cert-manager.io/v1 证书无acme字段
cert-manager.io/v1 Certificate no acme field
我正在尝试将 cert-manager 迁移到 API v1,我能够将 Issuer 迁移到 ClusterIssue(YAML 的第一部分)。但是,我正在处理一个重大变化,即种类证书
上不再有 acme
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-myapp-issuer
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: ssl@company.com
privateKeySecretRef:
name: wildcard-myapp-com
solvers:
- dns01:
cloudDNS:
serviceAccountSecretRef:
name: clouddns-service-account
key: key.json
project: project-id
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: myapp-com-tls
namespace: default
spec:
secretName: myapp-com-tls
issuerRef:
name: letsencrypt-myapp-issuer
commonName: '*.myapp.com'
dnsNames:
- myapp.com
acme:
config:
- dns01:
provider: google-dns
domains:
- '*.myapp.com'
- myapp.com
当我 运行 kubectl apply 时出现错误:
error validating data: ValidationError(Certificate.spec): unknown field "acme" in io.cert-manager.v1.Certificate.spec
如何迁移到新版本的 cert-manager?
作为 v0.8 的一部分,引入了一种用于配置 ACME 证书资源的新格式。值得注意的是,挑战求解器配置已从证书资源(在 certificate.spec.acme 下)移出,现在驻留在您的配置 Issuer 资源上,在 issuer.spec.acme.solvers.
下
所以结果清单应该如下;
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-myapp-issuer
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: ssl@company.com
privateKeySecretRef:
name: wildcard-myapp-com
solvers:
- selector:
dnsNames:
- '*.myapp.com'
- myapp.com
dns01:
cloudDNS:
serviceAccountSecretRef:
name: clouddns-service-account
key: key.json
project: project-id
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: myapp-com-tls
namespace: default
spec:
secretName: myapp-com-tls
issuerRef:
name: letsencrypt-myapp-issuer
commonName: '*.myapp.com'
dnsNames:
- myapp.com
我正在尝试将 cert-manager 迁移到 API v1,我能够将 Issuer 迁移到 ClusterIssue(YAML 的第一部分)。但是,我正在处理一个重大变化,即种类证书
acme
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-myapp-issuer
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: ssl@company.com
privateKeySecretRef:
name: wildcard-myapp-com
solvers:
- dns01:
cloudDNS:
serviceAccountSecretRef:
name: clouddns-service-account
key: key.json
project: project-id
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: myapp-com-tls
namespace: default
spec:
secretName: myapp-com-tls
issuerRef:
name: letsencrypt-myapp-issuer
commonName: '*.myapp.com'
dnsNames:
- myapp.com
acme:
config:
- dns01:
provider: google-dns
domains:
- '*.myapp.com'
- myapp.com
当我 运行 kubectl apply 时出现错误:
error validating data: ValidationError(Certificate.spec): unknown field "acme" in io.cert-manager.v1.Certificate.spec
如何迁移到新版本的 cert-manager?
作为 v0.8 的一部分,引入了一种用于配置 ACME 证书资源的新格式。值得注意的是,挑战求解器配置已从证书资源(在 certificate.spec.acme 下)移出,现在驻留在您的配置 Issuer 资源上,在 issuer.spec.acme.solvers.
所以结果清单应该如下;
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-myapp-issuer
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: ssl@company.com
privateKeySecretRef:
name: wildcard-myapp-com
solvers:
- selector:
dnsNames:
- '*.myapp.com'
- myapp.com
dns01:
cloudDNS:
serviceAccountSecretRef:
name: clouddns-service-account
key: key.json
project: project-id
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: myapp-com-tls
namespace: default
spec:
secretName: myapp-com-tls
issuerRef:
name: letsencrypt-myapp-issuer
commonName: '*.myapp.com'
dnsNames:
- myapp.com