cert-manager
Install
$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml
cluster-issuer.yaml
apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: namespace: cert-manager name: letsencrypt-istio spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: [email protected] #change your email privateKeySecretRef: name: letsencrypt-istio solvers: - selector: {} dns01: route53: accessKeyID: YOUR_ACCESS_KEY_ID region: ap-northeast-2 secretAccessKeySecretRef: name: route53-credentials-secret key: secret-access-key
route53-credentials-secret SECRET 생성
aws_secret_access_key="$(aws configure get aws_secret_access_key)"
kubectl --namespace cert-manager create secret generic route53-credentials-secret --from-literal="secret-access-key=$aws_secret_access_key"
생성 확인
kubectl describe secret route53-credentials-secret -n cert-manager
certificate.yaml
apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: namespace: istio-system # istio 설치경로 name: your-site-certificate spec: secretName: your-site-credential dnsNames: - "your-site.com" commonName: "your-site.com" issuerRef: kind: ClusterIssuer name: letsencrypt-istio
gateway.yaml
apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: namespace: your-ns name: your-gw spec: selector: istio: ingressgateway servers: - hosts: - "your-site.com" port: name: http number: 80 protocol: HTTP - hosts: - "your-site.com" port: name: https number: 443 protocol: HTTPS tls: mode: SIMPLE credentialName: your-site-credential
trouble shooting
kubectl describe certificaterequests.cert-manager.io -n istio-system kubectl describe orders.acme.cert-manager.io -n istio-system kubectl describe challenges.acme.cert-manager.io -n istio-system
Links
관련 문서
Plugin Backlinks: 아무 것도 없습니다.