由于“主机 * 没有证书”,ALB Ingress 无法启动

tag-icon tag-icon kubernetes ingress cert-manager
由于“主机 * 没有证书”,ALB Ingress 无法启动

我正在使用 cert-manager 和 EKS 集群为我的 ALB 生成 Lets Encrypt 证书。虽然证书生成得很好,但 Ingress 找不到它,无法启动 ALB,并出现错误

Failed build model due to ingress: prod/prod-ingress: no certificate found for host: *.domain.com

这是证书

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: letsencrypt-staging
  namespace: prod
spec:
  secretName: letsencrypt-staging
  renewBefore: 240h
  dnsNames:
    - "*.domain.com"
  issuerRef:
    name: letsencrypt-staging
    kind: ClusterIssuer

正如我之前提到的,这创建得很好

k get certificate -n prod
NAME                  READY   SECRET                AGE
letsencrypt-staging   True    letsencrypt-staging   27m

这是入口

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: prod-ingress
  namespace: prod
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/listen-ports:  '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/subnets: subnet-ef84a5b6,subnet-a3177fc6 
    cert-manager.io/cluster-issuer: letsencrypt-staging
spec:
  tls:
    - hosts:
        - "*.domain.com"
      secretName: letsencrypt-staging
  rules:
    - host: portal.domain.com
      http: 
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: web-server-svc
                port:
                  number: 80

失败并出现以下错误

Name:             prod-ingress
Labels:           <none>
Namespace:        prod
Address:          
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
  letsencrypt-staging terminates *.domain.com
Rules:
  Host                    Path  Backends
  ----                    ----  --------
  portal.domain.com  
                          /   web-server-svc:80 (XXXX:80)
  
Annotations:              alb.ingress.kubernetes.io/listen-ports: [{"HTTP": 80}, {"HTTPS":443}]
                          alb.ingress.kubernetes.io/scheme: internet-facing
                          alb.ingress.kubernetes.io/subnets: subnet-ef84a5b6,subnet-a3177fc6
                          alb.ingress.kubernetes.io/target-type: ip
                          cert-manager.io/cluster-issuer: letsencrypt-staging
                          kubernetes.io/ingress.class: alb
Events:
  Type     Reason            Age                From     Message
  ----     ------            ----               ----     -------
  Warning  FailedBuildModel  3s (x13 over 23s)  ingress  Failed build model due to ingress: prod/prod-ingress: no certificate found for host: *.domain.com

为什么入口无法找到证书,但它们都在同一个命名空间中?

答案1

Alb 仅支持 ACM 证书。您需要将证书上传到 ACM,或者可以使用 AWS 创建证书

相关内容