我已阅读Helm图表以使用来自证书管理器的秘密,但答案让我困惑......
有
...在同一个图表中编写证书的 YAML,通常在其自己的文件中。
just 意味着我在 helm 图表模板文件夹中创建了一个名为“Certificate.yaml”的文件,并且 helm 会自动发现它?
replicaCount: 1
image:
repository: nginx
pullPolicy: IfNotPresent
tag: ""
imagePullSecrets: []
nameOverride: "sample-app"
fullnameOverride: "sampleapp-chart"
serviceAccount:
create: true
annotations: {}
name: "sampleappacc"
podAnnotations: {}
podSecurityContext: {}
securityContext: {}
service:
type: NodePort
port: 80
ingress:
enabled: true
className: "traefik-internal"
annotations:
kubernetes.io/ingress.class: traefik-internal
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
hosts:
- host: sample.k8s.tld
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: sample-tls
hosts:
- sample.k8s.tld
resources: {}
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ (index .Values.ingress.tls 0).secretName }}
namespace: default
spec:
# Secret names are always required.
secretName: {{ (index .Values.ingress.tls 0).secretName }}
duration: 2160h # 90d
renewBefore: 360h # 15d
subject:
organizations:
- myorg
commonName: {{ (index .Values.ingress.hosts 0).host }}
isCA: false
privateKey:
algorithm: RSA
encoding: PKCS1
size: 4096
usages:
- server auth
- client auth
# At least one of a DNS Name, URI, or IP address is required.
dnsNames:
- {{ (index .Values.ingress.hosts 0).host }}
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
group: cert-manager.io
我如何告诉 helm 读取这个文件?
运行
kubectl get certificateNo resources found in default namespace.kubectl get certificate -Akubectl get secretsh.helm.release.v1.sampleapp-chart.v1sample-tls我发现来自
cert-manager-ingress-shim添加注释
cert-manager.io/cluster-issuer: letsencrypt-prod
并删除
Certificate.yaml请参阅有关 ingress 的证书管理器文档以了解有关原因的更多信息