在线更新ingress证书

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了在线更新ingress证书相关的知识,希望对你有一定的参考价值。

1.制作新证书

[root@elasticsearch01 yaml]# kubectl  create secret tls ingress-secret2021 --key minminmsn.key --cert minminmsn.crt 

2.在ingress替换secretName
查看ingress

[root@elasticsearch01 yaml]# kubectl get ingress
NAME                    HOSTS                                                     ADDRESS   PORTS     AGE
jenkins                 jenkins.minminmsn.com                                              80, 443   419d
minminmsn-harbor-ingress   core-harbor.minminmsn.com,notary-harbor.minminmsn.com             80, 443   30h

在线编辑ingress,替换secretName的值由ingress-secret2020,替换为ingress-secret2021,保存生效

[root@elasticsearch01 yaml]# kubectl edit ingress minminmsn-harbor-ingress
# Please edit the object below. Lines beginning with a ‘#‘ will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    ingress.kubernetes.io/proxy-body-size: "0"
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
  creationTimestamp: "2020-07-15T03:18:15Z"
  generation: 1
  labels:
    app: harbor
    chart: harbor
    heritage: Tiller
    release: minminmsn
  name: minminmsn-harbor-ingress
  namespace: default
  resourceVersion: "91736348"
  selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/minminmsn-harbor-ingress
  uid: d2bf4b41-c649-11ea-9386-52540089b2b6
spec:
  rules:
  - host: core-harbor.minminmsn.com
    http:
      paths:
      - backend:
          serviceName: minminmsn-harbor-portal
          servicePort: 80
        path: /
      - backend:
          serviceName: minminmsn-harbor-core
          servicePort: 80
        path: /api/
      - backend:
          serviceName: minminmsn-harbor-core
          servicePort: 80
        path: /service/
      - backend:
          serviceName: minminmsn-harbor-core
          servicePort: 80
        path: /v2/
      - backend:
          serviceName: minminmsn-harbor-core
          servicePort: 80
        path: /chartrepo/
      - backend:
          serviceName: minminmsn-harbor-core
          servicePort: 80
        path: /c/
  - host: notary-harbor.minminmsn.com
    http:
      paths:
      - backend:
          serviceName: minminmsn-harbor-notary-server
          servicePort: 4443
        path: /
  tls:
  - hosts:
    - core-harbor.minminmsn.com
    secretName: ingress-secret2021
  - hosts:
    - notary-harbor.minminmsn.com
    secretName: ingress-secret2021
status:
  loadBalancer: {}

以上是关于在线更新ingress证书的主要内容,如果未能解决你的问题,请参考以下文章

Cert-Manager 证书更新过程 - 它是如何执行的?

ingress-nginx 添加https证书

nginx.conf 忽略了 nginx-ingress 配置映射片段

配置tls ingress证书

kubernetes ingress: traefik: 多域名及证书配置

Kubernetes Ingress-Controller 和 AWS API Gateway 客户端证书