我正在尝试为 Digitalocean 中的 m kubernetes 集群设置证书管理器。
在安装 cert-manager 并确保服务正在运行后,我创建了我的颁发者:
staging-issuer
:
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
namespace: cert-manager
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: myemail@mail.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
然后在我的入口中添加如下:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: isildur-ingress
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-staging"
spec:
tls:
- hosts:
- auth-svc.url.com
- email-service.url.com
secretName: name-secret-tls
rules:
- host: email-service.url.com
http:
paths:
- backend:
serviceName: email-service
servicePort: 3000
- host: auth-svc.url.com
http:
paths:
- backend:
serviceName: auth-svc
servicePort: 3000
使用 kubectl describe ingress
从我的入口获取输出:
Normal CreateCertificate 58s cert-manager Successfully created Certificate "name-secret-tls"
但是当我尝试使用 kubectl get certificate
获取证书时:
No resources found in default namespace.
。添加 --all-namespaces
也不显示任何内容。
答案 0 :(得分:1)
我发现了这个问题。 Gitlab 已经安装了他们的 cert-manager,它与我手动安装的冲突。