LoginSignup
1
1

More than 3 years have passed since last update.

@iqustechtips(iQus TechTips)

Kubernetes + cert-manager + letsencrypt + ingress-nginx-controller環境構築

Last updated at Posted at 2021-02-13

参考にしたサイト
https://medium.com/better-programming/how-to-expose-your-services-with-kubernetes-ingress-7f34eb6c9b5a

サンプル用のサービス作成

simple-service.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hellok8s-deployment
  labels:
    app: hellok8s
spec:
  selector:
    matchLabels:
      app: hellok8s
  template:
    metadata:
      labels:
        app: hellok8s
    spec:
      containers:
      - name: hellok8s
        image: docker.io/rlkamradt/hellok8s:latest
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: hellok8s-service
spec:
  type: ClusterIP
  selector:
    app: hellok8s
  ports:
  - port: 8080
    targetPort: 8080

Ingress-nginx-controller作成

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/deploy.yaml

Ingress-nginx-controllerサービス情報編集

kubectl edit service ingress-nginx-controller -n ingress-nginx

- type: NodePort
+ type: LoadBalancer
+ externalIPs:
+ - 192.168.0.xx

ClusterIssuerの作成
当たり前だが、ルータのポート80を対象マシン向けにポート変換指定しておかないと認証が失敗するので注意(1敗)

letsencrypt-prod.yaml
apiVersion: cert-manager.io/v1alpha3
kind: ClusterIssuer
metadata:
  name: letsencrypt-production
spec:
  acme:
    email: yourmailaddress
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-production
    solvers:
    - http01:
        ingress:
          class: nginx

Ingressの作成

simple-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "letsencrypt-production"
spec:
  tls:
  - hosts:
    - yourdomain
    secretName: test-tls-prod
  rules:
  - host: yourdomain
    http:
      paths:
      - path: /testpath
        backend:
          serviceName: hellok8s-service
          servicePort: 8080

接続確認
image.png
image.png
image.png

1
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
1