CERT-MANAGER CLUSTERISSUER在EKS群集上未定义，将Cilium安装为CNI。错误：post \＆quot“：不允许地址” ＆quot'key＆quort =＆quot'clusterissuername＆quot;

发布于 2025-02-05 14:06:10 字数 1750 浏览 1 评论 0原文

我安装了掌舵和kustomize的Cert Manager，但是一旦部署了它，clusterissuer的错误就会使用ACME，如您在下图中所看到的：

当我做kubectl get clusterissuer时，我可以看到绝对有没有定义状态，就绪字段是空的。

我的Clusterissuer表现出来：

---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: acme-prod
spec:
  acme:
    email: [email protected]
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: acme-prod-account-key
    solvers:
      - dns01:
          route53:
            region: us-east-1
            accessKeyID: AKIAS2ETUR
            secretAccessKeySecretRef:
              name: credentials-secret
              key: secret-access-key
        selector:
          dnsZones:
            - "exemple.net"

我的证书经理Yaml，

---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: cert-manager
  namespace: argocd
spec:
  destination:
    namespace: cert-manager
    server: 'https://kubernetes.default.svc'
  source:
    repoURL: 'https://charts.jetstack.io'
    targetRevision: v1.7.1
    chart: cert-manager
    helm:
      valueFiles:
        - values.yaml
      values: |
        installCRDs: true
  project: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true

我认为也许纤毛是我问题的主要原因，并且正在寻求帮助。先感谢您。 [1]： https://i.sstatic.net/8wumf.png [2]： https://i.sstatic.net/xregg.png

原文

I installed cert manager with helm and kustomize but once it's deployed there's an error from the ClusterIssuer that use ACME as you can see in the image below:

And when I do kubectl get clusterissuer I can see there is absolutely no state defined and the READY field is empty.

My ClusterIssuer manifest:

---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: acme-prod
spec:
  acme:
    email: [email protected]
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: acme-prod-account-key
    solvers:
      - dns01:
          route53:
            region: us-east-1
            accessKeyID: AKIAS2ETUR
            secretAccessKeySecretRef:
              name: credentials-secret
              key: secret-access-key
        selector:
          dnsZones:
            - "exemple.net"

My cert-manager yaml

---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: cert-manager
  namespace: argocd
spec:
  destination:
    namespace: cert-manager
    server: 'https://kubernetes.default.svc'
  source:
    repoURL: 'https://charts.jetstack.io'
    targetRevision: v1.7.1
    chart: cert-manager
    helm:
      valueFiles:
        - values.yaml
      values: |
        installCRDs: true
  project: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true

I think maybe the cilium is the main cause of my issue and are looking for help.
Thank you in advance.
[1]: https://i.sstatic.net/8WUmf.png
[2]: https://i.sstatic.net/Xregg.png

分享到QQ

分享到微博