共计 1410 个字符,预计需要花费 4 分钟才能阅读完成。
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: [email protected] # 接收提醒邮箱
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- dns01:
cloudflare:
email: [email protected] # CF 邮箱
apiKeySecretRef:
name: cloudflare
key: global-api-key
---
apiVersion: v1
kind: Secret
metadata:
name: cloudflare
namespace: cert-manager
stringData:
global-api-key: "global-api-key" # CF global key
gateway:
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: istio
namespace: istio-system
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
gatewayClassName: istio
listeners:
- port: 443
name: https-web-gw
hostname: "*.xxx.com"
protocol: "HTTPS"
allowedRoutes:
namespaces:
from: All
tls:
mode: Terminate
certificateRefs:
- name: web-tls验证:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.20-alpine
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: default
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: nginx-http-route
namespace: default
spec:
parentRefs:
- name: istio
namespace: istio-system
hostnames:
- "nginx.xxx.com"
rules:
- matches:
- path:
type: PathPrefix
value: "/"
backendRefs:
- name: nginx-service
port: 80
---
正文完