我在树莓派上运行了一个 kubernetes 集群,上面运行着一个简单的服务器。这是我用来学习 kubernetes 的一个小项目。
回到项目后,我意识到它不再响应了。我认为这是因为 https 证书需要更新。但我不知道如何在 pod 未运行时更新证书。
我认为这只是重新应用集群发行者的情况,但如果某些 pod 没有运行/创建,这显然不起作用。
尝试应用 cluser-issuer.yml 给我-
Error from server (InternalError): error when creating "cluster-issuer.yml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": dial tcp 10.100.140.135:443: connect: connection refused
我在获取 cert-manager pods 时也可以看到这一点-
cert-manager cert-manager-7fb78674d7-tnjf9 1/1 Running 4 (21h ago) 25h
cert-manager cert-manager-cainjector-5dfc946d84-7wxrl 0/1 Error 271 (5m51s ago) 25h
cert-manager cert-manager-webhook-8744b7588-zvmps 0/1 CrashLoopBackOff 270 (107s ago) 25h
kubectl logs cert-manager-cainjector-5dfc946d84-7wxrl -n cert-manager- 的输出
Error: error creating manager: Get "https://10.96.0.1:443/api?timeout=32s": dial tcp 10.96.0.1:443: i/o timeout
服务器部署.yml-
apiVersion: apps/v1
kind: Deployment
metadata:
name: server-deployment
spec:
replicas: 1
selector:
matchLabels:
component: server
template:
metadata:
labels:
component: server
spec:
containers:
- name: server
image: spoonobi/multi-server-arm
ports:
- containerPort: 8888
服务器集群-ip-服务.yml-
apiVersion: v1
kind: Service
metadata:
name: server-cluster-ip-service
spec:
type: ClusterIP
selector:
component: server
ports:
- port: 8888
targetPort: 8888
入口服务.yml-
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-service
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
cert-manager.io/cluster-issuer: letsencrypt-prod # tell ingress to use https
nginx.ingress.kubernetes.io/ssl-redirect: 'true' # redirect from http to https
spec:
tls:
- hosts:
- ecmatrials.com
- www.ecmatrials.com
secretName: secret-ecmatrials-com
rules:
- host: ecmatrials.com
http:
paths:
- path: /?(.*)
pathType: Prefix
backend:
service:
name: server-cluster-ip-service
port:
number: 8888
- host: www.ecmatrials.com
http:
paths:
- path: /?(.*)
pathType: Prefix
backend:
service:
name: server-cluster-ip-service
port:
number: 8888
cluster-issuer.yml-
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: [email protected]
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource that will be used to store the account's private key.
name: letsencrypt-redacted
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress:
class: nginx
服务节点端口.yml-
apiVersion: v1
kind: Service
metadata:
name: server-nodeports
spec:
type: NodePort
selector:
component: server
ports:
- name: http
port: 80
targetPort: 8888
nodePort: 30602
- name: https
port: 443
targetPort: 8888
nodePort: 30824