helm 安装cert-manager
$ kubectl create namespace cert-manager
$ helm repo add jetstack https://charts.jetstack.io
$ helm repo update
$ helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v0.15.0 --set installCRDs=true
配置clusterissue
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: xxx@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
配置ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
name: example-ingress
namespace: default
spec:
rules:
- host: a.foo.com
http:
paths:
- backend:
serviceName: a-svc
servicePort: 80
path: /
- host: b.foo.com
http:
paths:
- backend:
serviceName: b-svc
servicePort: 80
path: /
tls:
- hosts:
- a.foo.com
secretName: a-foo-com
- hosts:
- b.foo.com
secretName: b-foo-com
