Cert-Manager
Instalación
Añadir repositorio "Helm"
helm repo add jetstack https://charts.jetstack.io --force-updateInstalar cert-manager
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.17.0 \
--set crds.enabled=trueDesinstalación
helm delete cert-manager --namespace cert-managerClusterIssuer
Global -> para todo el clúster
-
Se aplica una sola vez y puedes usarlo en cualquier namespace.
-
Ideal para producción cuando quieres certificados automáticos a nivel de clúster.
Manifiesto "issuer.yaml":
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-http
spec:
acme:
email: tu-email@dominio.com # email válido
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-http-private-key
solvers:
- http01:
ingress:
class: nginxkubectl apply -f issuer.yamlManifiesto
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: httpd-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt-http # issuer
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # redirige http -> https
spec:
ingressClassName: nginx
rules:
- host: myapp.dominio.com # FQDN app
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: httpd-service
port:
number: 80
tls:
- hosts:
- myapp.dominio.com # FQDN app
secretName: myapp-tls