cert-manager 无法在 kubernetes 中生成证书,如何解决?

tag-icon tag-icon kubernetes lets-encrypt aks cert-manager
cert-manager 无法在 kubernetes 中生成证书,如何解决?

在aks集群中,我安装的helm chart:

图表来自关联

入口处图表我用了

helm repo add jetstack https://charts.jetstack.io

helm repo update

helm upgrade --install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--set ingressShim.defaultIssuerName=letsencrypt-prod \
--set ingressShim.defaultIssuerKind=ClusterIssuer \
--set ingressShim.defaultIssuerGroup=cert-manager.io \
--set installCRDs=true \
--version v1.8.2

我申请的发行人。

以下文件中提到的部署、服务、入口、发行者。

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-prod
  namespace: cert-manager
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-staging
    solvers:
      - http01:
          ingress:
            class: nginx
---
apiVersion: v1
kind: Namespace
metadata:
  name: testapp

---
apiVersion: v1
kind: Service
metadata:
  name: testapp-svc
  namespace: testapp
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    app: testapp
  type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: testapp-ingress
  namespace: testapp
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: cert-manager/letsencrypt-prod
spec:
  tls:
    - hosts:
        - testing123.mycompany.com # Replace with your own domain
      secretName: testing123-tls
  rules:
    - host: testing123.mycompany.com
      http:
        paths:
          - pathType: Prefix
            backend:
              service:
                name: testapp-svc
                port:
                  number: 80
            path: /
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: testapp
  namespace: testapp
spec:
  replicas: 2
  selector:
    matchLabels:
      app: testapp
  template:
    metadata:
      labels:
        app: testapp
    spec:
      containers:
        - name: testapp
          image: nginx
          ports:
            - containerPort: 80

当我检查 cert-manager pod 时,它显示如下错误。

I0320 08:54:48.550515       1 start.go:75] cert-manager "msg"="starting controller"  "git-commit"="f1943433be7056804e4f628ff0d6685a132c407b" "version"="v1.8.2"
I0320 08:54:48.550568       1 controller.go:242] cert-manager/controller/build-context "msg"="configured acme dns01 nameservers" "nameservers"=["10.0.0.10:53"] 
W0320 08:54:48.550617       1 client_config.go:617] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I0320 08:54:48.551297       1 controller.go:70] cert-manager/controller "msg"="enabled controllers: [certificaterequests-approver certificaterequests-issuer-acme certificaterequests-issuer-ca certificaterequests-issuer-selfsigned certificaterequests-issuer-vault certificaterequests-issuer-venafi certificates-issuing certificates-key-manager certificates-metrics certificates-readiness certificates-request-manager certificates-revision-manager certificates-trigger challenges clusterissuers ingress-shim issuers orders]"  
I0320 08:54:48.554022       1 controller.go:134] cert-manager/controller "msg"="starting leader election"  
I0320 08:54:48.554340       1 leaderelection.go:248] attempting to acquire leader lease kube-system/cert-manager-controller...
I0320 08:54:48.554744       1 controller.go:91] cert-manager/controller "msg"="starting metrics server"  "address"={"IP":"::","Port":9402,"Zone":""}
I0320 08:54:48.598517       1 leaderelection.go:258] successfully acquired lease kube-system/cert-manager-controller
I0320 08:54:48.601483       1 controller.go:182] cert-manager/controller "msg"="not starting controller as it's disabled" "controller"="certificatesigningrequests-issuer-acme" 
I0320 08:54:48.601632       1 controller.go:182] cert-manager/controller "msg"="not starting controller as it's disabled" "controller"="certificatesigningrequests-issuer-ca" 
I0320 08:54:48.601714       1 controller.go:182] cert-manager/controller "msg"="not starting controller as it's disabled" "controller"="certificatesigningrequests-issuer-vault" 
I0320 08:54:48.601800       1 controller.go:182] cert-manager/controller "msg"="not starting controller as it's disabled" "controller"="certificatesigningrequests-issuer-venafi" 
I0320 08:54:48.606344       1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificates-request-manager" 
I0320 08:54:48.606517       1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificates-issuing" 
I0320 08:54:48.606810       1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificates-metrics" 
I0320 08:54:48.612522       1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificaterequests-issuer-acme" 
I0320 08:54:48.612575       1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificaterequests-issuer-ca" 
I0320 08:54:48.612665       1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificaterequests-issuer-vault" 
I0320 08:54:48.612979       1 controller.go:182] cert-manager/controller "msg"="not starting controller as it's disabled" "controller"="certificatesigningrequests-issuer-selfsigned" 
I0320 08:54:48.613867       1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificaterequests-approver" 
I0320 08:54:48.614531       1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificaterequests-issuer-venafi" 
I0320 08:54:48.615125       1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificates-revision-manager"

在另一篇文章中看到类似的问题,但没有提供解决方案。

相关内容