k8s \ubc84\uc804\uc744 \ud655\uc778\ud574\uc11c \uc801\uc808\ud55c \ubc84\uc804\uc758 cert-manager \uc744 \uc124\uce58\ud569\ub2c8\ub2e4.<\/p>\n \uc790\uc138\ud55c \ub0b4\uc6a9\uc740 \uc5ec\uae30<\/a> \uc5d0\uc11c \ud655\uc778\ud569\ub2c8\ub2e4.<\/p>\n ClusterIssuer \ub294 \ubaa8\ub4e0 Namespace \uc5d0\uc11c \uc0ac\uc6a9 \uac00\ub2a5\ud55c Certificate \ub97c \ubc1c\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n Kubernetes – Cert-manager 2025 Kubernetes \ud074\ub7ec\uc2a4\ud130\uc5d0 Cert-manager \ub97c \uc124\uce58\ud569\ub2c8\ub2e4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \uc6a9\uc5b4\uc815\ub9ac CA\ub294 Certificate Authority(\uc778\uc99d \uae30\uad00)\uc758 \uc904\uc784\ub9d0\uc785\ub2c8\ub2e4. \ubc84\uc804 \ud655\uc778 kubectl version Client\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-10592","post","type-post","status-publish","format-standard","hentry","category-kubernetes"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/10592","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10592"}],"version-history":[{"count":11,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/10592\/revisions"}],"predecessor-version":[{"id":10606,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/10592\/revisions\/10606"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/www.skyer9.pe.kr\/wordpress\/wp-content\/uploads\/2022\/12\/2022-12-05-01.png\")
<\/a><\/p>\n\ubc84\uc804 \ud655\uc778<\/h2>\n
kubectl version\nClient Version: v1.29.15\nKustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3\nServer Version: v1.29.15\n\n# cert-manager version\n# 1.18.2<\/code><\/pre>\ncert-manager \uc124\uce58<\/h2>\n
kubectl apply -f https:\/\/github.com\/cert-manager\/cert-manager\/releases\/download\/v1.18.2\/cert-manager.yaml<\/code><\/pre>\n\uc6a9\uc5b4\uc815\ub9ac<\/h2>\n
\n\n
\n \n\uac1c\ub150<\/th>\n \uc124\uba85<\/th>\n<\/tr>\n<\/thead>\n \n Issuer<\/td>\n \ub124\uc784\uc2a4\ud398\uc774\uc2a4 \ubc94\uc704\uc5d0\uc11c \uc778\uc99d\uc11c\ub97c \ubc1c\uae09\ud560 \uc218 \uc788\uac8c \ud574\uc8fc\ub294 \ub9ac\uc18c\uc2a4<\/td>\n<\/tr>\n \n ClusterIssuer<\/td>\n \ud074\ub7ec\uc2a4\ud130 \uc804\uccb4 \ubc94\uc704\uc5d0\uc11c \uc778\uc99d\uc11c \ubc1c\uae09 \uac00\ub2a5<\/td>\n<\/tr>\n \n Certificate<\/td>\n \uc2e4\uc81c\ub85c \ubc1c\uae09\ubc1b\uace0\uc790 \ud558\ub294 \uc778\uc99d\uc11c \uc815\uc758<\/td>\n<\/tr>\n \n issuerRef<\/td>\n \uc5b4\ub5a4 Issuer\ub97c \uc0ac\uc6a9\ud560\uc9c0 \uc9c0\uc815<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n Root CA \uc0dd\uc131\uc744 \uc704\ud55c ClusterIssuer \uc0dd\uc131<\/h2>\n
vi selfsigned-cluster-issuer.yaml\n---------------------------\napiVersion: cert-manager.io\/v1\nkind: ClusterIssuer\nmetadata:\n name: selfsigned-cluster-issuer\nspec:\n selfSigned: {}\n---------------------------<\/code><\/pre>\nkubectl apply -f selfsigned-cluster-issuer.yaml<\/code><\/pre>\nRoot CA \uc6a9 Certificate \ubc1c\uae09<\/h2>\n
vi root-ca.yaml\n---------------------------\napiVersion: cert-manager.io\/v1\nkind: Certificate\nmetadata:\n name: root-ca\n namespace: cert-manager\nspec:\n isCA: true\n commonName: "Private CA Cert"\n secretName: root-ca-secret\n duration: 87600h # 10\ub144\n privateKey:\n algorithm: RSA\n size: 2048\n rotationPolicy: Never # \ub610\ub294 Always\n issuerRef:\n name: selfsigned-cluster-issuer\n kind: ClusterIssuer\n---------------------------<\/code><\/pre>\nkubectl apply -f root-ca.yaml<\/code><\/pre>\nkubectl describe secret root-ca-secret -n cert-manager<\/code><\/pre>\nRoot CA \ub97c \ud1b5\ud574 \ubc1c\uae09\ud55c Certificate \uc758 Issuer \ub4f1\ub85d<\/h2>\n
vi ca-cluster-issuer.yaml\n---------------------------\napiVersion: cert-manager.io\/v1\nkind: ClusterIssuer\nmetadata:\n name: ca-cluster-issuer\nspec:\n ca:\n secretName: root-ca-secret\n---------------------------<\/code><\/pre>\nkubectl apply -f ca-cluster-issuer.yaml<\/code><\/pre>\n\uc124\uce58\uc0c1\ud0dc \ud655\uc778<\/h2>\n
kubectl get all -n cert-manager<\/code><\/pre>\nNameSpace \uc778\uc99d\uc11c \ubc1c\uae09<\/h2>\n
vi example-wildcard-cert.yaml\n---------------------------\napiVersion: cert-manager.io\/v1\nkind: Certificate\nmetadata:\n name: example-wildcard-cert\n namespace: example\nspec:\n secretName: example-wildcard-tls\n commonName: "*.local.example"\n dnsNames:\n - "*.local.example"\n - "gitlab.example.com" # \ub8e8\ud2b8 \ub3c4\uba54\uc778\ub3c4 \ud3ec\ud568\ud558\ub824\uba74 \uba85\uc2dc\uc801\uc73c\ub85c \uc791\uc131\n issuerRef:\n name: ca-cluster-issuer\n kind: ClusterIssuer\n duration: 8760h # 1\ub144\n privateKey:\n algorithm: RSA\n size: 2048\n rotationPolicy: Never # \ub610\ub294 Always\n---------------------------<\/code><\/pre>\nkubectl create namespace example<\/code><\/pre>\nkubectl apply -f example-wildcard-cert.yaml<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"