我正在尝试使用 Cert-Manager 和 Cilium Gateway(网关 API)颁发 TLS 证书。当我使用自签名 ClusterIssuer 时一切正常,但当我转到 let's encrypt 时失败了……
我正在尝试使用 Cert-Manager 和 Cilium Gateway(网关 API)颁发 TLS 证书。当我使用自签名 ClusterIssuer 时一切正常,但当我转到 let's encrypt 时失败了。
Cert-manager 创建了 http 解析器,但是我看到挑战者中有一个错误:
Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200'
这是我的发行人:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
email: [email protected]
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-private-key
solvers:
- http01:
gatewayHTTPRoute:
parentRefs:
- name: gateway
namespace: default
kind: Gateway
网关:
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: gateway
namespace: default
annotations:
cert-manager.io/cluster-issuer: letsencrypt
spec:
gatewayClassName: cilium
listeners:
- name: http
protocol: HTTP
port: 80
allowedRoutes:
namespaces:
from: All
- name: https-landing
protocol: HTTPS
port: 443
hostname: www.mypage.com
allowedRoutes:
namespaces:
from: All
tls:
mode: Terminate
certificateRefs:
- kind: Secret
group: ""
name: landing-tls
HTTP路由:
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: https-landing
namespace: default
spec:
parentRefs:
- name: gateway
sectionName: https-landing
hostnames:
- www.mypage.com
rules:
- backendRefs:
- name: landing
port: 8000
你知道可能出现什么问题吗?
尝试以下故障排除步骤,这可能有助于解决您的问题:
更多详细信息 请参考类似的 Github issue1 和 issue2