我想使用dns挑战(即 blabla.westeurope.cloudapp.azure.com )为Kubernetes应用程序创建证书。 根据下面的链接,我必须在azure中创建我的自定义dns区域,并且必须将其用于相同的目的:
https://cert-manager.io/docs/configuration/acme/dns01/azuredns/
kind: Issuer
metadata:
name: example-issuer
spec:
acme:
...
solvers:
- dns01:
azuredns:
clientID: AZURE_CERT_MANAGER_SP_APP_ID
clientSecretSecretRef:
# The following is the secret we created in Kubernetes. Issuer will use this to present challenge to Azure DNS.
name: azuredns-config
key: client-secret
subscriptionID: AZURE_SUBSCRIPTION_ID
tenantID: AZURE_TENANT_ID
resourceGroupName: AZURE_DNS_ZONE_RESOURCE_GROUP
hostedZoneName: AZURE_DNS_ZONE
# Azure Cloud Environment, default to AzurePublicCloud
environment: AzurePublicCloud
任何人都可以在这里帮助我,如何使用Azure提供的DNS颁发证书?
答案 0 :(得分:1)
如果您已根据本文配置了所有内容,则下一步将是创建证书:
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: domain.AZURE_DNS_ZONE
spec:
acme:
config:
- domains:
- "domain.AZURE_DNS_ZONE"
dns01:
provider: azure
commonName: "domain.AZURE_DNS_ZONE"
dnsNames:
- "domain.AZURE_DNS_ZONE"
issuerRef:
kind: Issuer
name: example-issuer
secretName: secretname
此外,您无法使用DNS质询为westeurope.cloudapp.azure.com颁发证书,因此只能为您AZURE_DNS_ZONE颁发证书