📗
smiley book
  • Smiley Books
  • AI
    • Readme
    • openai-whisper
      • 샘플 실행해보기
      • GPU 서버 준비하기
      • API로 whisper를 외부에 오픈하기
      • 프롬프트 지원
      • 실시간 message chat
      • 화면 이쁘게 만들기와 로그인
      • 파이썬 가상환경
      • 실시간 voice chat
      • fine tunning(미세 조정) 으로 성능 올리기
      • app에서 api를 호출하여 실시간으로 텍스트로 바꿔보기
    • ollama - llm을 쉽게 내컴에서 실행
      • ollama webui
      • ollama docker
    • stable diffusion
      • SDXL - text to image
      • SD-webui
    • ChatGPT
      • 답변이 끊길때
      • 역할을 정하자
      • 구체적인 질문
      • 결과형태를 지정
      • 프롬프트를 여러줄로 사용하자.
      • 마틴 파울러 글 번역본
    • Prompt Engineering
    • Auto-GPT
    • Gemini
      • google ai studio
      • gemini-api
      • embedding guide
    • Huggingface
      • huggingface 사용법
      • huggingface nlp 공부중
    • kaggle
      • download dataset
    • langchain
      • langchain을 공부하며 정리
      • basic
      • slackbot
      • rag
      • document-loader
      • website-loader
      • confluence
      • memory
      • function-call
      • langsmith
      • agent-toolkit
  • Ansible
    • templates vs files and jinja2
    • dynamic inventory
    • limit 옵션 강제하기
    • limit 사용후 gather_fact 문제
  • AWS
    • AWS CLI
    • EKS
      • cluster manage
      • ALB Controller
      • external-dns
      • fargate
    • ECR
    • S3
    • Certificate Manager
  • Azure
    • Azure AD OAuth Client Flow
  • Container
    • Registry
    • 빌드시에 env값 설정하기
  • DB
    • PXC
      • Operator
      • PMM
      • 삭제
      • GTID
      • Cross Site Replication
    • Mssql
    • Mysql
  • dotnet
    • Thread Pool
    • Connection Pool
    • Thread Pool2
  • Devops
    • Recommendation
  • GIT
    • Basic
    • Submodule
  • GitHub
    • Repository
    • GitHub Action
    • GitHub PR
    • Self Hosted Runner
    • GitHub Webhook
  • GitLab
    • CI/CD
    • CI/CD Advance
    • Ssl renew
    • CI/CD Pass env to other job
  • Go Lang
    • 개발 환경 구축
    • multi os binary build
    • kubectl같은 cli만들기
    • azure ad cli
    • embed static file
    • go study
      • pointer
      • module and package
      • string
      • struct
      • goroutine
  • Kubernetes
    • Kubernetes는 무엇인가
    • Tools
    • Install with kubespray
    • Kubernetes hardening guidance
    • 11 ways not to get hacked
    • ArgoCD
      • Install
      • CLI
      • Repository
      • Apps
      • AWS ALB 사용
      • Notification slack
      • Backup / DR
      • Ingress
      • 2021-11-16 Github error
      • Server Config
      • auth0 인증 추가(oauth,OIDC)
    • Extension
      • Longhorn pvc
      • External dns
      • Ingress nginx
      • Cert Manager
      • Kube prometheus
    • Helm
      • Subchart
      • Tip
    • Loki
    • Persistent Volume
    • TIP
      • Job
      • Pod
      • Log
  • KAFKA
    • raft
  • KVM
    • kvm cpu model
  • Linux
    • DNS Bind9
      • Cert-Manager
      • Certbot
      • Dynamic Update
      • Log
    • Export and variable
    • Grep 사용법
  • Modeling
    • C4 model introduce
    • Mermaid
    • reference
  • Monitoring
    • Readme
    • 0. What is Monitoring
    • 1. install prometheus and grafana
    • 2. grafana provisioning
    • 3. grafana dashboard
    • 4. grafana portable dashboard
    • 5. prometheus ui
    • 6. prometheus oauth2
    • Prometheus
      • Metric type
      • basic
      • rate vs irate
      • k8s-prometheus
    • Grafana
      • Expolorer
    • Node Exporter
      • advance
      • textfile collector
  • Motivation
    • 3 Simple Rule
  • OPENNEBULA
    • Install(ansible)
    • Install
    • Tip
    • Windows vm
  • Reading
    • comfort zone
    • 배려
    • elon musk 6 rule for insane productivity
    • Feynman Technique
    • how to interview - elon musk
    • 경청
    • Readme
  • Redis
    • Install
    • Master-slave Architecture
    • Sentinel
    • Redis Cluster
    • Client programming c#
  • SEO
    • Readme
  • Security
    • criminalip.io
      • criminalip.io
  • Stock
    • robinhood-python
  • Terraform
    • moved block
    • output
  • vault
    • Readme
  • VS Code
    • dev container
    • dev container on remote server
  • Old fashione trend
    • curity
    • MAAS
      • Install maas
      • Manage maas
      • Tip
Powered by GitBook
On this page
  • create ClusterIssuer
  • Ingress에서 사용

Was this helpful?

  1. Linux
  2. DNS Bind9

Cert-Manager

create ClusterIssuer

생성해둔 키를 base64로 인코딩한다.

echo -n 'KzqRA3OnnSxx3Awp9m8Pt' | base64

이 값을 사용하여 secret을 만든후 cluster issuer를 생성한다.

tsigKeyName과 tsigAlgorithm , nameserver를 정확히 적어준다.

apiVersion: v1
kind: Secret
metadata:
  name: tsig-secret
type: Opaque
data:
  tsig-secret-key: S3pxxxxxQ==

---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: dns-issuer-rfc2136-live
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: 'teamsmiley@gmail.com'
    privateKeySecretRef:
      name: dns-issuer-rfc2136-live
    solvers:
      - dns01:
          rfc2136:
            nameserver: 172.21.1.20:53
            tsigKeyName: teamsmiley-dev-secret
            tsigAlgorithm: HMACSHA512
            tsigSecretSecretRef:
              name: tsig-secret
              key: tsig-secret-key

Ingress에서 사용

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: teamsmiley-dev
  annotations:
    cert-manager.io/cluster-issuer: dns-issuer-rfc2136-live #주의
spec:
  ingressClassName: nginx-internal
  rules:
    - host: www.teamsmiley.dev
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: www
                port:
                  number: 80
  tls:
    - hosts:
        - www.teamsmiley.dev
      secretName: www-tls

잘 생성되는지 확인한다.

PreviousDNS Bind9NextCertbot

Last updated 1 year ago

Was this helpful?

https://cert-manager.io/docs/configuration/acme/dns01/rfc2136/#configuration-step-1-set-up-your-dns-server-for-secure-dynamic-updates