cert-manager не может сгенерировать сертификат в Kubernetes, как это исправить?
В кластере акса я установил helmchart:
График взят по ссылке
И входная диаграмма, которую я использовал
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm upgrade --install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--set ingressShim.defaultIssuerName=letsencrypt-prod \
--set ingressShim.defaultIssuerKind=ClusterIssuer \
--set ingressShim.defaultIssuerGroup=cert-manager.io \
--set installCRDs=true \
--version v1.8.2
Эмитент, к которому я обратился.
Развертывание, сервис, вход и эмитент, упомянутые в файле ниже.
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-prod
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: myusername@mycompany.com
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- http01:
ingress:
class: nginx
---
apiVersion: v1
kind: Namespace
metadata:
name: testapp
---
apiVersion: v1
kind: Service
metadata:
name: testapp-svc
namespace: testapp
spec:
ports:
- port: 80
targetPort: 80
selector:
app: testapp
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: testapp-ingress
namespace: testapp
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: cert-manager/letsencrypt-prod
spec:
tls:
- hosts:
- testing123.mycompany.com # Replace with your own domain
secretName: testing123-tls
rules:
- host: testing123.mycompany.com
http:
paths:
- pathType: Prefix
backend:
service:
name: testapp-svc
port:
number: 80
path: /
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: testapp
namespace: testapp
spec:
replicas: 2
selector:
matchLabels:
app: testapp
template:
metadata:
labels:
app: testapp
spec:
containers:
- name: testapp
image: nginx
ports:
- containerPort: 80
Когда я проверил модуль диспетчера сертификатов, он показывает ошибки, как показано ниже.
I0320 08:54:48.550515 1 start.go:75] cert-manager "msg"="starting controller" "git-commit"="f1943433be7056804e4f628ff0d6685a132c407b" "version"="v1.8.2"
I0320 08:54:48.550568 1 controller.go:242] cert-manager/controller/build-context "msg"="configured acme dns01 nameservers" "nameservers"=["10.0.0.10:53"]
W0320 08:54:48.550617 1 client_config.go:617] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I0320 08:54:48.551297 1 controller.go:70] cert-manager/controller "msg"="enabled controllers: [certificaterequests-approver certificaterequests-issuer-acme certificaterequests-issuer-ca certificaterequests-issuer-selfsigned certificaterequests-issuer-vault certificaterequests-issuer-venafi certificates-issuing certificates-key-manager certificates-metrics certificates-readiness certificates-request-manager certificates-revision-manager certificates-trigger challenges clusterissuers ingress-shim issuers orders]"
I0320 08:54:48.554022 1 controller.go:134] cert-manager/controller "msg"="starting leader election"
I0320 08:54:48.554340 1 leaderelection.go:248] attempting to acquire leader lease kube-system/cert-manager-controller...
I0320 08:54:48.554744 1 controller.go:91] cert-manager/controller "msg"="starting metrics server" "address"={"IP":"::","Port":9402,"Zone":""}
I0320 08:54:48.598517 1 leaderelection.go:258] successfully acquired lease kube-system/cert-manager-controller
I0320 08:54:48.601483 1 controller.go:182] cert-manager/controller "msg"="not starting controller as it's disabled" "controller"="certificatesigningrequests-issuer-acme"
I0320 08:54:48.601632 1 controller.go:182] cert-manager/controller "msg"="not starting controller as it's disabled" "controller"="certificatesigningrequests-issuer-ca"
I0320 08:54:48.601714 1 controller.go:182] cert-manager/controller "msg"="not starting controller as it's disabled" "controller"="certificatesigningrequests-issuer-vault"
I0320 08:54:48.601800 1 controller.go:182] cert-manager/controller "msg"="not starting controller as it's disabled" "controller"="certificatesigningrequests-issuer-venafi"
I0320 08:54:48.606344 1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificates-request-manager"
I0320 08:54:48.606517 1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificates-issuing"
I0320 08:54:48.606810 1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificates-metrics"
I0320 08:54:48.612522 1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificaterequests-issuer-acme"
I0320 08:54:48.612575 1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificaterequests-issuer-ca"
I0320 08:54:48.612665 1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificaterequests-issuer-vault"
I0320 08:54:48.612979 1 controller.go:182] cert-manager/controller "msg"="not starting controller as it's disabled" "controller"="certificatesigningrequests-issuer-selfsigned"
I0320 08:54:48.613867 1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificaterequests-approver"
I0320 08:54:48.614531 1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificaterequests-issuer-venafi"
I0320 08:54:48.615125 1 controller.go:205] cert-manager/controller "msg"="starting controller" "controller"="certificates-revision-manager"
В другом посте видел подобную проблему, но там решения не было.