我有一个运行cert-manager1.11.0 和Traefik2.9.6 的 Kubernetes (v1.25.2) 集群。对于某些服务,我想Let's Encrypt自动签署证书。出于某种原因,使用IngressRoute而不是感觉更好Ingress。我只是无法让 IngressRoute 创建证书。
现在,我有一个ClusterIssuer:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: my@email.com
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: traefik
并且,工作,对应Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myapp-name-websecure
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: traefik
rules:
- host: my.host.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: linkingservice
port:
number: 80
tls:
- …