- 创建 namespace
kubectl create namespace cert-manager
- 安装 crds
代码语言:javascript
复制kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml
- 标记命名空间 cert-manager 为 disable-validation
代码语言:javascript
复制kubectl lab el namespace cert-manager certmanager.k8s.io/disable-validation=true
- 将 jetstack 加入到 helm repos
代码语言:javascript
复制helm repo add jetstack https://charts.jetstack.io
- 更新 helm 仓库
代码语言:javascript
复制helm repo update
- 使用helm chart 安装 cert-manager
代码语言:javascript
复制kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.11.0/cert-manager.yaml
- 创建 clusterissuer
# issuer.yaml apiVersion: v1 kind: ClusterIssuer metadata: name: letsencrypt-prod #这里是issuer的名称,后面要使用 spec: acme: # 邮箱,证书过期前会发邮件到这个邮箱 email: admin@arfront.com server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: issuer-key solvers: - http01: ingress: class: nginx
代码语言:javascript
复制kubectl apply -f issuer.yaml
- 测试
代码语言:javascript
复制apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod #需要使用这个标记,letsencrypt-prod是上面issuer的名称
name: nginx
namespace: default
spec:
rules:
- host: dev.arfront.cn
http:
paths:
- backend:
serviceName: nginx
servicePort: 80
pathType: ImplementationSpecific
tls:
- hosts:
- dev.arfront.cn
secretName: dev.arfront.cn #证书的域名