Kubernetes 使用 Cert Manager 自动签发 HTTPS 证书【3】

获取了Cloudflare的api token 接着把他存入 secret 内，然后创建issuer

创建test namespace

apiVersion: v1
kind: Namespace
metadata:
    name: test

1. 把cloudflare api token 存入secret内

apiVersion: v1
kind: Secret
metadata:
  name: cloudflare-api-token-secret
  namespace: test
type: Opaque
stringData:
  api-token: <API Token>

2. 创建issuer

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-dns01
  namespace: test
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration , cloudflare的email
    email: [email protected]
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-dns01
    solvers:
    - selector: {} # An empty 'selector' means that this solver matches all domains
      dns01: # ACME DNS-01 solver configurations
        cloudflare:
          email: [email protected]
          # A secretKeyRef to a cloudflare api key
          apiTokenSecretRef:
            name: cloudflare-api-token-secret
            key: api-token

【快链接】
Kubernetes 使用 Cert Manager 自动签发 HTTPS 证书【1】
Kubernetes 使用 Cert Manager 自动签发 HTTPS 证书【2】
Kubernetes 使用 Cert Manager 自动签发 HTTPS 证书【3】
Kubernetes 使用 Cert Manager 自动签发 HTTPS 证书【4】

Facebook评论

Related Posts

AWS 为已有的EKS部署PrivateCluster和配置NAT

AWS 为已有的EKS安装Karpenter

Kubernetes Nginx Ingress设定HSTS & CSP