Pas*_* K. 3 kubernetes cert-manager metallb
我设置了一个 kubernetes 集群,当前有两个节点,metallb 作为负载均衡器。
目前我想使用 Ingress 并通过 ssl 保护它。为此,我决定将 nginx ingress 与 cert-manager 结合使用,并在教程结束后将其放在他们的网站上。
但现在我收到错误“等待http-01挑战传播:无法执行自检GET请求' http://example.....zone/.well-known/acme-challenge/A5lFUj69fDccpXlvlyVw9-ekATEjt_-DKiJUzJSafxs ' :获取“ http://example.....zone/.well-known/acme-challenge/A5lFUj69fDccpXlvlyVw9-ekATEjt_-DKiJUzJSafxs ”:拨打tcp 94.130.150.125:80:连接:连接超时“
我当前的 ClusterIssuer 如下所示:
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
namespace: cert-manager
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: letsencrypt@mymail.de
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
我正在尝试自动提供证书
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: web-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
cert-manager.io/acme-challenge-type: http01
spec:
tls:
- hosts:
- example.....zone
secretName: example-...-zone-tls
rules:
- host: example.....zone
http:
paths:
- path: /
backend:
serviceName: nginx-service
servicePort: 80
手动我可以完美到达任何地址。
这对我有用。
\n\nLoadBalancer服务变化ingress-nginx。
添加/更改externalTrafficPolicy: Cluster。
原因是,具有证书颁发者的 Pod 与负载均衡器位于不同的节点上,因此它无法通过入口与自身通信。
\n\n\n\nkind: Service\napiVersion: v1\nmetadata:\n name: ingress-nginx\n namespace: ingress-nginx\n labels:\n app.kubernetes.io/name: ingress-nginx\n app.kubernetes.io/part-of: ingress-nginx\nspec:\n #CHANGE/ADD THIS\n externalTrafficPolicy: Cluster\n type: LoadBalancer\n selector:\n app.kubernetes.io/name: ingress-nginx\n app.kubernetes.io/part-of: ingress-nginx\n ports:\n - name: http\n port: 80\n targetPort: http\n - name: https\n port: 443\n targetPort: https\n\n---\n| 归档时间: |
|
| 查看次数: |
8048 次 |
| 最近记录: |