k8s 安装Cert-Manager 并实现自动http证书申请续期

Kubernetes

k8s 安装Cert-Manager 并实现自动http证书申请续期

安装Cert-Manager

kubectl apply -f https://file.codei.top/upload/2024-03/cert-manager.yaml

安装Ingress-Nginx

kubectl apply -f https://file.codei.top/upload/2024-03/nginx-ingress.yaml

创建ClusterIssuer

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: 123@163.com #邮箱
    privateKeySecretRef:
      name: letsencrypt-xxxx #自定义密钥
    solvers:    
    - http01:
        ingress:
          class: nginx

创建 Certificate

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: example-com-cert
  namespace: prod
spec:
  dnsNames:
    - example.com
  secretName: example-com-tls
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer

这样就会自动把证书申请到k8s secret name= k3s-codei-top-tls 中

ingress 自动申请不使用Certificate

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod # 指定cluster-issuer
  name: myIngress
  namespace: prod
spec:
  rules:
  - host: example.com
    http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service:
            name: myservice
            port:
              number: 80
  tls: 
  - hosts:
    - example.com
    secretName: myingress-cert

如果觉得文章对你有用，请随意赞赏

k8s 安装Cert-Manager 并实现自动http证书申请续期

https://codei.top/archives/1709862010830

作者

朝阳

发布于

2024-03-08

更新于

2024-04-28

许可协议

CC BY 4.0

k8s 安装Cert-Manager 并实现自动http证书申请续期

k8s 安装Cert-Manager 并实现自动http证书申请续期

安装Cert-Manager

安装Ingress-Nginx

创建ClusterIssuer

创建 Certificate

ingress 自动申请不使用Certificate

作者

发布于

更新于

许可协议

评论