利用cert-manage申请https证书,完成实时解析指定环境的域名
cret-manage安装
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.13.1
ingress-nginx安装
helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace
配置 Let's Encrypt 发行者
vim clusterissuer.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-nginx
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: <user@example.com>
privateKeySecretRef:
name: letsencrypt-nfinx
solvers:
- http01:
ingress:
ingressClassName: nginx
kubectl apply -f clusterissuer.yaml
设置ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: <name>
namespace: <name>
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-nginx" //clusterissuer中的privatekeysecretref.name
kubernetes.io/tls-acme: "true"
ingress.kubernetes.io/ssl-redirect: "true"
spec:
ingressClassName: "nginx"
rules:
- host: xxx.xxx.com //填写自己的域名
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: xxx
port:
number: 80
tls:
- hosts:
- xxx.xxx.com //填写自己的域名
secretName: xxx.xxx.com //填写自己的域名,自动生成证书