-
Choerodon平台版本:0.10
-
运行环境:自主搭建
-
问题描述:
!的提示,难道手动上传外部证书也跟 cert-manager有关系吗,
failed: running kubectl: error: unable to recognize “STDIN”: no matches for certmanager.k8s.io/, Kind=Certificate
刚刚又折腾了下这个外部证书导入功能,因为官方文档从没提及过cert manager,只说要有kube-lego组件,但kube-lego是不支持 certmanager.k8s.io 这个CRD的,而且社区已经放弃了这个工具,然后用下面指令补装了cert manager
$ helm install \
--name cert-manager \
--namespace kube-system \
stable/cert-manager
阿里的源,安装的版本是0.2.2(似乎有点旧)
然后分别创建certmanager.k8s.io Issuer和ClusterIssuer资源
最后重新上传证书,gitops项目上,多了一个xxx.yaml文件:
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: vd
namespace: xxx
spec:
commonName: xxx.xxx.xxx.xxx
existCert:
cert: |
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
key: |
-----BEGIN PRIVATE KEY-----
xxx
-----END PRIVATE KEY-----
查看c7n agent的日志,发现Certificate资源成功部署:
I1120 23:43:09.612111 1 sync.go:178] kubectl apply -n swj-dev -f - , took 319.930073ms, err: <nil>, output: certificate "vd" created
但接下来有错误
I1120 23:43:09.635930 1 client.go:164] send response key env:swj-dev.Cert:vd.commit:ssuer issuer.certmanager.k8s.io "" not f, type cert_failed
W1120 23:43:09.652338 1 event_controller.go:166] Certificate err event reason not contain commit
I1120 23:43:09.652387 1 client.go:164] send response key env:swj-dev.Cert:vd.commit:ssuer issuer.certmanager.k8s.io "" not f, type cert_failed
前端界面同样感叹号提示
cert-manager 的日志非常多下面这个的信息:
I1120 15:43:12.141247 1 controller.go:187] certificates controller: syncing item 'swj-dev/vd'
I1120 15:43:12.141309 1 sync.go:70] Issuer issuer.certmanager.k8s.io "" not found does not exist
E1120 15:43:12.141357 1 controller.go:196] certificates controller: Re-queuing item "swj-dev/vd" due to error processing: issuer.certmanager.k8s.io "" not found
I1120 15:43:14.701622 1 controller.go:187] certificates controller: syncing item 'swj-dev/vd'
I1120 15:43:14.701687 1 sync.go:70] Issuer issuer.certmanager.k8s.io "" not found does not exist
E1120 15:43:14.701742 1 controller.go:196] certificates controller: Re-queuing item "swj-dev/vd" due to error processing: issuer.certmanager.k8s.io "" not found
看信息是certificates controller找不到issuer,choerodon在gitops上创建的yaml文件中确实没有 issuerRef这个spec,难道是因为这个原因?
你好,解决了,NB
这么重要的信息建议放到官方部署文档里去,让用户少走弯路