我正在尝试创建一个 kubernetes 集群命名空间,其中包含自动生成的用于入口的 DNS,并使用Let's Encrypt TLS 证书进行保护。不幸的是,我遇到了一些麻烦,不知道在哪里寻找解决方案。
正在使用多阶段 yaml 管道将其部署到 AKS 集群中,我已经在单独的命名空间中设置了 nginx 入口控制器和证书管理器。部署成功,一切似乎都在运行,但无法访问来自入口的公开主机名。查看证书时,我看到以下内容
Name: letsencrypt-tls-cd
Namespace: myApp-dev
Labels: app.kubernetes.io/instance=myApp
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=cd
app.kubernetes.io/version=9.3.0
helm.sh/chart=cd-1.0.0
Annotations: <none>
API Version: cert-manager.io/v1alpha3
Kind: Certificate
Metadata:
Creation Timestamp: 2020-06-15T11:59:53Z
Generation: 1
Owner References:
API Version: extensions/v1beta1
Block Owner Deletion: true
Controller: true
Kind: Ingress
Name: myApp-cd
UID: a6cbbf69-749e-4dd1-81cc-37a817051690
Resource Version: 1218430
Self Link: /apis/cert-manager.io/v1alpha3/namespaces/myApp-dev/certificates/letsencrypt-tls-cd
UID: 46ac0acb-71bf-4dbc-a376-c024e92d68ca
Spec:
Dns Names:
cd-myApp-dev.dev
Issuer Ref:
Group: cert-manager.io
Kind: Issuer
Name: letsencrypt-prod
Secret Name: letsencrypt-tls-cd
Status:
Conditions: …我正在尝试在 DigitalOcean 上使用 LetsEncrypt 部署带有 SSL 证书的 Kubernetes 集群。我遵循了这些说明,一切正常,直到 ClusterIssuer 创建挑战订单。然后我收到这个错误:
cert-manager/controller/orders "msg"="Failed to determine the list of Challenge resources needed for the Order" "error"="no configured challenge solvers can be used for this challenge" "resource_kind"="Order" "resource_name"="letsencrypt-prod-cert-458163912-1173127706"
我已经尝试过使用 http 并尝试配置 DigitalOcean 的dns01解析器,但都不起作用,并且出现了类似的错误。该站点通过 ip 和 dns 名称上线(尽管我收到了 no-ssl 证书警告)。这是 ClusterIssuer 描述:
Name: letsencrypt-issuer
Namespace:
Labels: app/instance=webapp
app/managed-by=Tiller
app/name=webapp
app/version=0.1.0
helm.sh/chart=webapp-0.1.0
Annotations: cert-manager.io/cluster-issuer: letsencrypt-issuer
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: true
API Version: cert-manager.io/v1alpha2
Kind: ClusterIssuer
Metadata:
Creation Timestamp: 2019-10-16T23:24:47Z
Generation: 2 …