網(wǎng)上找了很多教程, 但是都是舊版本, 安裝后失敗. 最新的cert-manager v1.6.0這樣安裝才成功!!!
- 安裝cert-manager
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.6.0/cert-manager.yaml
- 檢測安裝完成, 確認(rèn)pod running
kubectl get all -n cert-manager
- 設(shè)置cert-manager, 確保改成自己的email
cat <<EOF > letsencrypt-prod-issuer.yaml
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-prod
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# 填寫你的email
email: user@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
# Enable the HTTP-01 challenge provider
solvers:
# An empty 'selector' means that this solver matches all domains
- selector: {}
http01:
ingress: {}
EOF
- 部署Issuer
kubectl apply -f letsencrypt-prod-issuer.yaml
- 部署一個自動ssl的service, 更換成自己的域名, 該域名需要A記錄解析到你的服務(wù)器公網(wǎng)ip
cat <<EOF > k8s-bootcamp.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8s-bootcamp
spec:
replicas: 1
selector:
matchLabels:
app: k8s-bootcamp
template:
metadata:
labels:
app: k8s-bootcamp
spec:
containers:
- name: k8s-bootcamp
image: gcr.io/google-samples/kubernetes-bootcamp:v1
---
apiVersion: v1
kind: Service
metadata:
name: k8s-bootcamp
spec:
ports:
- name: http
targetPort: 8080
port: 80
selector:
app: k8s-bootcamp
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: k8s-bootcamp
annotations:
kubernetes.io/ingress.class: "traefik"
cert-manager.io/issuer: "letsencrypt-prod"
spec:
tls:
- hosts:
# Change this to your own hostname
- bootcamp.k3s.example.org
secretName: bootcamp-k3s-example-org-tls
rules:
# Change this to your own hostname
- host: bootcamp.k3s.example.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: k8s-bootcamp
port:
name: http
EOF
kubectl apply -f k8s-bootcamp.yaml
沒有出現(xiàn)錯誤的話, 過一會就能用https了
