본문 바로가기
DevOps

Harbor (cert-manager)

by 이강복 2023. 10. 13.

cert-manager로 let's encrypt 적용

cert-manager

kubectl create namespace cert-manager

# Add the Jetstack Helm repository
helm repo add jetstack https://charts.jetstack.io

# Update your local Helm chart repository cache
helm repo update

# Install the cert-manager Helm chart
helm install cert-manager jetstack/cert-manager \\
  --namespace cert-manager \\
  --version=v1.8.0 \\
  --set installCRDs=true \\
  --set nodeSelector."kubernetes\\.io/os"=linux

certificate.yaml

# certificate.yaml
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: tls-secret
  namespace: harbor
spec:
  secretName: tls-secret
  privateKey:
    rotationPolicy: Always
  commonName: harbor.k-tech.cloud
  dnsNames:
    - harbor.k-tech.cloud
  usages:
    - digital signature
    - key encipherment
    - server auth
  issuerRef:
    name: letsencrypt
    kind: ClusterIssuer

cluster-issuer.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: kangbock0827@naver.com
    privateKeySecretRef:
      name: letsencrypt
    solvers:
    - http01:
        ingress:
          class: nginx
          podTemplate:
            spec:
              nodeSelector:
                "kubernetes.io/os": linux

kubectl apply -f certificate.yaml

kubectl apply -f cluster-issuer.yaml

Harbor 구성

harbor.sh

#!/bin/bash
#helm install
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

sleep 5

# ingress-controller

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

helm install ingress-nginx ingress-nginx/ingress-nginx \\
  --set controller.service.annotations."service\\.beta\\.kubernetes\\.io/azure-load-balancer-health-probe-request-path"=/healthz

sleep 5

# repo 등록
helm repo add harbor https://helm.goharbor.io

# 압축파일 다운로드
helm fetch harbor/harbor --untar

# namespace 생성
kubectl create ns harbor

# env
sed -i 's/core.harbor.domain/harbor.k-tech.cloud/g' ~/harbor/values.yaml
sed -i 's/className: ""/className: "nginx"/g' ~/harbor/values.yaml
sed -i '19 s/certSource: auto/certSource: secret/g' ~/harbor/values.yaml
sed -i '28 s/secretName: ""/secretName: tls-secret/g' ~/harbor/values.yaml
sed -i '/# for Envoy/a\\      cert-manager.io/cluster-issuer: letsencrypt' harbor/values.yaml

sleep 5

# harbor deploy
helm install harbor -f ~/harbor/values.yaml ~/harbor/. -n harbor

'DevOps' 카테고리의 다른 글

Istio  (0) 2023.11.13
Slack Notification  (1) 2023.10.31
FortiGate 방화벽의 SNMP 를 이용한 Grafana Dashboard  (0) 2023.10.10
Jenkins + Argo CD (kaniko, harbor, cert-manager)  (0) 2023.08.11
Dapr with AKS  (0) 2023.06.09

관련글

티스토리툴바