Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
I'm use SLB (server load balancing) server, all my k8s nodes give slb fixed nodeport 32001, so the slb IP:80 can guest the 32001.
(all my web site program use 32001 nodeport.)
so, when i use helm to deploy a web server (whatever is traefik or kong or nginx or something else), cert-manager will build pod name like
I want fixed nodeport 32001 ... can let me slb work again, for cert-manager self-check.
but the API don't realy have
Here is the
Here is My ClusterIssuer yaml :
Even if this field did exist, the setup you're working towards will not work - your ingress controller (i.e. ingress-nginx, contour, etc) should be listening on port 32001 - an Ingress resource that is created during the HTTP01 solving process is what actually routes traffic to the Service running on port 8089 (the acmesolver). Only a single Service can have a single nodePort, so if you were to try and do what you're doing above, your actual webserver that serves actual traffic for your website would not be accessible, as the acmesolver would be using port 32001.
You can read more on how ingress-nginx works here: https://kubernetes.github.io/ingress-nginx/how-it-works/
Hope that makes sense! Take a look at our "Securing nginx ingress" tutorial here too, as it will talk you through the entire process end-to-end: https://cert-manager.io/docs/tutorials/acme/ingress/