Internal TLS 를 위한 CA 생서
Configure Cert-Manager
1. Issuer & ClusterIssuer
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned-issuer
spec:
selfSigned: {}
YAML
복사
2. Certificate
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: selfsigned-cert
spec:
secretName: selfsigned-cert-tls
duration: 2880h # 120d
renewBefore: 360h # 15d
commonName: "mlops.altair-lab.com"
isCA: false
keySize: 2048
keyAlgorithm: rsa
keyEncoding: pkcs1
usages:
- digital signature
- key encipherment
- server auth
issuerRef:
name: selfsigned-issuer
kind: ClusterIssuer
YAML
복사