为使用 docker-compose 启动的 Rancher 2.x 的证书管理器创建颁发者
Create Issuer for cert-manager for Rancher 2.x launched with docker-compose
我正在测试 Rancher 2 作为 Kubernetes 接口。 Rancher 2 使用 docker-compose 启动,使用图像 rancher/rancher:latest.
集群、节点、pods一切正常。然后我尝试使用证书保护一些负载平衡器。这样做,我从 catalog/helm.
安装 cert-manager
我已尝试按照此视频教程 (https://www.youtube.com/watch?v=xc8Jg9ItDVk) 进行操作,其中解释了如何创建颁发者和证书,以及如何将其 link 到负载平衡器。
我为发行人创建了一个文件:
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: root@example.com
privateKeySecretRef:
name: letsencrypt-private-key
http01: {}
是时候创建颁发者了。
sudo docker-compose exec rancher bash
我已连接到 Rancher 容器。 kubectl 和 helm 已安装。
我尝试创建发行者:
kubectl create -f etc/cert-manager/cluster-issuer.yaml
error: unable to recognize "etc/cert-manager/cluster-issuer.yaml": no matches for certmanager.k8s.io/, Kind=ClusterIssuer
补充信息:
当我做 helm list:
Error: could not find a ready tiller pod
我得到 pods 来寻找舵柄 :
kubectl get pods
NAME READY STATUS RESTARTS AGE
tiller-deploy-6ffc49c5df-zbjg8 0/1 Pending 0 39m
我描述了这个 pod :
kubectl describe pod tiller-deploy-6ffc49c5df-zbjg8
Name: tiller-deploy-6ffc49c5df-zbjg8
Namespace: default
Node: <none>
Labels: app=helm
name=tiller
pod-template-hash=2997057189
Annotations: kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"default","name":"tiller-deploy-6ffc49c5df","uid":"46f74523-7f8f-11e8-9d04-0242ac1...
Status: Pending
IP:
Created By: ReplicaSet/tiller-deploy-6ffc49c5df
Controlled By: ReplicaSet/tiller-deploy-6ffc49c5df
Containers:
tiller:
Image: gcr.io/kubernetes-helm/tiller:v2.8.0-rancher3
Ports: 44134/TCP, 44135/TCP
Liveness: http-get http://:44135/liveness delay=1s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:44135/readiness delay=1s timeout=1s period=10s #success=1 #failure=3
Environment:
TILLER_NAMESPACE: default
TILLER_HISTORY_MAX: 0
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from tiller-token-hbfgz (ro)
Conditions:
Type Status
PodScheduled False
Volumes:
tiller-token-hbfgz:
Type: Secret (a volume populated by a Secret)
SecretName: tiller-token-hbfgz
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.alpha.kubernetes.io/notReady:NoExecute for 300s
node.alpha.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 4m (x125 over 39m) default-scheduler no nodes available to schedule pods
这个问题有点具体:rancher/kubernetes/docker-compose ...如果有人有什么想法,不客气;)
提前致谢!
刚找到一个信息解封
第一步是加载集群的配置。我正在处理默认集群。所以,
- 我在docker容器中执行bash,
- 我加载配置文件
/root/.kube/config
- 更新配置
- 继续……正确创建发行者。
如果它可以帮助某人 ;)
我正在测试 Rancher 2 作为 Kubernetes 接口。 Rancher 2 使用 docker-compose 启动,使用图像 rancher/rancher:latest.
集群、节点、pods一切正常。然后我尝试使用证书保护一些负载平衡器。这样做,我从 catalog/helm.
安装 cert-manager我已尝试按照此视频教程 (https://www.youtube.com/watch?v=xc8Jg9ItDVk) 进行操作,其中解释了如何创建颁发者和证书,以及如何将其 link 到负载平衡器。
我为发行人创建了一个文件:
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: root@example.com
privateKeySecretRef:
name: letsencrypt-private-key
http01: {}
是时候创建颁发者了。
sudo docker-compose exec rancher bash
我已连接到 Rancher 容器。 kubectl 和 helm 已安装。
我尝试创建发行者:
kubectl create -f etc/cert-manager/cluster-issuer.yaml
error: unable to recognize "etc/cert-manager/cluster-issuer.yaml": no matches for certmanager.k8s.io/, Kind=ClusterIssuer
补充信息:
当我做 helm list:
Error: could not find a ready tiller pod
我得到 pods 来寻找舵柄 :
kubectl get pods
NAME READY STATUS RESTARTS AGE
tiller-deploy-6ffc49c5df-zbjg8 0/1 Pending 0 39m
我描述了这个 pod :
kubectl describe pod tiller-deploy-6ffc49c5df-zbjg8
Name: tiller-deploy-6ffc49c5df-zbjg8
Namespace: default
Node: <none>
Labels: app=helm
name=tiller
pod-template-hash=2997057189
Annotations: kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"default","name":"tiller-deploy-6ffc49c5df","uid":"46f74523-7f8f-11e8-9d04-0242ac1...
Status: Pending
IP:
Created By: ReplicaSet/tiller-deploy-6ffc49c5df
Controlled By: ReplicaSet/tiller-deploy-6ffc49c5df
Containers:
tiller:
Image: gcr.io/kubernetes-helm/tiller:v2.8.0-rancher3
Ports: 44134/TCP, 44135/TCP
Liveness: http-get http://:44135/liveness delay=1s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:44135/readiness delay=1s timeout=1s period=10s #success=1 #failure=3
Environment:
TILLER_NAMESPACE: default
TILLER_HISTORY_MAX: 0
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from tiller-token-hbfgz (ro)
Conditions:
Type Status
PodScheduled False
Volumes:
tiller-token-hbfgz:
Type: Secret (a volume populated by a Secret)
SecretName: tiller-token-hbfgz
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.alpha.kubernetes.io/notReady:NoExecute for 300s
node.alpha.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 4m (x125 over 39m) default-scheduler no nodes available to schedule pods
这个问题有点具体:rancher/kubernetes/docker-compose ...如果有人有什么想法,不客气;)
提前致谢!
刚找到一个信息解封
第一步是加载集群的配置。我正在处理默认集群。所以,
- 我在docker容器中执行bash,
- 我加载配置文件
/root/.kube/config - 更新配置
- 继续……正确创建发行者。
如果它可以帮助某人 ;)