为什么入口无法识别证书?

时间:2020-05-05 20:28:15

标签: nginx kubernetes certificate cert-manager

我已在自己的K8S https://cert-manager.io上安装并创建了群集发行者:

apiVersion: v1
kind: Secret
metadata:
  name: digitalocean-dns
  namespace: cert-manager
data:
  # insert your DO access token here
  access-token: secret

---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    email: mail@example.io
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: secret
    solvers:
      - dns01:
          digitalocean:
            tokenSecretRef:
              name: digitalocean-dns
              key: access-token
        selector:
          dnsNames:
            - "*.tool.databaker.io"
            #- "*.service.databaker.io"
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: mail@example.io
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: secret
    solvers:
      - dns01:
          digitalocean:
            tokenSecretRef:
              name: digitalocean-dns
              key: access-token
        selector:
          dnsNames:
            - "*.tool.databaker.io"

还创建了一个证书:

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: hello-cert
spec:
  secretName: hello-cert-prod
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  commonName: "*.tool.databaker.io"
  dnsNames:
    - "*.tool.databaker.io"

它已成功创建:

Normal  Requested  8m31s  cert-manager  Created new CertificateRequest resource "hello-cert-2824719253"
  Normal  Issued     7m22s  cert-manager  Certificate issued successfully

要弄清楚,如果证书有效,我已经部署了一项服务:

apiVersion: v1
kind: Service
metadata:
  name: hello-kubernetes-first
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 8080
  selector:
    app: hello-kubernetes-first
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-kubernetes-first
spec:
  replicas: 3
  selector:
    matchLabels:
      app: hello-kubernetes-first
  template:
    metadata:
      labels:
        app: hello-kubernetes-first
    spec:
      containers:
        - name: hello-kubernetes
          image: paulbouwer/hello-kubernetes:1.7
          ports:
            - containerPort: 8080
          env:
            - name: MESSAGE
              value: Hello from the first deployment!
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: hello-kubernetes-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  rules:
    - host: hello.tool.databaker.io
      http:
        paths:
          - backend:
              serviceName: hello-kubernetes-first
              servicePort: 80
---

但是它不能正常工作。

enter image description here

我在做什么错了?

1 个答案:

答案 0 :(得分:1)

您尚未指定包含证书的机密:

spec:
  tls:
  - hosts:
    - hello.tool.databaker.io
    secretName: <secret containing the certificate>
  rules:
   ...
相关问题
最新问题