Я установил https://docs.cert-manager.io/en/release-0.11/reference/clusterissuers.html на мой кластер K8S и использую его с Nginx входным контроллером.
Он работает нормально с моим демо-сервисом hello:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hello-kubernetes-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
rules:
- host: hello.co.databaker.io
http:
paths:
- backend:
serviceName: hello-kubernetes-first
servicePort: 80
tls:
- hosts:
- hello.co.databaker.io
secretName: hello-kubernetes-tls
Но портовый сервис не работает:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: harbor-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
rules:
- host: shiphub.co.databaker.io
http:
paths:
- backend:
serviceName: shiphub-harbor-portal
servicePort: 80
path: /
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /api/
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /service/
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /v2/
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /chartrepo/
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /c/
- host: notary.co.databaker.io
http:
paths:
- backend:
serviceName: shiphub-harbor-notary-server
servicePort: 4443
path: /
tls:
- hosts:
- shiphub.co.databaker.io
secretName: secretName
- hosts:
- notary.co.databaker.io
secretName: secretName
И он показывает неверный эмитент:
Как правильно выбрать эмитента?