简介
详情请到GitHub查看:https://github.com/PowerDos/k8s-cret-manager-aliyun-webhook-demo
这里介绍如何在K8s中通过cret-manager自动创建HTTPS证书,提供两种方式,一种是单域名证书,一种是通过阿里云DNS验证实现通配符域名证书申请
我们这里通过Helm安装cret-manager,请注意查看k8s版本正确安装对应版本的应用
1.安装Helm 3
官方安装教程: https://helm.sh/docs/intro/install/
$ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
$ chmod 700 get_helm.sh
$ ./get_helm.sh
2.安装cert-manager
前期准备
添加命名空间
kubectl create namespace cert-manager
添加cret-manager源
helm repo add jetstack https://charts.jetstack.io
更新源
helm repo update
安装CRDs
注意安装对应的版本
# Kubernetes 1.15+
$ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.1/cert-manager.crds.yaml
# Kubernetes <1.15
$ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.1/cert-manager-legacy.crds.yaml
安装cert-manager
$ helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--version v0.15.1
验证是否安装成功
以下结果为成功,你也可以看看镜像日志,是否正常启动,是否正常
$ kubectl get pods --namespace cert-manager
NAME READY STATUS RESTARTS AGE
cert-manager-5c6344597-zw8kh 1/1 Running 0 2m
cert-manager-cainjector-348f6d9fd7-tr77l 1/1 Running 0 2m
cert-manager-webhook-893u48fcdb-nlzsq 1/1 Running 0 2m
3.安装证书
官方介绍这中 Issuer 与 ClusterIssuer 的概念:
Issuers, and ClusterIssuers, are Kubernetes resources that represent certificate authorities (CAs) that are able to generate signed certificates by honoring certificate signing requests. All cert-manager certificates require a referenced issuer that is in a ready condition to attempt