ControlPlane@ControlPlane:~$ sudo microk8s.add-node
[sudo] password for ControlPlane:
Sorry, try again.
[sudo] password for ControlPlane:
From the node you wish to join to this cluster, run the following:
microk8s join 192.168.0.200:25000/5851de8887e1a4abe808801f0300e850/7a8ff69488c6
Use the '--worker' flag to join a node as a worker not running the control plane, eg:
microk8s join 192.168.0.200:25000/5851de8887e1a4abe808801f0300e850/7a8ff69488c6 --worker
If the node you are adding is not reachable through the default interface you can use one of the following:
microk8s join 192.168.0.200:25000/5851de8887e1a4abe808801f0300e850/7a8ff69488c6
microk8s join 172.17.0.1:25000/5851de8887e1a4abe808801f0300e850/7a8ff69488c6
Helm설치 후 cert-magager 설치 후 SSL/TCL 인증서 발급 및 도메인 연결
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
# Let's Encrypt 스테이징 서버의 URL
server: <https://acme-staging-v02.api.letsencrypt.org/directory>
email: [email protected]
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- http01:
ingress:
class: nginx
grafanamk8s-certificate.yaml
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: grafanamk8s.info
namespace: cert-manager
spec:
secretName: grafanamk8s.info-tls
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
commonName: grafanamk8s.info
dnsNames:
- grafanamk8s.info
- www.grafanamk8s.info
kubectl apply -f grafanamk8s-certificate.yaml
ControlPlane@ControlPlane:~/yamls$ kubectl describe certificate grafanamk8s -n cert-manager
Name: grafanamk8s.info
Namespace: cert-manager
Labels: <none>
Annotations: <none>
API Version: cert-manager.io/v1
Kind: Certificate
Metadata:
Creation Timestamp: 2024-03-22T11:59:57Z
Generation: 1
Resource Version: 38365
UID: 957943df-add4-4221-b0c4-15bd773fe6cb
Spec:
Common Name: grafanamk8s.info
Dns Names:
grafanamk8s.info
www.grafanamk8s.info
Issuer Ref:
Kind: ClusterIssuer
Name: letsencrypt-staging
Secret Name: grafanamk8s.info-tls
Status:
Conditions:
Last Transition Time: 2024-03-22T11:59:57Z
Message: Issuing certificate as Secret does not exist
Observed Generation: 1
Reason: DoesNotExist
Status: True
Type: Issuing
Last Transition Time: 2024-03-22T11:59:57Z
Message: Issuing certificate as Secret does not exist
Observed Generation: 1
Reason: DoesNotExist
Status: False
Type: Ready
Next Private Key Secret Name: grafanamk8s.info-crbxs
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Issuing 2m26s cert-manager Issuing certificate as Secret does not exist
Normal Generated 2m26s cert-manager Stored new private key in temporary Secret resource "grafanamk8s.info-crbxs"
Normal Requested 2m26s cert-manager Created new CertificateRequest resource "grafanamk8s.info-2q4kx"
kubectl apply -f grafanamk8s-clusterissuer-file.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: [email protected]
server: <https://acme-v02.api.letsencrypt.org/directory>
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
kubectl describe certificate your-domain-tls -n your-namespace
grafanamk8s-tls.yaml
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: grafanamk8s-tls
namespace: grafanamk8s
spec:
secretName: grafanamk8s-tls-secret
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: grafanamk8s.info
dnsNames:
- grafanamk8s.info
- www.grafanamk8s.info
인증서 발급 상황 모니터링
kubectl describe certificate grafanamk8s-tls -n grafanamk8s
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grafana-ingress
namespace: grafanamk8s # Grafana 서비스가 있는 네임스페이스를 지정하세요.
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
# 필요한 경우 추가적인 설정이나 어노테이션을 포함할 수 있습니다.
# 예: HTTPS를 위한 인증서 설정 등
spec:
rules:
- host: grafanamk8s.info
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grafana # Grafana 서비스의 이름
port:
number: 80 # Grafana 서비스가 사용하는 포트 번호
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grafana-ingress
namespace: grafanamk8s
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
tls:
- hosts:
- grafanamk8s.info
- www.grafanamk8s.info
secretName: grafanamk8s-tls-secret
rules:
- host: grafanamk8s.info
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grafana-service
port:
number: 80
- host: www.grafanamk8s.info
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grafana-service
port:
number: 80
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grafana-ingress
namespace: grafanamk8s
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: "nginx" # 변경된 부분
tls:
- hosts:
- grafanamk8s.info
- www.grafanamk8s.info
secretName: grafanamk8s-tls-secret
rules:
- host: grafanamk8s.info
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grafana-service
port:
number: 80
- host: www.grafanamk8s.info
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grafana-service
port:
number: 80