问题描述
我关注了 https://docs.cert -manager.io/en/venafi/tutorials/quick-start/index.html 从头到尾,一切似乎都在起作用,除了我的入口没有外部IP.
I followed https://docs.cert-manager.io/en/venafi/tutorials/quick-start/index.html from start to end and everything seems to be working except that I'm not getting an external ip for my ingress.
NAME HOSTS ADDRESS PORTS AGE
staging-site-ingress staging.site.io,staging.admin.site.io, 80, 443 1h
尽管如此,我能够使用Nginx入口控制器外部ip并使用dns来访问站点.当我转到url时,我将被重定向到https,因此我认为一切正常.
Altough I'm able to use the nginx ingress controller external ip and use dns to access the sites. When I'm going to the urls I'm being redirected to https, so I assume that's working fine.
它重定向到https,但仍然显示不安全",因此他没有获得证书.
It redirects to https but still says "not secured", so he don't get a certificate issued.
调试时,我会收到以下信息:
When I'm debugging I get the following information:
入口:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CreateCertificate 54m cert-manager Successfully created Certificate "tls-secret-staging"
Normal UPDATE 35m (x3 over 1h) nginx-ingress-controller Ingress staging/staging-site-ingress
Normal CreateCertificate 23m (x2 over 35m) cert-manager Successfully created Certificate "letsencrypt-staging-tls"
证书:
Status:
Conditions:
Last Transition Time: 2019-02-27T14:02:29Z
Message: Certificate does not exist
Reason: NotFound
Status: False
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal OrderCreated 3m (x2 over 14m) cert-manager Created Order resource "letsencrypt-staging-tls-593754378"
秘密:
Name: letsencrypt-staging-tls
Namespace: staging
Labels: certmanager.k8s.io/certificate-name=staging-site-io
Annotations: <none>
Type: kubernetes.io/tls
Data
====
ca.crt: 0 bytes
tls.crt: 0 bytes
tls.key: 1679 bytes
订单:
Status:
Certificate: <nil>
Finalize URL:
Reason:
State:
URL:
Events: <none>
因此,似乎顺序有问题,没有挑战.
So it seems something goes wrong in order and no challenges are created.
这是我的ingress.yaml和issuer.yaml:
Here are my ingress.yaml and issuer.yaml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: staging-site-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
certmanager.k8s.io/issuer: "letsencrypt-staging"
certmanager.k8s.io/acme-challenge-type: http01
spec:
tls:
- hosts:
- staging.site.io
- staging.admin.site.io
- staging.api.site.io
secretName: letsencrypt-staging-tls
rules:
- host: staging.site.io
http:
paths:
- backend:
serviceName: frontend-service
servicePort: 80
path: /
- host: staging.admin.site.io
http:
paths:
- backend:
serviceName: frontend-service
servicePort: 80
path: /
- host: staging.api.site.io
http:
paths:
- backend:
serviceName: gateway-service
servicePort: 9000
path: /
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
name: letsencrypt-staging
namespace: staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: [email protected]
privateKeySecretRef:
name: letsencrypt-staging-tls
http01: {}
任何人都知道我可以做些什么来解决此问题或出了什么问题? Certmanager已正确安装100%,我只是不确定入口和顺序出了什么问题.
Anyone knows what I can do to fix this or what went wrong? Certmanager is installed correctly 100%, I'm just not sure about the ingress and what went wrong in the order.
提前谢谢!
我在nginx-ingress-controller中找到了这个
I found this in the nginx-ingress-controller:
W0227 14:51:02.740081 8 controller.go:1078] Error getting SSL certificate "staging/letsencrypt-staging-tls": local SSL certificate staging/letsencrypt-staging-tls was not found. Using default certificate
它正变得垃圾邮件& CPU负载始终为0.003,cpu图形已满(其他服务几乎没有)
It's getting spammed & the CPU load is always at 0.003 and the cpu graph is full (the other services are almost nothing)
推荐答案
我在完全相同的官方教程中偶然发现了同一问题.正如@mikebridge提到的,问题出在Issuer/Secret的命名空间不匹配.
I stumbled over the same issue once, following exactly the same official tutorial.As @mikebridge mentioned, the issue is with Issuer/Secret's namespace mismatch.
对我来说,最好的办法是从Issuer切换到 ClusterIssuer ,它没有作用于单个名称空间.
For me, the best was to switch from Issuer to ClusterIssuer, which is not scoped to a single namespace.
这篇关于找不到证书经理证书,也没有创建挑战的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!