HTTPS证书通过cert-manager自动获取,部署,续期
HTTP-01验证和DNS-01验证
使用cert-manager给阿里云的DNS域名授权SSL证书
第一步:安装cert-manager 配置 CRD kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml
阿里云DNS的api的AK:
AccessKey ID LTAI4Fo9z3cp4xxxxxxx
AccessKeySecret yjdMSSsN6xxxxxxx
第二步:安装阿里云Webhook
$ git clone https://github.com/kevinniu666/cert-manager-webhook-alidns.git
$ cd cert-manager-webhook-alidns
$ helm install --name cert-manager-webhook-alidns --namespace=cert-manager ./deploy/webhook-alidns
#查看webhook
$ kubectl get po -n cert-manager
第三步:配置Issuer
$ kubectl -n cert-manager create secret generic alidns-credentials --from-literal=accessKeySecret='yjdMSSsN6Qm2xxxxxx'
$ kubectl apply -f letsencrypt-clusterissuer.yaml # 这个申请的是
$ kubectl apply -f letsencrypt-cert.yaml
helm repo add appscode https://charts.appscode.com/stable/
helm repo update
kubectl --namespace=kube-system get deployments -l "release=kubed, app=kubed"\n
kubectl annotate secret rexxxx-com-crt -n cert-manager kubed.appscode.com/sync="app=kubed"
kubectl label namespace default app=kubed
kubectl -n default get secret xxxxxx-com-crt
第四步:全局设置http强制跳转https。在nginx ingress配置force-ssl-redirect: 'true' (控制台网页》应用配置》配置项》nginx-configuration》编辑)
过手如登山,一步一重天