ZhangZhihui's Blog  

https://cert-manager.io/docs/

 

cert-manager

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates.

It can issue certificates from a variety of supported sources, including Let's EncryptHashiCorp Vault, and Venafi as well as private PKI.

It will ensure certificates are valid and up to date, and attempt to renew certificates at a configured time before expiry.

It is loosely based upon the work of kube-lego and has borrowed some wisdom from other similar projects such as kube-cert-manager.

High level overview diagram explaining cert-manager architecture

 

https://cert-manager.io/docs/configuration/acme/

issuer.yaml:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    # You must replace this email address with your own.
    # Let's Encrypt will use this to contact you about expiring
    # certificates, and issues related to your account.
    email: ZhangZhihuiAAA@126.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      # Secret resource that will be used to store the account's private key.
      name: letsencrypt-account-private-key
    # Add a single challenge solver, HTTP01 using nginx
    solvers:
    - http01:
        ingress:
          ingressClassName: nginx

Add below content that has bold font in ingress.yaml:

apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: nginx
spec:
  controller: k8s.io/ingress-nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: zimple-bank-ingress
  annotations: 
    cert-manager.io/cluster-issuer: letsencrypt
spec:
  ingressClassName: nginx
  rules:
  - host: "api.zimple-bank.com"
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: zimple-bank-api-service
            port:
              number: 80
  tls:
  - hosts:
    - api.zimple-bank.org
    secretName: zimple-bank-api-cert

 

posted on 2023-12-20 19:50  ZhangZhihuiAAA  阅读(11)  评论(0)    收藏  举报