k8s安装自动证书签发cert-manager letsencrypt

少羽大怪兽

发布于 2020-10-16 10:58:42

8240

发布于 2020-10-16 10:58:42

创建 namespace kubectl create namespace cert-manager
安装 crds

kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml

标记命名空间 cert-manager 为 disable-validation

kubectl lab el namespace cert-manager certmanager.k8s.io/disable-validation=true

将 jetstack 加入到 helm repos

helm repo add jetstack https://charts.jetstack.io

更新 helm 仓库

helm repo update

使用helm chart 安装 cert-manager

kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.11.0/cert-manager.yaml

创建 clusterissuer # issuer.yaml apiVersion: v1 kind: ClusterIssuer metadata: name: letsencrypt-prod #这里是issuer的名称，后面要使用 spec: acme: # 邮箱，证书过期前会发邮件到这个邮箱 email: admin@arfront.com server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: issuer-key solvers: - http01: ingress: class: nginx

kubectl apply -f issuer.yaml

测试

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod #需要使用这个标记，letsencrypt-prod是上面issuer的名称
  name: nginx
  namespace: default
spec:
  rules:
  - host: dev.arfront.cn
    http:
      paths:
      - backend:
          serviceName: nginx
          servicePort: 80
        pathType: ImplementationSpecific
  tls:
  - hosts:
    - dev.arfront.cn 
    secretName: dev.arfront.cn #证书的域名

本文参与腾讯云自媒体同步曝光计划，分享自作者个人站点/博客。

原始发表：2020-10-10 ，如有侵权请联系 cloudcommunity@tencent.com 删除

admin