我试图将cert-manager迁移到API v1,我能够将发行人迁移到ClusterIssue (YAML的第一部分)。然而,我正在处理一个突破性的变化,即在证书
acme。apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-myapp-issuer
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: ssl@company.com
privateKeySecretRef:
name: wildcard-myapp-com
solvers:
- dns01:
cloudDNS:
serviceAccountSecretRef:
name: clouddns-service-account
key: key.json
project: project-id
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: myapp-com-tls
namespace: default
spec:
secretName: myapp-com-tls
issuerRef:
name: letsencrypt-myapp-issuer
commonName: '*.myapp.com'
dnsNames:
- myapp.com
acme:
config:
- dns01:
provider: google-dns
domains:
- '*.myapp.com'
- myapp.com
当我运行kubectl apply时,我得到错误:
验证数据出错:ValidationError(Certificate.spec): unknown field "acme"在io.cert-manager.v1.Certificate.spec
如何迁移到新版本的cert-manager?
作为v0.8的一部分,引入了一种配置ACME证书资源的新格式。值得注意的是,挑战解决器配置已经从证书资源(certificate.spec.acme下)移到了issuer.spec.acme.solvers下的配置发行者资源上。
所以结果应该如下所示;
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-myapp-issuer
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: ssl@company.com
privateKeySecretRef:
name: wildcard-myapp-com
solvers:
- selector:
dnsNames:
- '*.myapp.com'
- myapp.com
dns01:
cloudDNS:
serviceAccountSecretRef:
name: clouddns-service-account
key: key.json
project: project-id
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: myapp-com-tls
namespace: default
spec:
secretName: myapp-com-tls
issuerRef:
name: letsencrypt-myapp-issuer
commonName: '*.myapp.com'
dnsNames:
- myapp.com