我正在使用以下文档在 kubernetes 部署的应用程序上实现 https: https://learn.microsoft.com/en-us/azure/aks/ingress-tls
我收到“证书不存在”。我使用了集群发行者和“letsencrypt-prod”。我有以下证书:
顶点crt
acme-crt- secret
证书管理器-webhook-ca
证书管理器-webhook-webhook-tls
tls- secret
为什么我在描述证书时收到“证书不存在”?
`Name: acme-crt-secret
Namespace: <name-space>
Labels: <none>
Annotations: <none>
API Version: certmanager.k8s.io/v1alpha1
Kind: Certificate
Metadata:
Creation Timestamp: 2019-07-19T07:41:46Z
Generation: 2
Owner References:
API Version: extensions/v1beta1
Block Owner Deletion: true
Controller: true
Kind: Ingress
Name: starc
UID: <Id>
Resource Version: <version>
Self Link: /apis/certmanager.k8s.io/v1alpha1/namespaces/<name-space>/certificates/acme-crt-secret
UID: <Uid>
Spec:
Acme:
Config:
Domains:
starcapp.com
Http 01:
Ingress:
Ingress Class: nginx
Dns Names:
starcapp.com
Issuer Ref:
Kind: ClusterIssuer
Name: letsencrypt-prod
Secret Name: acme-crt-secret
Status:
Conditions:
Last Transition Time: 2019-07-19T07:41:46Z
Message: Certificate does not exist
Reason: NotFound
Status: False
Type: Ready
Events: <none>`
最佳答案
尝试在您的证书配置文件中指定命名空间。
查看示例证书配置文件:
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: tls-secret
namespace: ingress-basic
spec:
secretName: tls-secret-staging
dnsNames:
- demo-aks-ingress.eastus.cloudapp.azure.com
acme:
config:
- http01:
ingressClass: nginx
domains:
- demo-aks-ingress.eastus.cloudapp.azure.com
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
然后执行命令:
$ kubectl apply -f your-certificate-filename.yaml
确保 key 在证书管理器命名空间中。
同时创建证书手册。一旦您“强制”证书管理员创建证书,他也很乐意自动创建证书。
关于azure - https kubernetes 部署的应用程序,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57142730/