cert-manager及签发域名证书

cert-manager及签发域名证书

利用cert-manage申请https证书,完成实时解析指定环境的域名

cret-manage安装

helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.13.1

ingress-nginx安装

helm upgrade --install ingress-nginx ingress-nginx  --repo https://kubernetes.github.io/ingress-nginx  --namespace ingress-nginx --create-namespace

配置 Let's Encrypt 发行者

vim clusterissuer.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-nginx
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: <user@example.com>
    privateKeySecretRef:
      name: letsencrypt-nfinx
    solvers:
      - http01:
          ingress:
            ingressClassName: nginx
kubectl apply -f clusterissuer.yaml

设置ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: <name>
  namespace: <name>
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "letsencrypt-nginx" //clusterissuer中的privatekeysecretref.name
    kubernetes.io/tls-acme: "true"
    ingress.kubernetes.io/ssl-redirect: "true"
spec:
  ingressClassName: "nginx"
  rules:
    - host: xxx.xxx.com  //填写自己的域名
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: xxx
                port:
                  number: 80
  tls:
    - hosts:
        - xxx.xxx.com       //填写自己的域名
      secretName: xxx.xxx.com   //填写自己的域名,自动生成证书

Licensed under CC BY-NC-SA 4.0