ssl Microk 8 s证书管理器颁发者应用错误:找不到服务“certmgr-cert-manager-webhook”

6g8kf2rb  于 2022-11-30  发布在  其他
关注(0)|答案(1)|浏览(247)

当我需要申请发行人时,我遇到了错误。
kubectl apply -f issuer-lets-encrypt-staging.yaml

Error from server (InternalError): error when creating "issuer-lets-encrypt-staging.yaml": 
Internal error occurred: failed calling webhook "webhook.cert-manager.io": 
failed to call webhook: 
Post "https://certmgr-cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": 
service "certmgr-cert-manager-webhook" not found

我的签发人

# issuer-lets-encrypt-staging.yaml
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: <email-address> # ❗ Replace this with your email address
    privateKeySecretRef:
      name: letsencrypt-staging
    solvers:
    - http01:
        ingress:
          name: web-ingress

引用自:https://cert-manager.io/docs/tutorials/getting-started-with-cert-manager-on-google-kubernetes-engine-using-lets-encrypt-for-ingress-ssl/
我的凭证管理员资源清单

kubectl -n cert-manager get all                  
NAME                                           READY   STATUS    RESTARTS   AGE
pod/cert-manager-cainjector-64d74f9c8f-szj8d   1/1     Running   0          20m
pod/cert-manager-b4b465456-lnjtw               1/1     Running   0          20m
pod/cert-manager-webhook-66fff58cdf-dtdcv      1/1     Running   0          20m

NAME                           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/cert-manager           ClusterIP   10.152.183.213   <none>        9402/TCP   20m
service/cert-manager-webhook   ClusterIP   10.152.183.44    <none>        443/TCP    20m

NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/cert-manager-cainjector   1/1     1            1           20m
deployment.apps/cert-manager              1/1     1            1           20m
deployment.apps/cert-manager-webhook      1/1     1            1           20m

NAME                                                 DESIRED   CURRENT   READY   AGE
replicaset.apps/cert-manager-cainjector-64d74f9c8f   1         1         1       20m
replicaset.apps/cert-manager-b4b465456               1         1         1       20m
replicaset.apps/cert-manager-webhook-66fff58cdf      1         1         1       20m

我一个月都解决不了这个问题,如果能帮上忙,我将不胜感激。

ssl

1条答案

按热度按时间
hgqdbh6s

hgqdbh6s1#

**要求:**您的microk 8 s群集必须能够通过您需要获取证书的域从Internet端口80和443访问。如果您在家庭计算机上运行microk 8 s,这意味着您必须在家庭路由器上设置端口转发,并且域必须解析到其外部IP地址。

安装此附加元件时使用:

microk8s enable cert-manager

建立丛集出版者:

ClusterIssuer资源用于使用Let 's Encrypt配置帐户。您只需要一个电子邮件地址(确保使用有效的电子邮件地址)。

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
#change to your email
    email: youremail@gmail.com
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-staging
    solvers:
    - http01:
        ingress:
          class: public

不要忘记将cert-manager.io/cluster-issuer:“letsencrypt-staging”添加到入口yaml文件中。

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-routes
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-staging"
spec:
  tls:
  - hosts:
#change to your domain
    - yourdomain.com
    secretName: tls-secret
  rules:
#change to your domain
  - host: yourdomain.com
    http:
      paths:
        - path: /
        pathType: Prefix
        backend:
          service:
            name: webserver-svc
            port:
              number: 80

如果可能,请使用生产服务器地址,以便它适用于所有浏览器。
有关详细信息,请参阅document

赞(0)分享  回复(0)举报  2022-11-30
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com