ingress-nginx 添加https证书

1.配了一个证书，发现报错：

 kubectl logs  ingress-nginx-controller-96fnv   -n ingress-nginx

 unexpected error validating SSL certificate gscommon/https-secret for host oa2https01.mz.abc.com. Reason: x509: certificate is valid for *.idcsec.com, not oa2https01.mz.abc.com

基本可以确定是证书有问题

2.参考思路：

2.1生成证书文件：

openssl req -x509 -nodes -days 2920 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=*.idcsec.com/O=nginxsvc"

2.2 导入证书文件到k8s secret

kubectl create secret tls https-secret --key tls.key --cert tls.crt

我的配置：

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/ssl-redirect: "True"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"ingress.kubernetes.io/ssl-redirect":"True"},"name":"pispower-oa-https","namespace":"gscommon"},"spec":{"rules":[{"host":"oahttps02.mz.pispower.com","http":{"paths":[{"backend":{"serviceName":"oa2gs","servicePort":80},"path":"/"}]}}],"tls":[{"hosts":["oahttps02.mz.pispower.com"],"secretName":"https-secret-02"}]}}
creationTimestamp: 2018-12-22T15:42:08Z
generation: 3
name: pispower-oa-https
namespace: gscommon
resourceVersion: "7947760"
selfLink: /apis/extensions/v1beta1/namespaces/gscommon/ingresses/pispower-oa-https
uid: 2425b1df-0600-11e9-9cd0-020050e80095

spec:
rules:
- host: oahttps02.mz.abc.com
http:
paths:
- backend:
serviceName: oa2gs
servicePort: 80
path: /
tls:
- hosts:
- oahttps02.mz.abc.com
secretName: https-secret04
status:
loadBalancer:
ingress:
- {}

参考：http://idcsec.com/articles/2018/09/28/1538105157281.html

关键： kubectl create secret tls https-secret04 --key mz.abc.key --cert mz.abc.com.crt -n gscommon