给定: 我想通过证书管理器运行带有letsencrypt证书的Web应用程序
问题 我可以使用 http 访问该站点,但 https 不起作用,即使我可以看到 cert-manager 创建了一个也保存为机密的证书。
我做了什么
1.) 我用 helm 安装了 cert-manager
helm install --name cert-manager --namespace kube-system stable/cert-manager rbac.create=false
然后我应用了我的 k8s yaml。
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: myEmail
privateKeySecretRef:
name: letsencrypt-staging
http01: {}
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: myEmail
privateKeySecretRef:
name: letsencrypt-prod
http01: {}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: api-runtime
labels:
name: api-runtime
app: api-runtime
spec:
replicas: 1
template:
metadata:
labels:
app: api-runtime
spec:
containers:
- name: clickouts-api-host
image: microsoft/dotnet-samples:aspnetapp
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: api-host-svc
labels:
app: api-runtime
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: api-runtime
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
kubernetes.io/ingress.class: "gce"
kubernetes.io/ingress.global-static-ip-name: api
kubernetes.io/tls-acme: "true"
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- mydomain.comt
secretName: api-tls
rules:
- host: mydomain.com
http:
paths:
- path: /*
backend:
serviceName: api-host-svc
servicePort: 80
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: api-tls
spec:
secretName: api-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: mydomain.com
dnsNames:
- mydomain.com
acme:
config:
- http01:
ingress: nginx-ingress
domains:
- mydomain.com
我还缺少什么来获得 https 路由?