k8s 安装Cert-Manager 并实现自动http证书申请续期
安装Cert-Manager
kubectl apply -f https://file.codei.top/upload/2024-03/cert-manager.yaml
安装Ingress-Nginx
kubectl apply -f https://file.codei.top/upload/2024-03/nginx-ingress.yaml
创建ClusterIssuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: 123@163.com #邮箱
privateKeySecretRef:
name: letsencrypt-xxxx #自定义密钥
solvers:
- http01:
ingress:
class: nginx
创建 Certificate
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: example-com-cert
namespace: prod
spec:
dnsNames:
- example.com
secretName: example-com-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
这样就会自动把证书申请到k8s secret name= k3s-codei-top-tls 中
ingress 自动申请不使用Certificate
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod # 指定cluster-issuer
name: myIngress
namespace: prod
spec:
rules:
- host: example.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: myservice
port:
number: 80
tls:
- hosts:
- example.com
secretName: myingress-cert