共计 1752 个字符,预计需要花费 5 分钟才能阅读完成。
1. 安装 helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash2. 添加 jetstack 源
helm repo add jetstack https://charts.jetstack.io
helm repo update
3. 下载 cert-manager chart
helm fetch jetstack/cert-manager --version v1.13.2
4. 修改 chart 参数
installCRDs: true
ingressShim:
defaultIssuerKind: ClusterIssuer
defaultIssuerName: zerossl-production5. 安装部署 cert-manager
[root@k8s-33 cert-manager]# kubectl create ns cert-manager
namespace/cert-manager created
[root@k8s-33 cert-manager]# helm upgadr --install cert-manager -n cert-manager -f ./values-prod.yaml
6. 部署 cluster issuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: zerossl-production
spec:
acme:
email: [email protected]
externalAccountBinding:
keyAlgorithm: HS256
keyID: {$keyID} #替换我
keySecretRef:
key: secret
name: zero-ssl-eabsecret
preferredChain: ""
privateKeySecretRef:
name: zerossl-prod
server: https://acme.zerossl.com/v2/DV90
solvers:
- http01:
ingress:
class: nginx
- http01:
ingress:
class: traefik
---
apiVersion: v1
stringData:
secret: {$secret} #替换我
kind: Secret
metadata:
name: zero-ssl-eabsecret
namespace: cert-manager
type: Opaque
---
7. 验证
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: zerossl-production
spec:
tls:
- hosts:
- sp1.xxx.com
secretName: sp1.xxx.com-tls
rules:
- host: sp1.xxx.com
http:
paths:
- path: /cert-manager-test
pathType: Exact
backend:
service:
name: nginx-service
port:
number: 80
正文完