cert-manager
Install
$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml
cluster-issuer.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
namespace: cert-manager
name: letsencrypt-istio
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: [email protected] #change your email
privateKeySecretRef:
name: letsencrypt-istio
solvers:
- selector: {}
dns01:
route53:
accessKeyID: YOUR_ACCESS_KEY_ID
region: ap-northeast-2
secretAccessKeySecretRef:
name: route53-credentials-secret
key: secret-access-key
route53-credentials-secret SECRET 생성
aws_secret_access_key="$(aws configure get aws_secret_access_key)"
kubectl --namespace cert-manager create secret generic route53-credentials-secret --from-literal="secret-access-key=$aws_secret_access_key"
생성 확인
kubectl describe secret route53-credentials-secret -n cert-manager
certificate.yaml
apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: namespace: istio-system # istio 설치경로 name: your-site-certificate spec: secretName: your-site-credential dnsNames: - "your-site.com" commonName: "your-site.com" issuerRef: kind: ClusterIssuer name: letsencrypt-istio
gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
namespace: your-ns
name: your-gw
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- "your-site.com"
port:
name: http
number: 80
protocol: HTTP
- hosts:
- "your-site.com"
port:
name: https
number: 443
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: your-site-credential
trouble shooting
kubectl describe certificaterequests.cert-manager.io -n istio-system kubectl describe orders.acme.cert-manager.io -n istio-system kubectl describe challenges.acme.cert-manager.io -n istio-system
Links
관련 문서
Plugin Backlinks: 아무 것도 없습니다.