使用 Cert-Manager、NGINX Ingress 和 Let's Encrypt 为 Kubernetes 服务配置 TLS/SSL
Configure TLS/SSL for Kubernetes Services using Cert-Manager, NGINX Ingress and Let’s Encrypt
我提前为我的英语道歉。
因此,我需要在 Ingress 中配置与我的服务的安全连接。在虚拟机 Azure 上注册的 DNS 名称 (sh220.westeurope.cloudapp.azure.com)。指导者:https://docs.microsoft.com/en-us/azure/virtual-machines/windows/portal-create-fqdn
但是...
..."solver configuration for domain "sh220.westeurope.cloudapp.azure.com"
not found. Ensure you have configured a challenge mechanism using the
certificate.spec.acme.config field"...
什么是"a challenge mechanism"?我做错了什么?
kubectl describe certificate events:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CreateOrder 3s (x5 over 1h) cert-manager Created new ACME order, attempting validation...
Certificate
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: mysh220-cert
namespace: default
spec:
secretName: mysh220-cert-tls
issuerRef:
name: letsencrypt-staging
commonName: sh220.westeurope.cloudapp.azure.com
dnsNames:
- sh220.westeurope.cloudapp.azure.com
acme:
config:
- http01:
ingress: sh220-ingress
domains:
- westeurope.cloudapp.azure.com
在 Ingress 规范中:
host: sh220.westeurope.cloudapp.azure.com
tls:
- secretName: mysh220-cert-tls
hosts:
- sh220.westeurope.cloudapp.azure.com
cert-manager-v0.4.1
感谢您的帮助。
我的问题的解决方案很简单:
https://docs.microsoft.com/en-us/azure/aks/ingress
我提前为我的英语道歉。
因此,我需要在 Ingress 中配置与我的服务的安全连接。在虚拟机 Azure 上注册的 DNS 名称 (sh220.westeurope.cloudapp.azure.com)。指导者:https://docs.microsoft.com/en-us/azure/virtual-machines/windows/portal-create-fqdn
但是...
..."solver configuration for domain "sh220.westeurope.cloudapp.azure.com" not found. Ensure you have configured a challenge mechanism using the certificate.spec.acme.config field"...
什么是"a challenge mechanism"?我做错了什么?
kubectl describe certificate events:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CreateOrder 3s (x5 over 1h) cert-manager Created new ACME order, attempting validation...
Certificate
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: mysh220-cert
namespace: default
spec:
secretName: mysh220-cert-tls
issuerRef:
name: letsencrypt-staging
commonName: sh220.westeurope.cloudapp.azure.com
dnsNames:
- sh220.westeurope.cloudapp.azure.com
acme:
config:
- http01:
ingress: sh220-ingress
domains:
- westeurope.cloudapp.azure.com
在 Ingress 规范中:
host: sh220.westeurope.cloudapp.azure.com
tls:
- secretName: mysh220-cert-tls
hosts:
- sh220.westeurope.cloudapp.azure.com
cert-manager-v0.4.1
感谢您的帮助。
我的问题的解决方案很简单: https://docs.microsoft.com/en-us/azure/aks/ingress