[{"data":1,"prerenderedAt":2109},["ShallowReactive",2],{"navigation":3,"post-\u002Fposts\u002F2020\u002Fk8s-cert-manager-tls":20,"surroundPosts-\u002Fposts\u002F2020\u002Fk8s-cert-manager-tls":2097},[4,8,12,16],{"title":5,"path":6,"stem":7},"首页","\u002F","00.index",{"title":9,"path":10,"stem":11},"文章","\u002Fposts","01.posts",{"title":13,"path":14,"stem":15},"动态","\u002Fmoments","02.moments",{"title":17,"path":18,"stem":19},"关于","\u002Fabout","09.about",{"id":21,"title":22,"body":23,"class":2074,"cover":2075,"coverSize":2074,"date":2076,"description":2077,"draft":2078,"extension":2079,"hideComments":2078,"location":2074,"meta":2080,"navigation":385,"path":2081,"readingTime":2082,"seo":2087,"sitemap":2088,"stem":2089,"tags":2090,"time":2074,"weather":2095,"__hash__":2096},"posts\u002Fposts\u002F2020\u002F20200227.k8s-cert-manager-tls.md","k8s 上利用 cert-manager 自动签发 TLS 证书",{"type":24,"value":25,"toc":2072},"minimark",[26,35,42,52,60,69,74,81,109,112,222,227,256,262,347,351,440,444,468,639,644,662,665,701,704,711,852,856,874,877,923,937,944,952,1449,1472,1490,1499,1502,1510,1513,1517,1520,1558,1603,1608,1673,1681,1686,1897,1901,1917,1919,1949,1952,1955,2001,2019,2030,2068],[27,28,29,30,34],"p",{},"很多博主的 ",[31,32,33],"code",{},"https"," 证书经常容易忘记更新，虽说证书过期前都会有邮件提醒，但是万一确实忙得没时间去处理，忘记了，就会出现证书过期的情况了。",[27,36,37,38,41],{},"之前在服务器上自己搭博客服务的时候，用 ",[31,39,40],{},"Let's Encrypt"," 来自动创建并续签证书，确实省了不少事。",[27,43,44,45,48,49,51],{},"在我的博客部署到 ",[31,46,47],{},"k8s"," 之后，就一直用的一年一签的免费证书，每年更新一次，也不算特别麻烦，但是总归不够高端，我又怀念起了 ",[31,50,40],{},"。",[27,53,54,56,57,59],{},[31,55,40],{}," 是个好东西，",[31,58,47],{}," 也是个好东西，两个好东西怎么结合呢？搜寻了一番确实有方案，经过几天的尝试，终于弄好了。花了几天是因为第一天因为有个粗心导致的问题，导致搞了好久没成功，休息了几天再次尝试，才找到问题。",[27,61,62,63,65,66,68],{},"有关 ",[31,64,47],{}," 的基础知识，这里不做赘述，网上教程很多，这里假设大家对 ",[31,67,47],{}," 都有一定了解。",[70,71,73],"h4",{"id":72},"安装-cert-manager","安装 cert-manager",[27,75,76,77,80],{},"安装 ",[31,78,79],{},"helm"," 到本地",[82,83,88],"pre",{"className":84,"code":85,"language":86,"meta":87,"style":87},"language-bash shiki shiki-themes material-theme-lighter github-light github-dark","$ brew install helm\n","bash","",[31,89,90],{"__ignoreMap":87},[91,92,95,99,103,106],"span",{"class":93,"line":94},"line",1,[91,96,98],{"class":97},"sbgvK","$",[91,100,102],{"class":101},"s_sjI"," brew",[91,104,105],{"class":101}," install",[91,107,108],{"class":101}," helm\n",[27,110,111],{},"添加仓库和命名空间",[82,113,115],{"className":84,"code":114,"language":86,"meta":87,"style":87},"$ kubectl create namespace cert-manager # 创建 cert-manager 命名空间\n$ kubectl label namespace cert-manager certmanager.io\u002Fdisable-validation=true # 标记 cert-manager 命名空间以禁用资源验证\n$ kubectl apply --validate=false -f https:\u002F\u002Fgithub.com\u002Fjetstack\u002Fcert-manager\u002Freleases\u002Fdownload\u002Fv0.14.1\u002Fcert-manager-legacy.crds.yaml # 安装 CustomResourceDefinition 资源，注意 k8s 版本低于 1.15 需要用 legacy 版本\n$ helm repo add jetstack https:\u002F\u002Fcharts.jetstack.io # 添加 Jetstack Helm repository\n$ helm repo update # 更新本地 Helm chart repository\n",[31,116,117,137,161,184,207],{"__ignoreMap":87},[91,118,119,121,124,127,130,133],{"class":93,"line":94},[91,120,98],{"class":97},[91,122,123],{"class":101}," kubectl",[91,125,126],{"class":101}," create",[91,128,129],{"class":101}," namespace",[91,131,132],{"class":101}," cert-manager",[91,134,136],{"class":135},"sutJx"," # 创建 cert-manager 命名空间\n",[91,138,140,142,144,147,149,151,154,158],{"class":93,"line":139},2,[91,141,98],{"class":97},[91,143,123],{"class":101},[91,145,146],{"class":101}," label",[91,148,129],{"class":101},[91,150,132],{"class":101},[91,152,153],{"class":101}," certmanager.io\u002Fdisable-validation=",[91,155,157],{"class":156},"s39Yj","true",[91,159,160],{"class":135}," # 标记 cert-manager 命名空间以禁用资源验证\n",[91,162,164,166,168,171,175,178,181],{"class":93,"line":163},3,[91,165,98],{"class":97},[91,167,123],{"class":101},[91,169,170],{"class":101}," apply",[91,172,174],{"class":173},"stzsN"," --validate=false",[91,176,177],{"class":173}," -f",[91,179,180],{"class":101}," https:\u002F\u002Fgithub.com\u002Fjetstack\u002Fcert-manager\u002Freleases\u002Fdownload\u002Fv0.14.1\u002Fcert-manager-legacy.crds.yaml",[91,182,183],{"class":135}," # 安装 CustomResourceDefinition 资源，注意 k8s 版本低于 1.15 需要用 legacy 版本\n",[91,185,187,189,192,195,198,201,204],{"class":93,"line":186},4,[91,188,98],{"class":97},[91,190,191],{"class":101}," helm",[91,193,194],{"class":101}," repo",[91,196,197],{"class":101}," add",[91,199,200],{"class":101}," jetstack",[91,202,203],{"class":101}," https:\u002F\u002Fcharts.jetstack.io",[91,205,206],{"class":135}," # 添加 Jetstack Helm repository\n",[91,208,210,212,214,216,219],{"class":93,"line":209},5,[91,211,98],{"class":97},[91,213,191],{"class":101},[91,215,194],{"class":101},[91,217,218],{"class":101}," update",[91,220,221],{"class":135}," # 更新本地 Helm chart repository\n",[27,223,76,224],{},[31,225,226],{},"cert-manager",[82,228,230],{"className":84,"code":229,"language":86,"meta":87,"style":87},"$ helm install cert-manager --namespace cert-manager --version v0.14.1 jetstack\u002Fcert-manager\n",[31,231,232],{"__ignoreMap":87},[91,233,234,236,238,240,242,245,247,250,253],{"class":93,"line":94},[91,235,98],{"class":97},[91,237,191],{"class":101},[91,239,105],{"class":101},[91,241,132],{"class":101},[91,243,244],{"class":173}," --namespace",[91,246,132],{"class":101},[91,248,249],{"class":173}," --version",[91,251,252],{"class":101}," v0.14.1",[91,254,255],{"class":101}," jetstack\u002Fcert-manager\n",[27,257,258,259,261],{},"查看 ",[31,260,226],{}," 安装情况",[82,263,265],{"className":84,"code":264,"language":86,"meta":87,"style":87},"$ kubectl get pods --namespace cert-manager\nNAME                                       READY   STATUS    RESTARTS   AGE\ncert-manager-6cff8dc7b9-8vxws              1\u002F1     Running   0          4d10h\ncert-manager-cainjector-795c46858f-txczb   1\u002F1     Running   0          4d10h\ncert-manager-webhook-5dfc77cd74-skgsv      1\u002F1     Running   0          4d10h\n",[31,266,267,284,301,319,333],{"__ignoreMap":87},[91,268,269,271,273,276,279,281],{"class":93,"line":94},[91,270,98],{"class":97},[91,272,123],{"class":101},[91,274,275],{"class":101}," get",[91,277,278],{"class":101}," pods",[91,280,244],{"class":173},[91,282,283],{"class":101}," cert-manager\n",[91,285,286,289,292,295,298],{"class":93,"line":139},[91,287,288],{"class":97},"NAME",[91,290,291],{"class":101},"                                       READY",[91,293,294],{"class":101},"   STATUS",[91,296,297],{"class":101},"    RESTARTS",[91,299,300],{"class":101},"   AGE\n",[91,302,303,306,309,312,316],{"class":93,"line":163},[91,304,305],{"class":97},"cert-manager-6cff8dc7b9-8vxws",[91,307,308],{"class":101},"              1\u002F1",[91,310,311],{"class":101},"     Running",[91,313,315],{"class":314},"srdBf","   0",[91,317,318],{"class":101},"          4d10h\n",[91,320,321,324,327,329,331],{"class":93,"line":186},[91,322,323],{"class":97},"cert-manager-cainjector-795c46858f-txczb",[91,325,326],{"class":101},"   1\u002F1",[91,328,311],{"class":101},[91,330,315],{"class":314},[91,332,318],{"class":101},[91,334,335,338,341,343,345],{"class":93,"line":209},[91,336,337],{"class":97},"cert-manager-webhook-5dfc77cd74-skgsv",[91,339,340],{"class":101},"      1\u002F1",[91,342,311],{"class":101},[91,344,315],{"class":314},[91,346,318],{"class":101},[70,348,350],{"id":349},"更新-cert-manager","更新 cert-manager",[82,352,354],{"className":84,"code":353,"language":86,"meta":87,"style":87},"$ kubectl delete -n cert-manager deployment cert-manager cert-manager-cainjector cert-manager-webhook\n\n$ kubectl apply --validate=false -f https:\u002F\u002Fgithub.com\u002Fjetstack\u002Fcert-manager\u002Freleases\u002Fdownload\u002Fv0.14.1\u002Fcert-manager-legacy.crds.yaml\n\n$ helm repo update\n$ helm upgrade --version v0.14.1 cert-manager jetstack\u002Fcert-manager -n cert-manager\n",[31,355,356,381,387,402,406,417],{"__ignoreMap":87},[91,357,358,360,362,365,368,370,373,375,378],{"class":93,"line":94},[91,359,98],{"class":97},[91,361,123],{"class":101},[91,363,364],{"class":101}," delete",[91,366,367],{"class":173}," -n",[91,369,132],{"class":101},[91,371,372],{"class":101}," deployment",[91,374,132],{"class":101},[91,376,377],{"class":101}," cert-manager-cainjector",[91,379,380],{"class":101}," cert-manager-webhook\n",[91,382,383],{"class":93,"line":139},[91,384,386],{"emptyLinePlaceholder":385},true,"\n",[91,388,389,391,393,395,397,399],{"class":93,"line":163},[91,390,98],{"class":97},[91,392,123],{"class":101},[91,394,170],{"class":101},[91,396,174],{"class":173},[91,398,177],{"class":173},[91,400,401],{"class":101}," https:\u002F\u002Fgithub.com\u002Fjetstack\u002Fcert-manager\u002Freleases\u002Fdownload\u002Fv0.14.1\u002Fcert-manager-legacy.crds.yaml\n",[91,403,404],{"class":93,"line":186},[91,405,386],{"emptyLinePlaceholder":385},[91,407,408,410,412,414],{"class":93,"line":209},[91,409,98],{"class":97},[91,411,191],{"class":101},[91,413,194],{"class":101},[91,415,416],{"class":101}," update\n",[91,418,420,422,424,427,429,431,433,436,438],{"class":93,"line":419},6,[91,421,98],{"class":97},[91,423,191],{"class":101},[91,425,426],{"class":101}," upgrade",[91,428,249],{"class":173},[91,430,252],{"class":101},[91,432,132],{"class":101},[91,434,435],{"class":101}," jetstack\u002Fcert-manager",[91,437,367],{"class":173},[91,439,283],{"class":101},[70,441,443],{"id":442},"创建-clusterissuer","创建 ClusterIssuer",[27,445,446,447,449,450,453,454,457,458,460,461,463,464,467],{},"我们需要创建一个签发机构，",[31,448,226],{}," 提供了",[31,451,452],{},"Issuer"," 和 ",[31,455,456],{},"ClusterIssuer"," 两种类型的签发机构，",[31,459,452],{}," 只能用来签发自己所在命名空间下的证书，ClusterIssuer 可以签发任意命名空间下的证书，我这里用 ",[31,462,456],{}," 为例，创建 ",[31,465,466],{},"letsencrypt-prod.yaml"," 文件：",[82,469,473],{"className":470,"code":471,"language":472,"meta":87,"style":87},"language-yaml shiki shiki-themes material-theme-lighter github-light github-dark","apiVersion: cert-manager.io\u002Fv1alpha2\nkind: ClusterIssuer\nmetadata:\n  labels:\n    name: letsencrypt-prod\n  name: letsencrypt-prod # 自定义的签发机构名称，后面会引用\nspec:\n  acme:\n    email: yourname@youremail.com # 你的邮箱，证书快过期的时候会邮件提醒，不过我们可以设置自动续期\n    solvers:\n      - http01:\n          ingress:\n            class: nginx\n    privateKeySecretRef:\n      name: letsencrypt-prod # 指示此签发机构的私钥将要存储到哪个 Secret 对象中\n    server: https:\u002F\u002Facme-v02.api.letsencrypt.org\u002Fdirectory # acme 协议的服务端，我们用 Let's Encrypt\n","yaml",[31,474,475,488,498,506,513,523,536,544,552,566,574,585,593,604,612,625],{"__ignoreMap":87},[91,476,477,481,485],{"class":93,"line":94},[91,478,480],{"class":479},"sQzsp","apiVersion",[91,482,484],{"class":483},"sP7_E",":",[91,486,487],{"class":101}," cert-manager.io\u002Fv1alpha2\n",[91,489,490,493,495],{"class":93,"line":139},[91,491,492],{"class":479},"kind",[91,494,484],{"class":483},[91,496,497],{"class":101}," ClusterIssuer\n",[91,499,500,503],{"class":93,"line":163},[91,501,502],{"class":479},"metadata",[91,504,505],{"class":483},":\n",[91,507,508,511],{"class":93,"line":186},[91,509,510],{"class":479},"  labels",[91,512,505],{"class":483},[91,514,515,518,520],{"class":93,"line":209},[91,516,517],{"class":479},"    name",[91,519,484],{"class":483},[91,521,522],{"class":101}," letsencrypt-prod\n",[91,524,525,528,530,533],{"class":93,"line":419},[91,526,527],{"class":479},"  name",[91,529,484],{"class":483},[91,531,532],{"class":101}," letsencrypt-prod",[91,534,535],{"class":135}," # 自定义的签发机构名称，后面会引用\n",[91,537,539,542],{"class":93,"line":538},7,[91,540,541],{"class":479},"spec",[91,543,505],{"class":483},[91,545,547,550],{"class":93,"line":546},8,[91,548,549],{"class":479},"  acme",[91,551,505],{"class":483},[91,553,555,558,560,563],{"class":93,"line":554},9,[91,556,557],{"class":479},"    email",[91,559,484],{"class":483},[91,561,562],{"class":101}," yourname@youremail.com",[91,564,565],{"class":135}," # 你的邮箱，证书快过期的时候会邮件提醒，不过我们可以设置自动续期\n",[91,567,569,572],{"class":93,"line":568},10,[91,570,571],{"class":479},"    solvers",[91,573,505],{"class":483},[91,575,577,580,583],{"class":93,"line":576},11,[91,578,579],{"class":483},"      -",[91,581,582],{"class":479}," http01",[91,584,505],{"class":483},[91,586,588,591],{"class":93,"line":587},12,[91,589,590],{"class":479},"          ingress",[91,592,505],{"class":483},[91,594,596,599,601],{"class":93,"line":595},13,[91,597,598],{"class":479},"            class",[91,600,484],{"class":483},[91,602,603],{"class":101}," nginx\n",[91,605,607,610],{"class":93,"line":606},14,[91,608,609],{"class":479},"    privateKeySecretRef",[91,611,505],{"class":483},[91,613,615,618,620,622],{"class":93,"line":614},15,[91,616,617],{"class":479},"      name",[91,619,484],{"class":483},[91,621,532],{"class":101},[91,623,624],{"class":135}," # 指示此签发机构的私钥将要存储到哪个 Secret 对象中\n",[91,626,628,631,633,636],{"class":93,"line":627},16,[91,629,630],{"class":479},"    server",[91,632,484],{"class":483},[91,634,635],{"class":101}," https:\u002F\u002Facme-v02.api.letsencrypt.org\u002Fdirectory",[91,637,638],{"class":135}," # acme 协议的服务端，我们用 Let's Encrypt\n",[27,640,641,642],{},"应用 ",[31,643,472],{},[82,645,647],{"className":84,"code":646,"language":86,"meta":87,"style":87},"$ kubectl create -f letsencrypt-prod.yaml\n",[31,648,649],{"__ignoreMap":87},[91,650,651,653,655,657,659],{"class":93,"line":94},[91,652,98],{"class":97},[91,654,123],{"class":101},[91,656,126],{"class":101},[91,658,177],{"class":173},[91,660,661],{"class":101}," letsencrypt-prod.yaml\n",[27,663,664],{},"查看状态",[82,666,668],{"className":84,"code":667,"language":86,"meta":87,"style":87},"$ kubectl get clusterissuer\nNAME               READY   AGE\nletsencrypt-prod   True    51s\n",[31,669,670,681,690],{"__ignoreMap":87},[91,671,672,674,676,678],{"class":93,"line":94},[91,673,98],{"class":97},[91,675,123],{"class":101},[91,677,275],{"class":101},[91,679,680],{"class":101}," clusterissuer\n",[91,682,683,685,688],{"class":93,"line":139},[91,684,288],{"class":97},[91,686,687],{"class":101},"               READY",[91,689,300],{"class":101},[91,691,692,695,698],{"class":93,"line":163},[91,693,694],{"class":97},"letsencrypt-prod",[91,696,697],{"class":101},"   True",[91,699,700],{"class":101},"    51s\n",[70,702,703],{"id":703},"手动签发证书",[27,705,706,707,710],{},"手动签发证书，创建 ",[31,708,709],{},"test-monkeyrun-net-cert.yaml"," 文件",[82,712,714],{"className":470,"code":713,"language":472,"meta":87,"style":87},"apiVersion: cert-manager.io\u002Fv1alpha2\nkind: Certificate\nmetadata:\n  name: test-monkeyrun-net-cert\n  namespace: test\nspec:\n  secretName: tls-test-monkeyrun-net # 证书保存的 secret 名\n  duration: 2160h # 90d\n  renewBefore: 720h # 30d\n  dnsNames:\n    - test.monkeyrun.net\n  issuerRef:\n    name: letsencrypt-prod\n    kind: ClusterIssuer\n    group: cert-manager.io\n",[31,715,716,724,733,739,748,758,764,777,790,803,810,818,825,833,842],{"__ignoreMap":87},[91,717,718,720,722],{"class":93,"line":94},[91,719,480],{"class":479},[91,721,484],{"class":483},[91,723,487],{"class":101},[91,725,726,728,730],{"class":93,"line":139},[91,727,492],{"class":479},[91,729,484],{"class":483},[91,731,732],{"class":101}," Certificate\n",[91,734,735,737],{"class":93,"line":163},[91,736,502],{"class":479},[91,738,505],{"class":483},[91,740,741,743,745],{"class":93,"line":186},[91,742,527],{"class":479},[91,744,484],{"class":483},[91,746,747],{"class":101}," test-monkeyrun-net-cert\n",[91,749,750,753,755],{"class":93,"line":209},[91,751,752],{"class":479},"  namespace",[91,754,484],{"class":483},[91,756,757],{"class":101}," test\n",[91,759,760,762],{"class":93,"line":419},[91,761,541],{"class":479},[91,763,505],{"class":483},[91,765,766,769,771,774],{"class":93,"line":538},[91,767,768],{"class":479},"  secretName",[91,770,484],{"class":483},[91,772,773],{"class":101}," tls-test-monkeyrun-net",[91,775,776],{"class":135}," # 证书保存的 secret 名\n",[91,778,779,782,784,787],{"class":93,"line":546},[91,780,781],{"class":479},"  duration",[91,783,484],{"class":483},[91,785,786],{"class":101}," 2160h",[91,788,789],{"class":135}," # 90d\n",[91,791,792,795,797,800],{"class":93,"line":554},[91,793,794],{"class":479},"  renewBefore",[91,796,484],{"class":483},[91,798,799],{"class":101}," 720h",[91,801,802],{"class":135}," # 30d\n",[91,804,805,808],{"class":93,"line":568},[91,806,807],{"class":479},"  dnsNames",[91,809,505],{"class":483},[91,811,812,815],{"class":93,"line":576},[91,813,814],{"class":483},"    -",[91,816,817],{"class":101}," test.monkeyrun.net\n",[91,819,820,823],{"class":93,"line":587},[91,821,822],{"class":479},"  issuerRef",[91,824,505],{"class":483},[91,826,827,829,831],{"class":93,"line":595},[91,828,517],{"class":479},[91,830,484],{"class":483},[91,832,522],{"class":101},[91,834,835,838,840],{"class":93,"line":606},[91,836,837],{"class":479},"    kind",[91,839,484],{"class":483},[91,841,497],{"class":101},[91,843,844,847,849],{"class":93,"line":614},[91,845,846],{"class":479},"    group",[91,848,484],{"class":483},[91,850,851],{"class":101}," cert-manager.io\n",[27,853,641,854],{},[31,855,472],{},[82,857,859],{"className":84,"code":858,"language":86,"meta":87,"style":87},"$ kubectl apply -f test-monkeyrun-net-cert.yaml\n",[31,860,861],{"__ignoreMap":87},[91,862,863,865,867,869,871],{"class":93,"line":94},[91,864,98],{"class":97},[91,866,123],{"class":101},[91,868,170],{"class":101},[91,870,177],{"class":173},[91,872,873],{"class":101}," test-monkeyrun-net-cert.yaml\n",[27,875,876],{},"检查是否生成证书文件",[82,878,880],{"className":84,"code":879,"language":86,"meta":87,"style":87},"$ kubectl get certificate -n test\nNAME                      READY   SECRET                   AGE\ntest-monkeyrun-net-cert   True    test-monkeyrun-net-tls   99m\n",[31,881,882,897,910],{"__ignoreMap":87},[91,883,884,886,888,890,893,895],{"class":93,"line":94},[91,885,98],{"class":97},[91,887,123],{"class":101},[91,889,275],{"class":101},[91,891,892],{"class":101}," certificate",[91,894,367],{"class":173},[91,896,757],{"class":101},[91,898,899,901,904,907],{"class":93,"line":139},[91,900,288],{"class":97},[91,902,903],{"class":101},"                      READY",[91,905,906],{"class":101},"   SECRET",[91,908,909],{"class":101},"                   AGE\n",[91,911,912,915,917,920],{"class":93,"line":163},[91,913,914],{"class":97},"test-monkeyrun-net-cert",[91,916,697],{"class":101},[91,918,919],{"class":101},"    test-monkeyrun-net-tls",[91,921,922],{"class":101},"   99m\n",[27,924,925,926,929,930,933,934,936],{},"将该证书配置到 ",[31,927,928],{},"test.monkeyrun.net"," 的 ",[31,931,932],{},"ingress"," 上，测试 ",[31,935,33],{}," 访问，成功。",[70,938,940],{"id":939},"创建deployment时自动签发证书",[941,942,943],"del",{},"创建Deployment时自动签发证书",[27,945,946],{},[941,947,948,949],{},"创建 ",[31,950,951],{},"test-nginx.yaml",[82,953,955],{"className":470,"code":954,"language":472,"meta":87,"style":87},"apiVersion: extensions\u002Fv1beta1\nkind: Deployment\nmetadata:\n  name: test-nginx\n  namespace: test\nspec:\n  replicas: 1\n  template:\n    metadata:\n      labels:\n        run: test-nginx\n    spec:\n      containers:\n        - name: test-nginx\n          image: nginx\n          ports:\n            - containerPort: 80\n---\napiVersion: v1\nkind: Service\nmetadata:\n  name: test-nginx\n  namespace: test\n  labels:\n    app: test-nginx\nspec:\n  ports:\n    - port: 80\n      protocol: TCP\n      name: http\n  selector:\n    run: test-nginx\n---\napiVersion: extensions\u002Fv1beta1\nkind: Ingress\nmetadata:\n  name: test-nginx\n  namespace: test\n  annotations:\n    kubernetes.io\u002Fingress.class: nginx\n    kubernetes.io\u002Ftls-acme: 'true'\n    certmanager.io\u002Fcluster-issuer: letsencrypt-prod\nspec:\n  rules:\n    - host: test.monkeyrun.net\n      http:\n        paths:\n          - backend:\n              serviceName: test-nginx\n              servicePort: 80\n            path: \u002F\n  tls:\n    - secretName: tls-test-monkeyrun-net\n      hosts:\n        - test.monkeyrun.net\n",[31,956,957,966,975,981,990,998,1004,1014,1021,1028,1035,1044,1051,1058,1070,1079,1086,1100,1106,1116,1126,1133,1142,1151,1158,1168,1175,1183,1195,1206,1216,1224,1234,1239,1248,1258,1265,1274,1283,1291,1301,1318,1328,1335,1343,1355,1363,1371,1382,1392,1402,1413,1421,1434,1442],{"__ignoreMap":87},[91,958,959,961,963],{"class":93,"line":94},[91,960,480],{"class":479},[91,962,484],{"class":483},[91,964,965],{"class":101}," extensions\u002Fv1beta1\n",[91,967,968,970,972],{"class":93,"line":139},[91,969,492],{"class":479},[91,971,484],{"class":483},[91,973,974],{"class":101}," Deployment\n",[91,976,977,979],{"class":93,"line":163},[91,978,502],{"class":479},[91,980,505],{"class":483},[91,982,983,985,987],{"class":93,"line":186},[91,984,527],{"class":479},[91,986,484],{"class":483},[91,988,989],{"class":101}," test-nginx\n",[91,991,992,994,996],{"class":93,"line":209},[91,993,752],{"class":479},[91,995,484],{"class":483},[91,997,757],{"class":101},[91,999,1000,1002],{"class":93,"line":419},[91,1001,541],{"class":479},[91,1003,505],{"class":483},[91,1005,1006,1009,1011],{"class":93,"line":538},[91,1007,1008],{"class":479},"  replicas",[91,1010,484],{"class":483},[91,1012,1013],{"class":314}," 1\n",[91,1015,1016,1019],{"class":93,"line":546},[91,1017,1018],{"class":479},"  template",[91,1020,505],{"class":483},[91,1022,1023,1026],{"class":93,"line":554},[91,1024,1025],{"class":479},"    metadata",[91,1027,505],{"class":483},[91,1029,1030,1033],{"class":93,"line":568},[91,1031,1032],{"class":479},"      labels",[91,1034,505],{"class":483},[91,1036,1037,1040,1042],{"class":93,"line":576},[91,1038,1039],{"class":479},"        run",[91,1041,484],{"class":483},[91,1043,989],{"class":101},[91,1045,1046,1049],{"class":93,"line":587},[91,1047,1048],{"class":479},"    spec",[91,1050,505],{"class":483},[91,1052,1053,1056],{"class":93,"line":595},[91,1054,1055],{"class":479},"      containers",[91,1057,505],{"class":483},[91,1059,1060,1063,1066,1068],{"class":93,"line":606},[91,1061,1062],{"class":483},"        -",[91,1064,1065],{"class":479}," name",[91,1067,484],{"class":483},[91,1069,989],{"class":101},[91,1071,1072,1075,1077],{"class":93,"line":614},[91,1073,1074],{"class":479},"          image",[91,1076,484],{"class":483},[91,1078,603],{"class":101},[91,1080,1081,1084],{"class":93,"line":627},[91,1082,1083],{"class":479},"          ports",[91,1085,505],{"class":483},[91,1087,1089,1092,1095,1097],{"class":93,"line":1088},17,[91,1090,1091],{"class":483},"            -",[91,1093,1094],{"class":479}," containerPort",[91,1096,484],{"class":483},[91,1098,1099],{"class":314}," 80\n",[91,1101,1103],{"class":93,"line":1102},18,[91,1104,1105],{"class":97},"---\n",[91,1107,1109,1111,1113],{"class":93,"line":1108},19,[91,1110,480],{"class":479},[91,1112,484],{"class":483},[91,1114,1115],{"class":101}," v1\n",[91,1117,1119,1121,1123],{"class":93,"line":1118},20,[91,1120,492],{"class":479},[91,1122,484],{"class":483},[91,1124,1125],{"class":101}," Service\n",[91,1127,1129,1131],{"class":93,"line":1128},21,[91,1130,502],{"class":479},[91,1132,505],{"class":483},[91,1134,1136,1138,1140],{"class":93,"line":1135},22,[91,1137,527],{"class":479},[91,1139,484],{"class":483},[91,1141,989],{"class":101},[91,1143,1145,1147,1149],{"class":93,"line":1144},23,[91,1146,752],{"class":479},[91,1148,484],{"class":483},[91,1150,757],{"class":101},[91,1152,1154,1156],{"class":93,"line":1153},24,[91,1155,510],{"class":479},[91,1157,505],{"class":483},[91,1159,1161,1164,1166],{"class":93,"line":1160},25,[91,1162,1163],{"class":479},"    app",[91,1165,484],{"class":483},[91,1167,989],{"class":101},[91,1169,1171,1173],{"class":93,"line":1170},26,[91,1172,541],{"class":479},[91,1174,505],{"class":483},[91,1176,1178,1181],{"class":93,"line":1177},27,[91,1179,1180],{"class":479},"  ports",[91,1182,505],{"class":483},[91,1184,1186,1188,1191,1193],{"class":93,"line":1185},28,[91,1187,814],{"class":483},[91,1189,1190],{"class":479}," port",[91,1192,484],{"class":483},[91,1194,1099],{"class":314},[91,1196,1198,1201,1203],{"class":93,"line":1197},29,[91,1199,1200],{"class":479},"      protocol",[91,1202,484],{"class":483},[91,1204,1205],{"class":101}," TCP\n",[91,1207,1209,1211,1213],{"class":93,"line":1208},30,[91,1210,617],{"class":479},[91,1212,484],{"class":483},[91,1214,1215],{"class":101}," http\n",[91,1217,1219,1222],{"class":93,"line":1218},31,[91,1220,1221],{"class":479},"  selector",[91,1223,505],{"class":483},[91,1225,1227,1230,1232],{"class":93,"line":1226},32,[91,1228,1229],{"class":479},"    run",[91,1231,484],{"class":483},[91,1233,989],{"class":101},[91,1235,1237],{"class":93,"line":1236},33,[91,1238,1105],{"class":97},[91,1240,1242,1244,1246],{"class":93,"line":1241},34,[91,1243,480],{"class":479},[91,1245,484],{"class":483},[91,1247,965],{"class":101},[91,1249,1251,1253,1255],{"class":93,"line":1250},35,[91,1252,492],{"class":479},[91,1254,484],{"class":483},[91,1256,1257],{"class":101}," Ingress\n",[91,1259,1261,1263],{"class":93,"line":1260},36,[91,1262,502],{"class":479},[91,1264,505],{"class":483},[91,1266,1268,1270,1272],{"class":93,"line":1267},37,[91,1269,527],{"class":479},[91,1271,484],{"class":483},[91,1273,989],{"class":101},[91,1275,1277,1279,1281],{"class":93,"line":1276},38,[91,1278,752],{"class":479},[91,1280,484],{"class":483},[91,1282,757],{"class":101},[91,1284,1286,1289],{"class":93,"line":1285},39,[91,1287,1288],{"class":479},"  annotations",[91,1290,505],{"class":483},[91,1292,1294,1297,1299],{"class":93,"line":1293},40,[91,1295,1296],{"class":479},"    kubernetes.io\u002Fingress.class",[91,1298,484],{"class":483},[91,1300,603],{"class":101},[91,1302,1304,1307,1309,1313,1315],{"class":93,"line":1303},41,[91,1305,1306],{"class":479},"    kubernetes.io\u002Ftls-acme",[91,1308,484],{"class":483},[91,1310,1312],{"class":1311},"sjJ54"," '",[91,1314,157],{"class":101},[91,1316,1317],{"class":1311},"'\n",[91,1319,1321,1324,1326],{"class":93,"line":1320},42,[91,1322,1323],{"class":479},"    certmanager.io\u002Fcluster-issuer",[91,1325,484],{"class":483},[91,1327,522],{"class":101},[91,1329,1331,1333],{"class":93,"line":1330},43,[91,1332,541],{"class":479},[91,1334,505],{"class":483},[91,1336,1338,1341],{"class":93,"line":1337},44,[91,1339,1340],{"class":479},"  rules",[91,1342,505],{"class":483},[91,1344,1346,1348,1351,1353],{"class":93,"line":1345},45,[91,1347,814],{"class":483},[91,1349,1350],{"class":479}," host",[91,1352,484],{"class":483},[91,1354,817],{"class":101},[91,1356,1358,1361],{"class":93,"line":1357},46,[91,1359,1360],{"class":479},"      http",[91,1362,505],{"class":483},[91,1364,1366,1369],{"class":93,"line":1365},47,[91,1367,1368],{"class":479},"        paths",[91,1370,505],{"class":483},[91,1372,1374,1377,1380],{"class":93,"line":1373},48,[91,1375,1376],{"class":483},"          -",[91,1378,1379],{"class":479}," backend",[91,1381,505],{"class":483},[91,1383,1385,1388,1390],{"class":93,"line":1384},49,[91,1386,1387],{"class":479},"              serviceName",[91,1389,484],{"class":483},[91,1391,989],{"class":101},[91,1393,1395,1398,1400],{"class":93,"line":1394},50,[91,1396,1397],{"class":479},"              servicePort",[91,1399,484],{"class":483},[91,1401,1099],{"class":314},[91,1403,1405,1408,1410],{"class":93,"line":1404},51,[91,1406,1407],{"class":479},"            path",[91,1409,484],{"class":483},[91,1411,1412],{"class":101}," \u002F\n",[91,1414,1416,1419],{"class":93,"line":1415},52,[91,1417,1418],{"class":479},"  tls",[91,1420,505],{"class":483},[91,1422,1424,1426,1429,1431],{"class":93,"line":1423},53,[91,1425,814],{"class":483},[91,1427,1428],{"class":479}," secretName",[91,1430,484],{"class":483},[91,1432,1433],{"class":101}," tls-test-monkeyrun-net\n",[91,1435,1437,1440],{"class":93,"line":1436},54,[91,1438,1439],{"class":479},"      hosts",[91,1441,505],{"class":483},[91,1443,1445,1447],{"class":93,"line":1444},55,[91,1446,1062],{"class":483},[91,1448,817],{"class":101},[27,1450,1451],{},[941,1452,1453,1454,1457,1458,1461,1462,453,1465,1468,1469,1471],{},"删除之前手动创建的 ",[31,1455,1456],{},"Deployment","、",[31,1459,1460],{},"Service"," 、 ",[31,1463,1464],{},"Ingress",[31,1466,1467],{},"Secret"," 后， 应用 ",[31,1470,472],{}," 来自动创建",[82,1473,1475],{"className":84,"code":1474,"language":86,"meta":87,"style":87},"$ kubectl apply -f test-nginx.yaml\n",[31,1476,1477],{"__ignoreMap":87},[91,1478,1479,1481,1483,1485,1487],{"class":93,"line":94},[91,1480,98],{"class":97},[91,1482,123],{"class":101},[91,1484,170],{"class":101},[91,1486,177],{"class":173},[91,1488,1489],{"class":101}," test-nginx.yaml\n",[27,1491,1492],{},[941,1493,1494,1495,1498],{},"打开 ",[31,1496,1497],{},"https:\u002F\u002Ftest.monkeyrun.net"," 测试，成功！",[27,1500,1501],{},"不知为何再次使用自动签发证书的时候会报错：",[82,1503,1508],{"className":1504,"code":1506,"language":1507},[1505],"language-text","E0330 07:46:30.070412       1 sync.go:57] cert-manager\u002Fcontroller\u002Fingress-shim \"msg\"=\"failed to determine issuer to be used for ingress resource\" \"error\"=\"failed to determine issuer name to be used for ingress resource\" \"resource_kind\"=\"Ingress\" \"resource_name\"=\"xxx\" \"resource_namespace\"=\"xxx\"\n","text",[31,1509,1506],{"__ignoreMap":87},[27,1511,1512],{},"解决了半天都没能找到问题，所以还是用手动签发吧，反正也是一次性的操作。",[70,1514,1516],{"id":1515},"通过-dns-验证域名","通过 DNS 验证域名",[27,1518,1519],{},"刚才通过 http01 的方式验证域名会有个问题，对于已经部署上线的项目，没办法去验证，所以可以通过 dns 的方式来验证。",[27,1521,1522],{},[941,1523,1524,1525,1532,1533,1538,1539,1542,1543,1545,1546,1551,1552,1557],{},"经过搜寻，找到了几篇文章，都是利用 ",[1526,1527,1531],"a",{"href":1528,"rel":1529},"https:\u002F\u002Fgithub.com\u002Fkevinniu666",[1530],"nofollow","kevinniu666"," 这位仁兄基于  ",[1526,1534,1537],{"href":1535,"rel":1536},"https:\u002F\u002Fgithub.com\u002Fjetstack\u002Fcert-manager-webhook-example",[1530],"jetstack\u002Fcert-manager-webhook-example"," 改成 ",[31,1540,1541],{},"alidns"," 的版本来搞的，不过尝试了下，他这里面 ",[31,1544,226],{}," 版本太老已经跑不起来了，从 GitHub 的 forks 树里面找到了最新的一个 fork，",[1526,1547,1550],{"href":1548,"rel":1549},"https:\u002F\u002Fgithub.com\u002Fcolprog\u002Fcert-manager-webhook-alidns",[1530],"colprog\u002Fcert0manager-webhooks-alidns","，尝试了下，也不行，他应该是改了镜像，但是不可用了。重新尝试了下上一代 fork ",[1526,1553,1556],{"href":1554,"rel":1555},"https:\u002F\u002Fgithub.com\u002Fpangzineng\u002Fcert-manager-webhook-alidns",[1530],"pangzineng\u002Fcert-manager-webhook-alidns","，可用。",[82,1559,1561],{"className":84,"code":1560,"language":86,"meta":87,"style":87},"$ git clone https:\u002F\u002Fgithub.com\u002Fpangzineng\u002Fcert-manager-webhook-alidns.git\n$ cd cert-manager-webhook-alidns\n$ helm install cert-manager-webhook-alidns --namespace=cert-manager .\u002Fdeploy\u002Fwebhook-alidns\n",[31,1562,1563,1576,1586],{"__ignoreMap":87},[91,1564,1565,1567,1570,1573],{"class":93,"line":94},[91,1566,98],{"class":97},[91,1568,1569],{"class":101}," git",[91,1571,1572],{"class":101}," clone",[91,1574,1575],{"class":101}," https:\u002F\u002Fgithub.com\u002Fpangzineng\u002Fcert-manager-webhook-alidns.git\n",[91,1577,1578,1580,1583],{"class":93,"line":139},[91,1579,98],{"class":97},[91,1581,1582],{"class":101}," cd",[91,1584,1585],{"class":101}," cert-manager-webhook-alidns\n",[91,1587,1588,1590,1592,1594,1597,1600],{"class":93,"line":163},[91,1589,98],{"class":97},[91,1591,191],{"class":101},[91,1593,105],{"class":101},[91,1595,1596],{"class":101}," cert-manager-webhook-alidns",[91,1598,1599],{"class":173}," --namespace=cert-manager",[91,1601,1602],{"class":101}," .\u002Fdeploy\u002Fwebhook-alidns\n",[27,1604,1605],{},[941,1606,1607],{},"创建 alidns AccessKey Id 和 Secret",[82,1609,1611],{"className":84,"code":1610,"language":86,"meta":87,"style":87},"$ kubectl -n cert-manager create secret generic alidns-access-key-id --from-literal=accessKeyId='xxxxxxx'\n$ kubectl -n cert-manager create secret generic alidns-access-key-secret --from-literal=accessKeySecret='xxxxxxx'\n",[31,1612,1613,1645],{"__ignoreMap":87},[91,1614,1615,1617,1619,1621,1623,1625,1628,1631,1634,1637,1640,1643],{"class":93,"line":94},[91,1616,98],{"class":97},[91,1618,123],{"class":101},[91,1620,367],{"class":173},[91,1622,132],{"class":101},[91,1624,126],{"class":101},[91,1626,1627],{"class":101}," secret",[91,1629,1630],{"class":101}," generic",[91,1632,1633],{"class":101}," alidns-access-key-id",[91,1635,1636],{"class":173}," --from-literal=accessKeyId=",[91,1638,1639],{"class":1311},"'",[91,1641,1642],{"class":101},"xxxxxxx",[91,1644,1317],{"class":1311},[91,1646,1647,1649,1651,1653,1655,1657,1659,1661,1664,1667,1669,1671],{"class":93,"line":139},[91,1648,98],{"class":97},[91,1650,123],{"class":101},[91,1652,367],{"class":173},[91,1654,132],{"class":101},[91,1656,126],{"class":101},[91,1658,1627],{"class":101},[91,1660,1630],{"class":101},[91,1662,1663],{"class":101}," alidns-access-key-secret",[91,1665,1666],{"class":173}," --from-literal=accessKeySecret=",[91,1668,1639],{"class":1311},[91,1670,1642],{"class":101},[91,1672,1317],{"class":1311},[27,1674,1675,1676],{},"更新：使用 ",[1526,1677,1680],{"href":1678,"rel":1679},"https:\u002F\u002Fgithub.com\u002Fpragkent\u002Falidns-webhook\u002Ftree\u002Fmaster",[1530],"pragkent\u002Falidns-webhook",[27,1682,1683,1684],{},"修改我们之前创建的 ",[31,1685,466],{},[82,1687,1689],{"className":470,"code":1688,"language":472,"meta":87,"style":87},"apiVersion: cert-manager.io\u002Fv1\nkind: ClusterIssuer\nmetadata:\n  labels:\n    name: letsencrypt-prod\n  name: letsencrypt-prod # 自定义的签发机构名称，后面会引用\nspec:\n  acme:\n    email: yourname@youremail.com # 你的邮箱，证书快过期的时候会邮件提醒，不过我们可以设置自动续期\n    solvers:\n      - dns01:\n          webhook:\n            groupName: yourgroup.com\n            solverName: alidns\n            config:\n              region: ''\n              accessKeySecretRef:\n                name: alidns-secret\n                key: access-key\n              secretKeySecretRef:\n                name: alidns-secret\n                key: secret-key\n    privateKeySecretRef:\n      name: letsencrypt-prod-account-key # 指示此签发机构的私钥将要存储到哪个 Secret 对象中\n    server: https:\u002F\u002Facme-v02.api.letsencrypt.org\u002Fdirectory # acme 协议的服务端，我们用 Let's Encrypt\n",[31,1690,1691,1700,1708,1714,1720,1728,1738,1744,1750,1760,1766,1775,1782,1792,1802,1809,1819,1826,1836,1846,1853,1861,1870,1876,1887],{"__ignoreMap":87},[91,1692,1693,1695,1697],{"class":93,"line":94},[91,1694,480],{"class":479},[91,1696,484],{"class":483},[91,1698,1699],{"class":101}," cert-manager.io\u002Fv1\n",[91,1701,1702,1704,1706],{"class":93,"line":139},[91,1703,492],{"class":479},[91,1705,484],{"class":483},[91,1707,497],{"class":101},[91,1709,1710,1712],{"class":93,"line":163},[91,1711,502],{"class":479},[91,1713,505],{"class":483},[91,1715,1716,1718],{"class":93,"line":186},[91,1717,510],{"class":479},[91,1719,505],{"class":483},[91,1721,1722,1724,1726],{"class":93,"line":209},[91,1723,517],{"class":479},[91,1725,484],{"class":483},[91,1727,522],{"class":101},[91,1729,1730,1732,1734,1736],{"class":93,"line":419},[91,1731,527],{"class":479},[91,1733,484],{"class":483},[91,1735,532],{"class":101},[91,1737,535],{"class":135},[91,1739,1740,1742],{"class":93,"line":538},[91,1741,541],{"class":479},[91,1743,505],{"class":483},[91,1745,1746,1748],{"class":93,"line":546},[91,1747,549],{"class":479},[91,1749,505],{"class":483},[91,1751,1752,1754,1756,1758],{"class":93,"line":554},[91,1753,557],{"class":479},[91,1755,484],{"class":483},[91,1757,562],{"class":101},[91,1759,565],{"class":135},[91,1761,1762,1764],{"class":93,"line":568},[91,1763,571],{"class":479},[91,1765,505],{"class":483},[91,1767,1768,1770,1773],{"class":93,"line":576},[91,1769,579],{"class":483},[91,1771,1772],{"class":479}," dns01",[91,1774,505],{"class":483},[91,1776,1777,1780],{"class":93,"line":587},[91,1778,1779],{"class":479},"          webhook",[91,1781,505],{"class":483},[91,1783,1784,1787,1789],{"class":93,"line":595},[91,1785,1786],{"class":479},"            groupName",[91,1788,484],{"class":483},[91,1790,1791],{"class":101}," yourgroup.com\n",[91,1793,1794,1797,1799],{"class":93,"line":606},[91,1795,1796],{"class":479},"            solverName",[91,1798,484],{"class":483},[91,1800,1801],{"class":101}," alidns\n",[91,1803,1804,1807],{"class":93,"line":614},[91,1805,1806],{"class":479},"            config",[91,1808,505],{"class":483},[91,1810,1811,1814,1816],{"class":93,"line":627},[91,1812,1813],{"class":479},"              region",[91,1815,484],{"class":483},[91,1817,1818],{"class":1311}," ''\n",[91,1820,1821,1824],{"class":93,"line":1088},[91,1822,1823],{"class":479},"              accessKeySecretRef",[91,1825,505],{"class":483},[91,1827,1828,1831,1833],{"class":93,"line":1102},[91,1829,1830],{"class":479},"                name",[91,1832,484],{"class":483},[91,1834,1835],{"class":101}," alidns-secret\n",[91,1837,1838,1841,1843],{"class":93,"line":1108},[91,1839,1840],{"class":479},"                key",[91,1842,484],{"class":483},[91,1844,1845],{"class":101}," access-key\n",[91,1847,1848,1851],{"class":93,"line":1118},[91,1849,1850],{"class":479},"              secretKeySecretRef",[91,1852,505],{"class":483},[91,1854,1855,1857,1859],{"class":93,"line":1128},[91,1856,1830],{"class":479},[91,1858,484],{"class":483},[91,1860,1835],{"class":101},[91,1862,1863,1865,1867],{"class":93,"line":1135},[91,1864,1840],{"class":479},[91,1866,484],{"class":483},[91,1868,1869],{"class":101}," secret-key\n",[91,1871,1872,1874],{"class":93,"line":1144},[91,1873,609],{"class":479},[91,1875,505],{"class":483},[91,1877,1878,1880,1882,1885],{"class":93,"line":1153},[91,1879,617],{"class":479},[91,1881,484],{"class":483},[91,1883,1884],{"class":101}," letsencrypt-prod-account-key",[91,1886,624],{"class":135},[91,1888,1889,1891,1893,1895],{"class":93,"line":1160},[91,1890,630],{"class":479},[91,1892,484],{"class":483},[91,1894,635],{"class":101},[91,1896,638],{"class":135},[27,1898,641,1899],{},[31,1900,472],{},[82,1902,1903],{"className":84,"code":646,"language":86,"meta":87,"style":87},[31,1904,1905],{"__ignoreMap":87},[91,1906,1907,1909,1911,1913,1915],{"class":93,"line":94},[91,1908,98],{"class":97},[91,1910,123],{"class":101},[91,1912,126],{"class":101},[91,1914,177],{"class":173},[91,1916,661],{"class":101},[27,1918,664],{},[82,1920,1921],{"className":84,"code":667,"language":86,"meta":87,"style":87},[31,1922,1923,1933,1941],{"__ignoreMap":87},[91,1924,1925,1927,1929,1931],{"class":93,"line":94},[91,1926,98],{"class":97},[91,1928,123],{"class":101},[91,1930,275],{"class":101},[91,1932,680],{"class":101},[91,1934,1935,1937,1939],{"class":93,"line":139},[91,1936,288],{"class":97},[91,1938,687],{"class":101},[91,1940,300],{"class":101},[91,1942,1943,1945,1947],{"class":93,"line":163},[91,1944,694],{"class":97},[91,1946,697],{"class":101},[91,1948,700],{"class":101},[27,1950,1951],{},"重新手动签发证书，验证，成功！",[27,1953,1954],{},"PS：需要注意的是，从 http01 认证修改到 dns01 认证后，有个坑，会一直失败，查看 cert-manager 的 Pod 日志，会发现如下错误：",[82,1956,1960],{"className":1957,"code":1958,"language":1959,"meta":87,"style":87},"language-log shiki shiki-themes material-theme-lighter github-light github-dark","cert-manager\u002Fcontroller\u002Forders \"msg\"=\"Failed to determine the list of Challenge resources needed for the Order\" \"error\"=\"no configured challenge solvers can be used for this challenge\" \"resource_kind\"=\"Order\" \"resource_name\"=\"xxx\"\n","log",[31,1961,1962],{"__ignoreMap":87},[91,1963,1964,1968,1971,1974,1977,1980,1982,1985,1988,1990,1993,1996,1998],{"class":93,"line":94},[91,1965,1967],{"class":1966},"su5hD","cert-manager\u002Fcontroller\u002Forders ",[91,1969,1970],{"class":101},"\"msg\"",[91,1972,1973],{"class":1966},"=",[91,1975,1976],{"class":101},"\"Failed to determine the list of Challenge resources needed for the Order\"",[91,1978,1979],{"class":101}," \"error\"",[91,1981,1973],{"class":1966},[91,1983,1984],{"class":101},"\"no configured challenge solvers can be used for this challenge\"",[91,1986,1987],{"class":101}," \"resource_kind\"",[91,1989,1973],{"class":1966},[91,1991,1992],{"class":101},"\"Order\"",[91,1994,1995],{"class":101}," \"resource_name\"",[91,1997,1973],{"class":1966},[91,1999,2000],{"class":101},"\"xxx\"\n",[27,2002,2003,2004,2009,2010,2015,2016,2018],{},"研究了半天都没成功，后来在 GitHub 上找到了这个 ",[1526,2005,2008],{"href":2006,"rel":2007},"https:\u002F\u002Fgithub.com\u002Fjetstack\u002Fcert-manager\u002Fissues\u002F2494#issuecomment-585391545",[1530],"Issue","，按照 ",[1526,2011,2014],{"href":2012,"rel":2013},"https:\u002F\u002Fgithub.com\u002Fdemisx",[1530],"demisx"," 这位仁兄的建议，把所有和 ",[31,2017,226],{}," 相关的东西全部删除重新用 dns01 的方式部署一遍就 OK 了。",[27,2020,2021,2022,2025,2026,2029],{},"另外，cert-manager 的 API group 从 ",[31,2023,2024],{},"certmanager.k8s.io"," 改到 ",[31,2027,2028],{},"certmanager.io"," 了，不少老教程里面仍然是前者，需要改为后者才能正常执行。",[2031,2032,2033,2036],"blockquote",{},[27,2034,2035],{},"参考链接",[2037,2038,2039,2047,2054,2061],"ul",{},[2040,2041,2042],"li",{},[1526,2043,2046],{"href":2044,"rel":2045},"https:\u002F\u002Fdocs.bitnami.com\u002Fkubernetes\u002Fhow-to\u002Fsecure-kubernetes-services-with-ingress-tls-letsencrypt\u002F",[1530],"Secure Kubernetes Services With Ingress, TLS And Let's Encrypt",[2040,2048,2049],{},[1526,2050,2053],{"href":2051,"rel":2052},"https:\u002F\u002Fxuchao918.github.io\u002F2019\u002F03\u002F14\u002F%E2%95%A9%E2%95%A3%E2%95%99%E2%94%9Ccert-manager%E2%95%A9%E2%95%A1%E2%95%A7%E2%95%93Ingress-https\u002F",[1530],"使用 cert-manager 实现 Ingress https",[2040,2055,2056],{},[1526,2057,2060],{"href":2058,"rel":2059},"https:\u002F\u002Fyq.aliyun.com\u002Farticles\u002F718711",[1530],"使用 cert-manager 给阿里云的 DNS 域名授权 SSL 证书",[2040,2062,2063],{},[1526,2064,2067],{"href":2065,"rel":2066},"https:\u002F\u002Fcert-manager.io\u002Fdocs\u002F",[1530],"cert-manager docs",[2069,2070,2071],"style",{},"html pre.shiki code .sbgvK, html code.shiki .sbgvK{--shiki-light:#E2931D;--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .s_sjI, html code.shiki .s_sjI{--shiki-light:#91B859;--shiki-default:#032F62;--shiki-dark:#9ECBFF}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sutJx, html code.shiki .sutJx{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#6A737D;--shiki-default-font-style:inherit;--shiki-dark:#6A737D;--shiki-dark-font-style:inherit}html pre.shiki code .s39Yj, html code.shiki .s39Yj{--shiki-light:#39ADB5;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .stzsN, html code.shiki .stzsN{--shiki-light:#91B859;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .srdBf, html code.shiki .srdBf{--shiki-light:#F76D47;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .sjJ54, html code.shiki .sjJ54{--shiki-light:#39ADB5;--shiki-default:#032F62;--shiki-dark:#9ECBFF}html pre.shiki code .su5hD, html code.shiki .su5hD{--shiki-light:#90A4AE;--shiki-default:#24292E;--shiki-dark:#E1E4E8}html pre.shiki code .sQzsp, html code.shiki .sQzsp{--shiki-light:#E53935;--shiki-default:#22863A;--shiki-dark:#85E89D}html pre.shiki code .sP7_E, html code.shiki .sP7_E{--shiki-light:#39ADB5;--shiki-default:#24292E;--shiki-dark:#E1E4E8}",{"title":87,"searchDepth":139,"depth":139,"links":2073},[],null,"png","2020-02-27","很多博主的 https 证书经常容易忘记更新，虽说证书过期前都会有邮件提醒，但是万一确实忙得没时间去处理，忘记了，就会出现证书过期的情况了。",false,"md",{},"\u002Fposts\u002F2020\u002Fk8s-cert-manager-tls",{"text":2083,"minutes":2084,"time":2085,"words":2086},"8 min read",7.465,447900,1493,{"title":22,"description":2077},{"loc":2081},"posts\u002F2020\u002F20200227.k8s-cert-manager-tls",[2091,2092,47,2093,2094],"技术","阿里云","DevOps","Docker","天气晴","2aJ6T7QGEjJQr4Yy8PkK08lqxa4n-rxsCy0mGJw2oBY",[2098,2103],{"title":2099,"path":2100,"stem":2101,"date":2076,"description":2102,"children":-1},"iTerm2login","\u002Fposts\u002F2020\u002Fiterm2login","posts\u002F2020\u002F20200227.iterm2login","iterm2login.sh 文件：",{"title":2104,"path":2105,"stem":2106,"date":2107,"description":2108,"children":-1},"有生之年系列之『荒野大镖客』","\u002Fposts\u002F2020\u002Fbest-game-red-dead-redemption-2","posts\u002F2020\u002F20200216.best-game-red-dead-redemption-2","2020-02-16","去年我玩这个游戏的时候，还是看到人想干就干，看到能搜刮的财物就搜刮。但是玩到后面，到了第六章的时候，突然想让亚瑟做个好人，能不干人就不干人，欠债的也都免除了，帮别人做事，别人给你的传家宝也拒绝了。",1777579140445]