Cert Manager
ssl을 생성해주는 툴
ClusterIssuer : 클러스터 전체에서 한개의 issuer를 사용가능하게
Issuer : namespace마다 하나의 issuer를 생성해서 사용하게
예전에는 certificate를 따로 만들고 이 이름을 ingress에 넣어주어서 생성을 햇으나 anotation이 생겼다.
cert-manager.io/issuer
: the name of anIssuer
to acquire the certificate required for thisIngress
. The Issuer must be in the same namespace as theIngress
resource.cert-manager.io/cluster-issuer
: the name of aClusterIssuer
to acquire the certificate required for thisIngress
. It does not matter which namespace yourIngress
resides, asClusterIssuers
are non-namespaced resources.
이걸 사용하면 하나로 처리가 가능하다.
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-ingress
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/cluster-issuer: "dns-issuer-aws-live"
spec:
tls:
- hosts:
- test.your-domain.com
secretName: test-tls
rules:
- host: test.your-domain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ngnix-service
port:
number: 80
Last updated
Was this helpful?