Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. # cert-manager ### Install <code> $ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml </code> ### cluster-issuer.yaml <code> apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: namespace: cert-manager name: letsencrypt-istio spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: YOUR@EMAIL.ADDR #change your email privateKeySecretRef: name: letsencrypt-istio solvers: - selector: {} dns01: route53: accessKeyID: YOUR_ACCESS_KEY_ID region: ap-northeast-2 secretAccessKeySecretRef: name: route53-credentials-secret key: secret-access-key </code> ### route53-credentials-secret SECRET 생성 <code> aws_secret_access_key="$(aws configure get aws_secret_access_key)" </code> <code> kubectl --namespace cert-manager create secret generic route53-credentials-secret --from-literal="secret-access-key=$aws_secret_access_key" </code> #### 생성 확인 <code> kubectl describe secret route53-credentials-secret -n cert-manager </code> ### certificate.yaml <code yaml> apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: namespace: istio-system # istio 설치경로 name: your-site-certificate spec: secretName: your-site-credential dnsNames: - "your-site.com" commonName: "your-site.com" issuerRef: kind: ClusterIssuer name: letsencrypt-istio </code> ### gateway.yaml <code> apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: namespace: your-ns name: your-gw spec: selector: istio: ingressgateway servers: - hosts: - "your-site.com" port: name: http number: 80 protocol: HTTP - hosts: - "your-site.com" port: name: https number: 443 protocol: HTTPS tls: mode: SIMPLE credentialName: your-site-credential </code> ### trouble shooting <code> kubectl describe certificaterequests.cert-manager.io -n istio-system kubectl describe orders.acme.cert-manager.io -n istio-system kubectl describe challenges.acme.cert-manager.io -n istio-system </code> ## Links - https://ddii.dev/kubernetes/cert-manager/# - https://istio.io/latest/docs/ops/integrations/certmanager/ - https://lcc3108.github.io/articles/2020-12/certmanager - https://cert-manager.io/docs/faq/troubleshooting/ open/cert-manager.txt Last modified: 2024/10/05 06:15by 127.0.0.1