3.3. 第 3 步 - 添加 TLS 签发者

流程

1. 输入以下命令来定义 TLS 签发者。这个示例使用 Let 的 Encrypt，它还必须适用于所有集群：

   kubectl apply -f - <<EOF
   apiVersion: cert-manager.io/v1
   kind: ClusterIssuer
   metadata:
     name: ${clusterIssuerName}
   spec:
     acme:
       email: ${EMAIL}
       privateKeySecretRef:
         name: le-secret
       server: https://acme-v02.api.letsencrypt.org/directory
       solvers:
         - dns01:
             route53:
               hostedZoneID: ${zid}
               region: ${AWS_REGION}
               accessKeyIDSecretRef:
                 key: AWS_ACCESS_KEY_ID
                 name: aws-credentials
               secretAccessKeySecretRef:
                 key: AWS_SECRET_ACCESS_KEY
                 name: aws-credentials
   EOF

   Copy to Clipboard Toggle word wrap

2. 等待 ClusterIssuer 就绪，如下所示：

   kubectl wait clusterissuer/${clusterIssuerName} --for=condition=ready=true

   Copy to Clipboard Toggle word wrap