当前位置:网站首页>Kubernetes practical skills: use cert manager to issue free certificates for DNSPod domain names
Kubernetes practical skills: use cert manager to issue free certificates for DNSPod domain names
2022-06-24 12:26:00 【imroc】
This article excerpts from kubernetes Learning notes
summary
If your domain name uses DNSPod management , Want to be in Kubernetes Automatically issue free certificates for domain names on , have access to cert-manager To achieve .
cert-manager Support a lot of dns provider, But it does not support domestic dnspod, however cert-manager Provides Webhook Mechanism to extend provider, The community also has dnspod Of provider Realization . This article will show how to combine cert-manager And cert-manager-webhook-dnspod To achieve dnspod Automatically issue free certificates for domain names on .
Basic knowledge of
It is recommended to read first Use cert-manager Issue free certificates .
establish DNSPod secret key
stay DNSPod Console , stay Key management Create a key in , Then copy the automatically generated ID and Token And save it , For the next step .
install cert-manager-webhook-dnspod
Read the previously recommended articles , Suppose that... Is already installed in the cluster cert-manager, Use helm To install cert-manager-webhook-dnspod .
First prepare for helm The configuration file (dnspod-webhook-values.yaml):
groupName: example.your.domain # Write a logo group The name of , You can write whatever you want secrets: # Will be generated before id and token Paste below apiID: "<ID>" apiToken: "<Token>" clusterIssuer: enabled: true # Automatically create a ClusterIssuer email: [email protected] # Fill in your email address
See... For complete configuration values.yaml
And then use helm Installation :
git clone --depth 1 https://github.com/qqshfox/cert-manager-webhook-dnspod.git helm upgrade --install -n cert-manager -f dnspod-webhook-values.yaml cert-manager-webhook-dnspod ./cert-manager-webhook-dnspod/deploy/cert-manager-webhook-dnspod
Create certificate
establish Certificate Object to issue a free certificate :
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: example-com-crt
namespace: istio-system
spec:
secretName: example-com-crt-secret # The certificate is saved in this secret in
issuerRef:
name: cert-manager-webhook-dnspod-cluster-issuer # Here we use the automatically generated ClusterIssuer
kind: ClusterIssuer
group: cert-manager.io
dnsNames: # Fill in the list of domain names that need to issue certificates , Make sure the domain name is using dnspod Managed
- example.com
- test.example.comWait for the state to become Ready Indicates that the issuance was successful :
$ kubectl -n istio-system get certificates.cert-manager.io NAME READY SECRET AGE example-com-crt True example-com-crt-secret 25d
If the issuance fails, you can describe Take a look at the reason :
kubectl -n istio-system describe certificates.cert-manager.io example-com-crt
Use certificate
After the certificate is successfully issued, it will be saved to our designated secret in , Here are some examples .
stay ingress Use in :
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: test-ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: test.example.com
http:
paths:
- path: /
backend:
serviceName: web
servicePort: 80
tls:
hosts:
- test.example.com
secretName: example-com-crt-secret # Reference Certificate secretstay istio Of ingressgateway Use in :
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: example-gw
namespace: istio-system
spec:
selector:
app: istio-ingressgateway
istio: ingressgateway
servers:
- port:
number: 80
name: HTTP-80
protocol: HTTP
hosts:
- example.com
- test.example.com
tls:
httpsRedirect: true # http Redirect https ( mandatory https)
- port:
number: 443
name: HTTPS-443
protocol: HTTPS
hosts:
- example.com
- test.example.com
tls:
mode: SIMPLE
credentialName: example-com-crt-secret # Reference Certificate secret
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: example-vs
namespace: test
spec:
gateways:
- istio-system/example-gw # Forwarding rules are bound to ingressgateway, Expose the service
hosts:
- 'test.example.com'
http:
- route:
- destination:
host: example
port:
number: 80边栏推荐
- Is it safe to apply for new bonds to open an account
- How to make Baidu quickly include its own personal website?
- 嵌入式必学!硬件资源接口详解——基于ARM AM335X开发板 (上)
- 可变参数模板实现max(接受多个参数,两种实现方式)
- 【老卫搞机】090期:键盘?主机?全功能键盘主机!
- How to calculate the bandwidth of video transmission? How much bandwidth is required to transmit 4K video?
- 链接器 --- Linker
- Embedded must learn! Detailed explanation of hardware resource interface - based on arm am335x development board (Part 2)
- 11+! 结肠癌中基于 m6A 调节因子的甲基化修饰模式以不同的肿瘤微环境免疫谱为特征
- d的10个0符
猜你喜欢
如何优雅的写 Controller 层代码?
Tools and methods - use code formatting tools in source insight
计组-总复习
Opencv learning notes - regions of interest (ROI) and image blending
保险APP适老化服务评测分析2022第06期
How stupid of me to hire a bunch of programmers who can only "Google"!
【老卫搞机】090期:键盘?主机?全功能键盘主机!
How to write controller layer code gracefully?
【Go语言刷题篇】Go从0到入门4:切片的高级用法、初级复习与Map入门学习
FreeRTOS概述与体验
随机推荐
ArrayList # sublist these four holes, you get caught accidentally
【直播回顾】战码先锋第七期:三方应用开发者如何为开源做贡献
How to calculate the bandwidth of video transmission? How much bandwidth is required to transmit 4K video?
怎样申购打新债 开户是安全的吗
GTest从入门到入门
Opencv learning notes - cv:: mat class
我真傻,招了一堆只会“谷歌”的程序员!
美团基于 Flink 的实时数仓平台建设新进展
Discussion on redis communication protocol
How to evaluate software development projects reasonably?
Speculation London gold short-term stable money making skills? Where is it safe to fry London gold?
最新热点:使用铜死亡相关基因进行肿瘤预后分型!
[day ui] alert component learning
Cloud native database: the outlet of the database, you can also take off
Collation of related papers on root cause analysis
打新债的条件 开户是安全的吗
Based on am335x development board arm cortex-a8 -- acontis EtherCAT master station development case
The operation and maintenance boss laughed at me. Don't you know that?
[redisson] analysis of semaphore lock source code
Installation and operation of libuv