Rem*_*ing 2 kubernetes cert-manager
I\xe2\x80\x99m 从 GitLab 管理的 Kubernetes 集群迁移到自我管理的集群。在这个自我管理的集群中需要安装 nginx-ingress 和 cert-manager。我已经设法对用于审查环境的集群执行相同的操作。我使用最新的 Helm3 RC 来管理这个,所以我不需要 Tiller。
\n\n到目前为止,我运行了这些命令:
\n\n# Add Helm repos locally\nhelm repo add stable https://kubernetes-charts.storage.googleapis.com\nhelm repo add jetstack https://charts.jetstack.io\n\n# Create namespaces\nkubectl create namespace managed\nkubectl create namespace production\n\n# Create cert-manager crds\nkubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml\n\n# Install Ingress\nhelm install ingress stable/nginx-ingress --namespace managed --version 0.26.1\n\n# Install cert-manager with a cluster issuer\nkubectl apply -f config/production/cluster-issuer.yaml\nhelm install cert-manager jetstack/cert-manager --namespace managed --version v0.11.0\n这是我的cluster-issuer.yaml:
# Based on https://docs.cert-manager.io/en/latest/reference/issuers.html#issuers\napiVersion: cert-manager.io/v1alpha2\nkind: ClusterIssuer\nmetadata:\n name: letsencrypt-prod\nspec:\n acme:\n server: https://acme-v02.api.letsencrypt.org/directory\n email: XXX # This is an actual email address in the real resource\n privateKeySecretRef:\n name: letsencrypt-prod\n solvers:\n - selector: {}\n http01:\n ingress:\n class: nginx\n我安装了自己的 Helm 图表,名为docs. Helm 图表中的所有资源均按预期安装。使用 cURL,我可以通过 HTTP 获取页面。不过,Google Chrome 将我重定向到带有无效证书的 HTTPS 页面。
已创建以下附加资源:
\n\n# Based on https://docs.cert-manager.io/en/latest/reference/issuers.html#issuers\napiVersion: cert-manager.io/v1alpha2\nkind: ClusterIssuer\nmetadata:\n name: letsencrypt-prod\nspec:\n acme:\n server: https://acme-v02.api.letsencrypt.org/directory\n email: XXX # This is an actual email address in the real resource\n privateKeySecretRef:\n name: letsencrypt-prod\n solvers:\n - selector: {}\n http01:\n ingress:\n class: nginx\n看来一切都被证书管理器命令阻止在无效状态。为什么会无效呢?我该如何解决这个问题?
\n| 归档时间: |
|
| 查看次数: |
8171 次 |
| 最近记录: |