

  • 证书管理器安装
kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml
kubectl create namespace cert-manager
helm repo add jetstack https://charts.jetstack.io
helm install my-cert-manager --namespace spinnaker jetstack/cert-manager --set ingressShim.defaultIssuerName=letsencrypt-prod --set ingressShim.defaultIssuerKind=ClusterIssuer
  • ClusterIssuer 
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: test@test.test
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx
  • 入口
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: spinnaker-ingress
  namespace: spinnaker
  annotations:
    kubernetes.io/ingress.class: nginx
    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
spec:
  tls:
  - hosts:
    - SpinnakerApiDomain
    - SpinnakerDeckDomain
    secretName: spinnaker
  rules:
  - host: SpinnakerApiDomain
    http:
      paths:
      - backend:
          serviceName: spin-gate
          servicePort: 8084
  - host: SpinnakerDeckDomain
    http:
      paths:
      - backend:
          serviceName: spin-deck
          servicePort: 9000

我正在关注以下文档:

https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-on-digitalocean-kubernetes-using-helm

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-cd-pipeline-with-spinnaker-on-digitalocean-kubernetes

我也浏览了其他URL,这些步骤具有相同的步骤,但是当我进行kubectl get certificates --all-namespaces时,看不到任何已颁发的证书。

基本上我是在HTTPS后面配置Spinnaker。

请告知。谢谢。

1 个答案:

答案 0 :(得分:0)

如果要将自己的自签名证书用于Ingress,则必须创建TLS密钥。

首先,您必须生成自签名证书和私钥,例如:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem -subj "/CN=${HOST}/O=${HOST}"

它会提示您一些事情,例如“国家名称”或“州”,但是您可以点击 Enter接受默认值。

然后创建您的tls机密:

kubectl create secret tls <secret_name> --key key.pem --cert cert.pem

然后您可以在Ingress中使用它:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: spinnaker-ingress
  namespace: spinnaker
  annotations:
    kubernetes.io/ingress.class: nginx
    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
spec:
  tls:
  - hosts:
    - SpinnakerApiDomain
    - SpinnakerDeckDomain
    secretName: <secret_name>
  rules:
  - host: SpinnakerApiDomain
    http:
      paths:
      - backend:
          serviceName: spin-gate
          servicePort: 8084
  - host: SpinnakerDeckDomain
    http:
      paths:
      - backend:
          serviceName: spin-deck
          servicePort: 9000
相关问题
最新问题