<aside> 🧸 cert-manager 是 Kubernetes 集群中的一个证书管理器，它可以自动从 Let's Encrypt 获取和续订 SSL 证书，并与 Ingress 资源集成。

</aside>

• 安装

  helm repo add jetstack <https://charts.jetstack.io>
  helm repo update
  kubectl apply -f <https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.crds.yaml>
  helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.13.0
  

• 创建ClusterIssuer

  apiVersion: cert-manager.io/v1
  kind: ClusterIssuer
  metadata:
    name: letsencrypt-prod
  spec:
    acme:
      server: <https://acme-v02.api.letsencrypt.org/directory>
      email: [email protected]  # 替换为你的电子邮件
      privateKeySecretRef:
        name: letsencrypt-prod
      solvers:
      - http01:
          ingress:
            class: nginx # 替换为你使用的 Ingress Controller（比如 nginx 或 traefik）
  
  

• 修改Ingress 资源

  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: portainer
    namespace: portainer
    annotations:
      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
  spec:
    tls:
    - hosts:
      - portainer.hazysite.com  # 替换为你的 FQDN
      secretName: portainer-tls
    rules:
    - host: portainer.hazysite.com  # 替换为你的 FQDN
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: portainer
              port:
                number: 9443