cert manager로 let's encrypt 설정하기
2025. 3. 1. 00:05ㆍk8s
전체조건
해당 도메인이 외부에 노출이 되어 있어야 함
해당 도메인으로 http 서비스가 되어야 함
cert manager 설치
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=trueLet's Encrypt Issuer 설정
# cluster-issuer.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: your-email@example.com # ✅ Replace with your email
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
# 실행
kubectl apply -f cluster-issuer.yaml
# 확인: ready가 true이어야 함
kubectl get clusterissueringress에 https 설정
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-secure-app
namespace: default
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- test.co.kr # ✅ Your domain
secretName: test-co-kr-tls # ✅ Cert-Manager stores the certificate here
rules:
- host: test.co.kr
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-app
port:
number: 80
# 실행
kubectl apply -f ingress.yaml
# 확인: 생성안됨
kubectl get certificate -A인증서 확인
인증서는 ingress를 설정하면 생성됨: 상태가
# 인증서 확인: ready가 true이어야 함
kubectl get certificate -A
# port 확인
kubectl get svc -n ingress-nginx
kubectl describe svc ingress-nginx -n ingress-nginx
curl -I https://your-ingress-ip --insecure'k8s' 카테고리의 다른 글
| Failed to create Order: 429 urn:ietf:params:acme:error:rateLimited: too many failed authorizations (0) | 2025.03.01 |
|---|---|
| headless service 체크 (0) | 2025.02.28 |
| service로 pod IP 찾기 (0) | 2025.02.28 |
| PV는 수동으로 만들고, StatefulSet과 동적으로 연결 (0) | 2025.02.28 |
| StatefulSet에 동적으로 pvc 바인딩하기 (0) | 2025.02.28 |