![\"\"](\"https:\/\/artem.services\/wp-content\/uploads\/2018\/12\/GCP-Logo.png\"){kind=logo}
<\/p>\n<\/p>\n
<\/p>\n
\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 DNS Provider<\/strong>'\u0430 \u0431\u0443\u0434\u0435\u0442 \u0432\u044b\u0441\u0442\u0443\u043f\u0430\u0442\u044c GCP<\/strong>.<\/p>\n <\/p>\n YOUR_GCP_PROJECT<\/strong> — \u0417\u0430\u043c\u0435\u043d\u0438\u0442\u0435 \u043d\u0430 \u0438\u043c\u044f \u0441\u0432\u043e\u0435\u0433\u043e GCP<\/strong> \u043f\u0440\u043e\u0435\u043a\u0442\u0430<\/p><\/blockquote>\n <\/p>\n \u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0430\u043a\u043a\u0430\u0443\u043d\u0442:<\/p>\n <\/p>\n \u041f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f \u043a DNS<\/strong> \u0441\u0435\u0440\u0432\u0438\u0441\u0443:<\/p>\n <\/p>\n \u0413\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u043c \u043a\u043b\u044e\u0447:<\/p>\n <\/p>\n \u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0441\u0435\u043a\u0440\u0435\u0442 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430:<\/p>\n <\/p>\n \u0421\u043e\u0437\u0434\u0430\u0435\u043c 2 YAML<\/strong> \u0444\u0430\u0439\u043b\u0430 \u0434\u043b\u044f ClusterIssuer<\/strong>.<\/p>\n <\/p>\n <\/p>\n <\/p>\n \u041d\u0435 \u0437\u0430\u0431\u044b\u0432\u0430\u0435\u043c \u0443\u043a\u0430\u0437\u0430\u0442\u044c \u0438\u043c\u044f \u0441\u0432\u043e\u0435\u0433\u043e GCP<\/strong> \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0439 \u044f\u0449\u0438\u043a.<\/p><\/blockquote>\n <\/p>\n \u0421\u043e\u0437\u0434\u0430\u0435\u043c ClusterIssuer<\/strong>:<\/p>\n <\/p>\n <\/p>\n \u041f\u0440\u0438\u043c\u0435\u0440 Ingress<\/strong>'\u0430:<\/p>\n <\/p>\n artem-services-svc<\/strong> — \u0438\u043c\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u0430 \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 DNS Provider'\u0430 \u0431\u0443\u0434\u0435\u0442 \u0432\u044b\u0441\u0442\u0443\u043f\u0430\u0442\u044c GCP. YOUR_GCP_PROJECT — \u0417\u0430\u043c\u0435\u043d\u0438\u0442\u0435 \u043d\u0430 \u0438\u043c\u044f \u0441\u0432\u043e\u0435\u0433\u043e GCP \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0430\u043a\u043a\u0430\u0443\u043d\u0442: \u041f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f \u043a DNS \u0441\u0435\u0440\u0432\u0438\u0441\u0443: \u0413\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u043c \u043a\u043b\u044e\u0447: \u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0441\u0435\u043a\u0440\u0435\u0442 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430: \u0421\u043e\u0437\u0434\u0430\u0435\u043c 2 YAML \u0444\u0430\u0439\u043b\u0430 \u0434\u043b\u044f ClusterIssuer. letsencrypt-staging.yml letsencrypt-production.yml \u041d\u0435 \u0437\u0430\u0431\u044b\u0432\u0430\u0435\u043c \u0443\u043a\u0430\u0437\u0430\u0442\u044c \u0438\u043c\u044f \u0441\u0432\u043e\u0435\u0433\u043e GCP … \u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u044c \u0447\u0438\u0442\u0430\u0442\u044c "GKE — Issuer DNS01"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[87],"tags":[1037,69,937,1039,18,17],"_links":{"self":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1321"}],"collection":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1321"}],"version-history":[{"count":3,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1321\/revisions"}],"predecessor-version":[{"id":1324,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1321\/revisions\/1324"}],"wp:attachment":[{"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1321"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1321"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1321"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\r\ngcloud iam service-accounts create dns01-solver \\\r\n --display-name "dns01-solver"\r\n<\/pre>\n
\r\ngcloud projects add-iam-policy-binding YOUR_GCP_PROJECT \\\r\n --member serviceAccount:dns01-solver@YOUR_GCP_PROJECT.iam.gserviceaccount.com \\\r\n --role roles\/dns.\r\n<\/pre>\n
\r\ngcloud iam service-accounts keys create key.json \\\r\n --iam-account dns01-solver@YOUR_GCP_PROJECT.iam.gserviceaccount.com\r\n<\/pre>\n
\r\nkubectl create secret generic clouddns-dns01-solver-svc-acct -n cert-manager \\\r\n --from-file=key.json\r\n<\/pre>\n
letsencrypt-staging.yml<\/h3>\n
\r\napiVersion: certmanager.k8s.io\/v1alpha1\r\nkind: ClusterIssuer\r\nmetadata:\r\n name: letsencrypt-staging\r\nspec:\r\n acme:\r\n # The ACME server URL\r\n server: https:\/\/acme-staging-v02.api.letsencrypt.org\/directory\r\n # Email address used for ACME registration\r\n email: noreply@mailserver123.com\r\n # Name of a secret used to store the ACME account private key\r\n privateKeySecretRef:\r\n name: letsencrypt-staging\r\n solvers:\r\n - dns01:\r\n clouddns:\r\n # The ID of the GCP project\r\n project: YOUR_GCP_PROJECT\r\n # This is the secret used to access the service account\r\n serviceAccountSecretRef:\r\n name: clouddns-dns01-solver-svc-acct\r\n key: key.json\r\n<\/pre>\n
letsencrypt-production.yml<\/h3>\n
\r\napiVersion: certmanager.k8s.io\/v1alpha1\r\nkind: ClusterIssuer\r\nmetadata:\r\n name: letsencrypt-production\r\n namespace: cert-manager\r\nspec:\r\n acme:\r\n server: https:\/\/acme-v02.api.letsencrypt.org\/directory\r\n # This will register an issuer with LetsEncrypt. Replace\r\n # with your admin email address.\r\n email: noreply@mailserver123.com\r\n privateKeySecretRef:\r\n # Set privateKeySecretRef to any unused secret name.\r\n name: letsencrypt-production\r\n dns01:\r\n providers:\r\n - name: dns\r\n clouddns:\r\n # Set this to your GCP project-id\r\n project: YOUR_GCP_PROJECT\r\n # Set this to the secret that we publish our service account key\r\n # in the previous step.\r\n serviceAccountSecretRef:\r\n name: clouddns-dns01-solver-svc-acct\r\n key: key.json\r\n<\/pre>\n
\r\nkubectl create -f letsencrypt-staging.yml\r\nkubectl create -f letsencrypt-production.yml\r\n<\/pre>\n
\r\napiVersion: extensions\/v1beta1\r\nkind: Ingress\r\nmetadata:\r\n annotations:\r\n kubernetes.io\/ingress.class: nginx\r\n certmanager.k8s.io\/cluster-issuer: letsencrypt-production\r\n certmanager.k8s.io\/acme-challenge-type: dns01\r\n certmanager.k8s.io\/acme-dns01-provider: dns\r\n name: artem-service-ing\r\n namespace: staging\r\nspec:\r\n tls:\r\n - hosts:\r\n - artem.services\r\n secretName: artem.services-tls\r\n rules:\r\n - host: artem.services\r\n http:\r\n paths:\r\n - path: \/\r\n backend:\r\n serviceName: artem-services-svc\r\n servicePort: 80\r\n<\/pre>\n
\n80<\/strong> — \u043f\u043e\u0440\u0442 \u0441\u0435\u0440\u0432\u0438\u0441\u0430<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"