无法在 k3s 中使用证书管理器创建颁发者

时间:2021-04-22 12:05:25

标签: ssl kubernetes cert-manager

我想在我的 kubernetes 集群上创建一个颁发者。

我按照 https://cert-manager.io/docs/installation/kubernetes/ 的指南安装了 cert-manager 和 helm。

检查后似乎工作正常

% kubectl get pods --namespace cert-manager
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-7998c69865-754mr              1/1     Running   6          2d21h
cert-manager-webhook-7d6d4c78bc-97g2g      1/1     Running   3          2d21h
cert-manager-cainjector-7b744d56fb-bvwjd   1/1     Running   8          2d21h

但是当我使用指南中提到的发行人对其进行测试时,它失败了

test-resources.yaml
---
apiVersion: v1
kind: Namespace
metadata:
  name: cert-manager-test
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: test-selfsigned
  namespace: cert-manager-test
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: selfsigned-cert
  namespace: cert-manager-test
spec:
  dnsNames:
    - example.com
  secretName: selfsigned-cert-tls
  issuerRef:
    name: test-selfsigned\

Spec:
  Dns Names:
    example.com
  Issuer Ref:
    Name:       test-selfsigned
  Secret Name:  selfsigned-cert-tls
Status:
  Conditions:
    Last Transition Time:  2021-04-22T12:03:25Z
    Message:               Certificate is up to date and has not expired
    Observed Generation:   1
    Reason:                Ready
    Status:                True
    Type:                  Ready
  Not After:               2021-07-21T12:03:25Z
  Not Before:              2021-04-22T12:03:25Z
  Renewal Time:            2021-06-21T12:03:25Z
  Revision:                1
Events:
  Type    Reason     Age   From          Message
  ----    ------     ----  ----          -------
  Normal  Issuing    4s    cert-manager  Issuing certificate as Secret does not exist
  Normal  Generated  2s    cert-manager  Stored new private key in temporary Secret resource "selfsigned-cert-z8ssc"
  Normal  Requested  2s    cert-manager  Created new CertificateRequest resource "selfsigned-cert-f9kmc"
  Normal  Issuing    1s    cert-manager  The certificate has been successfully issued

似乎是什么问题?

一般我使用以下发行者

letsencrypt-staging.yaml
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    # The ACME server URL
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    preferredChain: "ISRG Root X1"
    # Email address used for ACME registration
    email: Email
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-staging
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class:  nginx

letsencrypt-prod.yaml   
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    preferredChain: "ISRG Root X1"
    # Email address used for ACME registration
    email: email
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class: nginx

0 个答案:

没有答案
相关问题
最新问题