Aprenda a instalar ao cert-manager no k8s de forma objetiva e rápida!
Conteúdo em migração
Estou migrando posts do Publli (pub.gutocarvalho.net) para cá ;)
Se achar alguma coisa errada é só avisar!
Data de criação do post: 2021-10-06
Instalando CertManager
Instale o CustomResourceDefinition separadamente
$ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.5.4/cert-manager.crds.yaml
Crie o namespace para o cert-manager
$ kubectl create namespace cert-manager
Adicione o repositório helm
$ helm repo add jetstack https://charts.jetstack.io
Atualize os indices do helm
$ helm repo update
Instale o cert-manager via helm
$ helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--version v1.5.4
Crie o issuer para letsencrypt production
$ vim issuer-prod.yaml
Insira o conteúdo
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: certmanager@gutocarvalho.net
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource that will be used to store the account's private key.
name: letsencrypt-production
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress:
class: nginx
Aplicando
$ kubectl create -f issuer-prod.yaml
Criando o issuer para letsencrypt staging
vim issuer-staging.yaml
Insira o conteúdo
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: nativetrail@gutocarvalho.net
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource that will be used to store the account's private key.
name: letsencrypt-staging
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress:
class: nginx
Aplicando
$ kubectl create -f issuer-staging.yaml
Prontinho!
Annotations
Para production
cert-manager.io/cluster-issuer=letsencrypt-prod
kubernetes.io/ingress.class=nginx
Para staging
cert-manager.io/cluster-issuer=letsencrypt-staging
kubernetes.io/ingress.class=nginx
Refs
https://cert-manager.io/docs/configuration/acme/
Gostou do conteúdo?
Você também me encontra nessas redes!
Mastodon
PixelFed
Lemmy
Matrix
WriteFreely
@gutocarvalho@bolha.blog @notamental@bolha.blog @poesias@bolha.blog @contos@bolha.blog
Bookwyrm
Peertube
Funkwhale
Friendica
Quer saber mais sobre mim?
Visite meus sites!
Conhece o Coletivo Bolha?
Então vem conhecer o bolha.io!
- fediverso
- mastodon, https://bolha.us
- pixelfed, https://bolha.photos
- lemmy, https://bolha.forum
- bookwyrnm, https://bolha.review
- writefreely, https://bolha.blog
- peertube, https://bolha.tube
- funkwhale, https://bolha.studio
- owncast, https://bolha.stream
- friendica, https://bolha.network
- gacio, https://bolha.events
- chat
- matrix/synapse, https://bolha.chat
- element, https://element.bolha.chat
- video
- jitsi, https://bolha.video
- jitsi, https://bolha.video
- agenda
- calcom, https://bolha.in
- frontends
- invidious, https://tube.bolha.tools
- lingvan, https://translate.bolha.tools
- translations
- libretranslate, https://libretranslate.bolha.tools
- editors
- hedgedoc, https://notes.bolha.tools
- draw.io, https://draw.bolha.tools
- wisemaping, https://mindmap.bolha.tools
- mermaid, https://mermaid.bolha.tools
- overleaf, https://overlead.bolha.tools
- cryptpad, https://cryptad.bolha.tools
- secrets sharing
- yopass, https://yopass.bolha.tools
- password pusher, https://pusher.bolha.tools
Nós temos muito mais para compartilhar contigo!
Conhece o HackSpace da Bolha?
Vem conhecer o espaço que usamos para estudar o fediverso!
Nosso site
WriteFreely
Quer apoiar nosso trabalho? Você pode!
- https://www.patreon.com/bolha
- https://apoia.se/bolha
- pix@bolha.us
Te vejo no mastodon da bolha.us!
[s]