hongming
Hi,
我重新做了一次,現在卡在 ingress 要怎麼加上 tls?
我的作法:
##安装 ingress-nginx controller
helm upgrade --install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespace
##安装 cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
kubectl create namespace cert-manager
helm install cert-manager jetstack/cert-manager -n cert-manager --create-namespace --set prometheus.enabled=false --set crds.enabled=true
##創建 ClusterIssuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: abc@gmail.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
kubectl apply -f cluster-issuer.yaml
ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n kube-system get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
coredns ClusterIP 10.233.0.3 <none> 53/UDP,53/TCP,9153/TCP 111m
ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n kubesphere-system get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
extensions-museum ClusterIP 10.233.21.70 <none> 443/TCP 52m
ks-apiserver ClusterIP 10.233.44.157 <none> 80/TCP 52m
ks-console NodePort 10.233.45.63 <none> 80:30880/TCP 52m
ks-controller-manager ClusterIP 10.233.48.223 <none> 443/TCP 52m
ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.233.46.50 <none> 80:30301/TCP,443:30441/TCP 96m
ingress-nginx-controller-admission ClusterIP 10.233.27.26 <none> 443/TCP 96m
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: ks-console-ingress
namespace: kubesphere-system
creationTimestamp: '2025-02-17T06:38:52Z'
annotations:
kubectl.kubernetes.io/last-applied-configuration: >
{"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/ssl-redirect":"true"},"name":"ks-console-ingress","namespace":"kubesphere-system"},"spec":{"ingressClassName":"nginx","rules":[{"host":"ks.local","http":{"paths":[{"backend":{"service":{"name":"ks-console","port":{"number":30880}}},"path":"/","pathType":"Prefix"}]}}],"tls":[{"hosts":["ks.local"],"secretName":"kubesphere-tls"}]}}
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
defaultBackend:
service:
name: ks-console
port:
number: 80
ingressClassName: nginx
rules:
- host: ks.local
http:
paths:
- backend:
service:
name: ks-console
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- ks.local
secretName: kubesphere-tls
status:
loadBalancer:
ingress:
- ip: 10.233.46.50
請問我下一步該怎麼辦
