Kubernetes Ingress 与 cert-manager 自动 TLS 配置

--- title: Kubernetes Ingress 与 cert-manager 自动 TLS 配置 keywords: - Ingress - cert-manager - TLS - ClusterIssuer - 自动化签发 description: 使用 cert-manager 配置自动签发 TLS 证书并为 Ingress 启用 HTTPS，提供可执行清单示例。 categories: - 文章资讯 - 技术教程 --- # Kubernetes Ingress 与 cert-manager 自动 TLS 配置 ## ClusterIssuer 示例 ```yaml apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: [email protected] privateKeySecretRef: name: letsencrypt-key solvers: - http01: ingress: class: nginx ``` ## Ingress 配置 ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: web annotations: cert-manager.io/cluster-issuer: letsencrypt spec: ingressClassName: nginx tls: - hosts: ["example.com"] secretName: web-cert rules: - host: example.com http: paths: - path: / pathType: Prefix backend: service: name: web port: number: 80 ``` ## 验证 - 查看证书 Secret 与 Ingress 状态，确认 HTTPS 可用 ## 总结 结合 cert-manager 与 Ingress，可自动化管理证书并为服务开启安全的 HTTPS 访问。