{"id":7144,"date":"2022-12-05T08:55:02","date_gmt":"2022-12-04T23:55:02","guid":{"rendered":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=7144"},"modified":"2022-12-05T09:51:20","modified_gmt":"2022-12-05T00:51:20","slug":"kubernetes-cert-manager","status":"publish","type":"post","link":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=7144","title":{"rendered":"Kubernetes – Cert-manager"},"content":{"rendered":"

Kubernetes – Cert-manager<\/h1>\n

Kubernetes \ud074\ub7ec\uc2a4\ud130\uc5d0 Cert-manager \ub97c \uc124\uce58\ud569\ub2c8\ub2e4.<\/p>\n

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .<\/p>\n

\uc6a9\uc5b4\uc815\ub9ac<\/h2>\n

\"\"<\/a><\/p>\n

cert-manager \ub294 Cluster Issuer \ub97c \uc0dd\uc131\ud569\ub2c8\ub2e4.(\ub8e8\ud2b8 \uc778\uc99d\uc11c, CA)<\/p>\n

Cluster Issuer \ub97c \uc774\uc6a9\ud574 \uac01 Namespace \ubcc4\ub85c Certificate \ub97c \uc0dd\uc131\ud569\ub2c8\ub2e4.<\/p>\n

cert-manager \uc124\uce58<\/h2>\n

k8s \ubc84\uc804\uc744 \ud655\uc778\ud574\uc11c \uc801\uc808\ud55c \ubc84\uc804\uc758 cert-manager \uc744 \uc124\uce58\ud569\ub2c8\ub2e4.<\/p>\n

\uc790\uc138\ud55c \ub0b4\uc6a9\uc740 \uc5ec\uae30<\/a> \uc5d0\uc11c \ud655\uc778\ud569\ub2c8\ub2e4.<\/p>\n

kubectl create namespace cert-manager\nkubectl apply -f https:\/\/github.com\/cert-manager\/cert-manager\/releases\/download\/v1.10.1\/cert-manager.yaml<\/code><\/pre>\n
Issuer \uc0dd\uc131<\/h2>\n
ClusterIssuer \ub294 \ubaa8\ub4e0 Namespace \uc5d0\uc11c \uc0ac\uc6a9 \uac00\ub2a5\ud55c Certificate \ub97c \ubc1c\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
\ud074\ub7ec\uc2a4\ud130 rootCA \ub4f1\ub85d\ub418\uac70\ub098 \ud558\uc9c0\ub294 \uc54a\ub294 \ub4ef \ud569\ub2c8\ub2e4.<\/p>\n
vi selfsigned-issuer.yaml\n---------------------------\napiVersion: cert-manager.io\/v1\nkind: ClusterIssuer\nmetadata:\n  name: selfsigned-issuer\nspec:\n  selfSigned: {}\n---------------------------<\/code><\/pre>\n
kubectl apply -f selfsigned-issuer.yaml<\/code><\/pre>\n
Certificate \uc0dd\uc131<\/h2>\n
Certificate \ub294 Namespace \ub0b4\uc758 \ubaa8\ub4e0 \uc11c\ube44\uc2a4\uc5d0\uc11c \uc0ac\uc6a9\uac00\ub2a5\ud55c \uc778\uc99d\uc11c\ub97c \uc0dd\uc131\ud569\ub2c8\ub2e4.<\/p>\n
vi repository-selfsigned-cert.yaml\n---------------------------\napiVersion: cert-manager.io\/v1\nkind: Certificate\nmetadata:\n  name: repository-selfsigned-cert\n  namespace: default\nspec:\n  secretName: repository-selfsigned-cert-tls\n  duration: 2880h # 120d\n  renewBefore: 360h # 15d\n  commonName: repository.skyer9.pe.kr\n  isCA: false\n  usages:\n    - digital signature\n    - key encipherment\n    - server auth\n  issuerRef:\n    name: selfsigned-issuer\n    kind: ClusterIssuer\n    group: cert-manager.io\n---------------------------<\/code><\/pre>\n
kubectl apply -f repository-selfsigned-cert.yaml<\/code><\/pre>\n
kubectl describe secret repository-selfsigned-cert-tls<\/code><\/pre>\n
\uc778\uc99d\uc11c \ubc30\ud3ec<\/h2>\n
\ucc38\uc870<\/a><\/p>\n
\ubc30\ud3ec\uc2dc yaml \uc5d0 repository-selfsigned-cert-tls \uc744 \uba85\uc2dc\ud574 \uc90d\ub2c8\ub2e4.<\/p>\n
\uc544\ub798 \ucf54\ub4dc\ub294 \ud14c\uc2a4\ud2b8 \uc548\ub41c \ucf54\ub4dc\uc785\ub2c8\ub2e4.!!!<\/p>\n
apiVersion: v1 \nkind: Pod\nmetadata:\n  name: cacheconnectsample\nspec:\n      containers:\n      - name: cacheconnectsample\n        image: cacheconnectsample:v1\n        volumeMounts:\n        - name: repository-selfsigned-cert-tls\n          mountPath: \/etc\/ssl\/certs\n          readOnly: true\n        ports:\n        - containerPort: 80\n        command: [ "dotnet" ]\n        args: [ "cacheconnectsample.dll" ]\n      volumes:\n        - name: repository-selfsigned-cert-tls\n          secret:\n            secretName: repository-selfsigned-cert-tls<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Kubernetes – Cert-manager Kubernetes \ud074\ub7ec\uc2a4\ud130\uc5d0 Cert-manager \ub97c \uc124\uce58\ud569\ub2c8\ub2e4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \uc6a9\uc5b4\uc815\ub9ac cert-manager \ub294 Cluster Issuer \ub97c \uc0dd\uc131\ud569\ub2c8\ub2e4.(\ub8e8\ud2b8 \uc778\uc99d\uc11c, CA) Cluster Issuer \ub97c\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7144","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/7144","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7144"}],"version-history":[{"count":5,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/7144\/revisions"}],"predecessor-version":[{"id":7150,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/7144\/revisions\/7150"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7144"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}