1.配了一个证书,发现报错:
kubectl logs ingress-nginx-controller-96fnv -n ingress-nginx
unexpected error validating SSL certificate gscommon/https-secret for host oa2https01.mz.abc.com. Reason: x509: certificate is valid for *.idcsec.com, not oa2https01.mz.abc.com
基本可以确定是证书有问题
2.参考思路:
2.1生成证书文件:
openssl req -x509 -nodes -days 2920 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=*.idcsec.com/O=nginxsvc"
2.2 导入证书文件到k8s secret
kubectl create secret tls https-secret --key tls.key --cert tls.crt
我的配置:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
?annotations:
???ingress.kubernetes.io/ssl-redirect: "True"
???kubectl.kubernetes.io/last-applied-configuration: |
?????{"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"ingress.kubernetes.io/ssl-redirect":"True"},"name":"pispower-oa-https","namespace":"gscommon"},"spec":{"rules":[{"host":"oahttps02.mz.pispower.com","http":{"paths":[{"backend":{"serviceName":"oa2gs","servicePort":80},"path":"/"}]}}],"tls":[{"hosts":["oahttps02.mz.pispower.com"],"secretName":"https-secret-02"}]}}
?creationTimestamp: 2018-12-22T15:42:08Z
?generation: 3
?name: pispower-oa-https
?namespace: gscommon
?resourceVersion: "7947760"
?selfLink: /apis/extensions/v1beta1/namespaces/gscommon/ingresses/pispower-oa-https
?uid: 2425b1df-0600-11e9-9cd0-020050e80095
spec:
?rules:
?- host: oahttps02.mz.abc.com
???http:
?????paths:
?????- backend:
?????????serviceName: oa2gs
?????????servicePort: 80
???????path: /
?tls:
?- hosts:
???- oahttps02.mz.abc.com
???secretName: https-secret04
status:
?loadBalancer:
???ingress:
???- {}
参考:http://idcsec.com/articles/2018/09/28/1538105157281.html
关键: kubectl create secret tls https-secret04 --key mz.abc.key --cert mz.abc.com.crt -n gscommon
ingress-nginx 添加https证书
原文地址:https://www.cnblogs.com/hixiaowei/p/10163052.html