我已经用nginxingress和cert-manager设置了Kubernetes。我想使用ECDSA证书而不是RSA证书,所以我遵循了文档并在Ingress配置中设置了cert-manager.io/private-key-algorithm: ECDSA。不幸的是,证书管理器似乎忽略了此设置并创建了RSA证书。
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: {{ include "myapp.fullname" . }}-ingress
labels:
{{- include "myapp.labels" . | nindent 4 }}
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/issuer: {{ .Values.certManager.name }}
cert-manager.io/private-key-algorithm: ECDSA
spec:
ingressClassName: nginx
tls:
- hosts:
- {{ .Values.ingressHostName }}
secretName: "{{ include "myapp.fullname" . }}-{{ .Values.certManager.privateKeySecretRef }}"
rules:
- host: {{ .Values.ingressHostName }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ .Values.landingpage.frontend.service.fullname }}
port:
number: {{ .Values.landingpage.frontend.service.port }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ .Values.certManager.name }}
spec:
acme:
# The ACME server URL
server: {{ .Values.certManager.server }}
# Email address used for ACME registration
email: {{ .Values.certManager.email }}
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: "{{ include "myapp.fullname" . }}-cert-manager-key"
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
看起来你还不能通过入口资源来完成,但你可以通过证书资源来完成:
https://github.com/cert-manager/cert-manager/issues/2567