分享交流
合作共赢!

Kubernetes/K8S基础使用方法总结【二十七】——Istio通过cert-manager配置Let'sEncrypt证书

说明:

如下实例介绍的是在istio做流量管理集群中配置Let’sEncrypte域名证书的内容。如果想要基于k8s的ingress配置Let’sEncrypte域名证书,请参考如下文章:

Kubernetes/K8S基础使用方法总结【二十三】——cert-manager的部署和使用

1.先创建issuer资源(我这里直接创建cluster-issuer来使用)

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod-cluster
  namespace: istio-system
spec:
  acme:
    email: jakeli@jakeli.com 
    server: https://acme-v02.api.letsencrypt.org/directory 
    privateKeySecretRef:
      name: letsencrypt-prod-cluster
    solvers:
    - http01:
        ingress:
          class: istio

2.创建certificates

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: devops-jakeli
  namespace: istio-system
spec:
  secretName: devops-jakeli-cert-prod 
  duration: 2160h # 90d
  renewBefore: 360h # 15d
  isCA: false
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048
  usages:
    - server auth
    - client auth
  dnsNames:
    - "code.devops.jakeli.com"
    - "coder.devops.jakeli.com"
    - "nginx.devops.jakeli.com"
  issuerRef:
    name: letsencrypt-prod-cluster
    kind: ClusterIssuer
    group: cert-manager.io

3.创建gateway

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  labels:
    release: istio
  name: gateway 
  namespace: default 
spec:
  selector:
    app: istio-ingressgateway
    istio: ingressgateway
  servers:
  - hosts:
    - "*.devops.jakeli.com"
    port:
      name: http
      number: 80
      protocol: HTTP
  - hosts:
    - '*'
    port:
      name: https
      number: 443
      protocol: HTTPS
    tls:
      mode: SIMPLE
      credentialName: devops-jakeli-cert-prod

4.创建virtual Service

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: nginx 
  namespace: kube-public
spec:
  hosts:
  - "nginx.devops.jakeli.com"
  gateways:
  - "default/gateway"
  http:
  - match:
    - uri:
        exact: /
    route:
    - destination:
        host: "nginx.kube-public.svc.cluster.local"
        port:
          number: 80

参考:https://medium.com/@rd.petrusek/kubernetes-istio-cert-manager-and-lets-encrypt-c3e0822a3aaf

赞(0) 打赏
未经允许不得转载:琼杰笔记 » Kubernetes/K8S基础使用方法总结【二十七】——Istio通过cert-manager配置Let'sEncrypt证书

评论 抢沙发

评论前必须登录!

 

分享交流,合作共赢!

联系我们加入QQ群

觉得文章有用就打赏一下文章作者

非常感谢你的打赏,我们将继续给力更多优质内容,让我们一起创建更加美好的网络世界!

支付宝扫一扫打赏

微信扫一扫打赏

登录

找回密码

注册