网上找了很多教程, 但是都是旧版本, 安装后失败. 最新的cert-manager v1.6.0这样安装才成功!!!
- 安装cert-manager
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.6.0/cert-manager.yaml
- 检测安装完成, 确认pod running
kubectl get all -n cert-manager
- 设置cert-manager, 确保改成自己的email
cat <<EOF > letsencrypt-prod-issuer.yaml
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-prod
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# 填写你的email
email: user@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
# Enable the HTTP-01 challenge provider
solvers:
# An empty 'selector' means that this solver matches all domains
- selector: {}
http01:
ingress: {}
EOF
- 部署Issuer
kubectl apply -f letsencrypt-prod-issuer.yaml
- 部署一个自动ssl的service, 更换成自己的域名, 该域名需要A记录解析到你的服务器公网ip
cat <<EOF > k8s-bootcamp.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8s-bootcamp
spec:
replicas: 1
selector:
matchLabels:
app: k8s-bootcamp
template:
metadata:
labels:
app: k8s-bootcamp
spec:
containers:
- name: k8s-bootcamp
image: gcr.io/google-samples/kubernetes-bootcamp:v1
---
apiVersion: v1
kind: Service
metadata:
name: k8s-bootcamp
spec:
ports:
- name: http
targetPort: 8080
port: 80
selector:
app: k8s-bootcamp
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: k8s-bootcamp
annotations:
kubernetes.io/ingress.class: "traefik"
cert-manager.io/issuer: "letsencrypt-prod"
spec:
tls:
- hosts:
# Change this to your own hostname
- bootcamp.k3s.example.org
secretName: bootcamp-k3s-example-org-tls
rules:
# Change this to your own hostname
- host: bootcamp.k3s.example.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: k8s-bootcamp
port:
name: http
EOF
kubectl apply -f k8s-bootcamp.yaml
没有出现错误的话, 过一会就能用https了