cert-manager
cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates.
It can issue certificates from a variety of supported sources, including Let's Encrypt, HashiCorp Vault, and Venafi as well as private PKI.
It will ensure certificates are valid and up to date, and attempt to renew certificates at a configured time before expiry.
It is loosely based upon the work of kube-lego and has borrowed some wisdom from other similar projects such as kube-cert-manager.
https://cert-manager.io/docs/configuration/acme/
issuer.yaml:
apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt spec: acme: # You must replace this email address with your own. # Let's Encrypt will use this to contact you about expiring # certificates, and issues related to your account. email: ZhangZhihuiAAA@126.com server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: # Secret resource that will be used to store the account's private key. name: letsencrypt-account-private-key # Add a single challenge solver, HTTP01 using nginx solvers: - http01: ingress: ingressClassName: nginx
Add below content that has bold font in ingress.yaml:
apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: name: nginx spec: controller: k8s.io/ingress-nginx --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: zimple-bank-ingress annotations: cert-manager.io/cluster-issuer: letsencrypt spec: ingressClassName: nginx rules: - host: "api.zimple-bank.com" http: paths: - pathType: Prefix path: "/" backend: service: name: zimple-bank-api-service port: number: 80 tls: - hosts: - api.zimple-bank.org secretName: zimple-bank-api-cert