k3s kuboard cert-manager颁发letsencrypt证书

安装cert-manager

helm install   cert-manager jetstack/cert-manager   --namespace cert-manager   --create-namespace   --version v1.12.0   --set installCRDs=true    

创建证书颁发机构

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: let
  namespace: default
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: xxx@qq.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: let
    # Enable the HTTP-01 challenge provider
    solvers:
    # An empty 'selector' means that this solver matches all domains
    - selector: {}
      http01:
        ingress:
          ingressClassName: traefik

申请证书

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: b-tls
  namespace: default
spec:
  secretName: b-tls
  issuerRef:
    name: let
    kind: ClusterIssuer
  dnsNames:
  - blog.9zf.net
Code language: JavaScript (javascript)

kubectl apply -f t.yaml  
kubectl delete -f t.yaml 

坑：推荐用上述命令，创建删除，kuboard能创建不能删除
cert-manager官方文档中的https://acme-staging-v02.api.letsencrypt.org/directory为测试地址，申请的证书是无效的，所以要用https://acme-v02.api.letsencrypt.org/directory
issuerRef:
name: let（此次必须为证书颁发机构的name）
最后，后台应用路由选项配置选定生成的密文即可

kubectl get clusterissuer 查看证书颁发机构

kubectl get certificate -A 查看创建的证书

直接删存储里的Secret删不掉，要先删除更多资源里的Certificates 下的才行

下面是命令行方式，rancher是上面说的那样

kubectl delete certificate b-tls -n default

kubectl delete secret b-tls -n default