![\"\"](\"https:\/\/artem.services\/wp-content\/uploads\/2018\/12\/GCP-Logo.png\"){kind=logo}
<\/p>\n<\/p>\n
<\/p>\n
GCP<\/strong> will be the DNS<\/strong> provider.<\/span><\/span><\/p>\n <\/p>\n YOUR_GCP_PROJECT<\/strong> — Replace with the name of your GCP<\/strong> project<\/span><\/span><\/p><\/blockquote>\n <\/p>\n Create an account:<\/span><\/span><\/p>\n <\/p>\n We give him access to the DNS<\/strong> service:<\/span><\/span><\/p>\n <\/p>\n We generate the key:<\/span><\/span><\/p>\n <\/p>\n Create a secret based on the generated key:<\/span><\/span><\/p>\n <\/p>\n Create 2 YAML<\/strong> files for ClusterIssuer<\/strong>.<\/span><\/span><\/p>\n <\/p>\n <\/p>\n <\/p>\n Do not forget to specify the name of your GCP<\/strong> project and mailbox.<\/span><\/span><\/p><\/blockquote>\n <\/p>\n Create a ClusterIssuer<\/strong>:<\/span><\/span><\/p>\n <\/p>\n <\/p>\n Ingress<\/strong> example:<\/span><\/span><\/p>\n <\/p>\n artem-services-svc<\/strong> — service name<\/span><\/span> GCP will be the DNS provider. YOUR_GCP_PROJECT — Replace with the name of your GCP project Create an account: We give him access to the DNS service: We generate the key: Create a secret based on the generated key: Create 2 YAML files for ClusterIssuer. letsencrypt-staging.yml … \u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u044c \u0447\u0438\u0442\u0430\u0442\u044c "GKE — Issuer DNS01"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1021],"tags":[1047,1023,1025,1049,549,551],"_links":{"self":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1325"}],"collection":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1325"}],"version-history":[{"count":2,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1325\/revisions"}],"predecessor-version":[{"id":1327,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1325\/revisions\/1327"}],"wp:attachment":[{"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\r\ngcloud iam service-accounts create dns01-solver \\\r\n --display-name "dns01-solver"\r\n<\/pre>\n
\r\ngcloud projects add-iam-policy-binding YOUR_GCP_PROJECT \\\r\n --member serviceAccount:dns01-solver@YOUR_GCP_PROJECT.iam.gserviceaccount.com \\\r\n --role roles\/dns.\r\n<\/pre>\n
\r\ngcloud iam service-accounts keys create key.json \\\r\n --iam-account dns01-solver@YOUR_GCP_PROJECT.iam.gserviceaccount.com\r\n<\/pre>\n
\r\nkubectl create secret generic clouddns-dns01-solver-svc-acct -n cert-manager \\\r\n --from-file=key.json\r\n<\/pre>\n
letsencrypt-staging.yml<\/h3>\n
\r\napiVersion: certmanager.k8s.io\/v1alpha1\r\nkind: ClusterIssuer\r\nmetadata:\r\n name: letsencrypt-staging\r\nspec:\r\n acme:\r\n # The ACME server URL\r\n server: https:\/\/acme-staging-v02.api.letsencrypt.org\/directory\r\n # Email address used for ACME registration\r\n email: noreply@mailserver123.com\r\n # Name of a secret used to store the ACME account private key\r\n privateKeySecretRef:\r\n name: letsencrypt-staging\r\n solvers:\r\n - dns01:\r\n clouddns:\r\n # The ID of the GCP project\r\n project: YOUR_GCP_PROJECT\r\n # This is the secret used to access the service account\r\n serviceAccountSecretRef:\r\n name: clouddns-dns01-solver-svc-acct\r\n key: key.json\r\n<\/pre>\n
letsencrypt-production.yml<\/h3>\n
\r\napiVersion: certmanager.k8s.io\/v1alpha1\r\nkind: ClusterIssuer\r\nmetadata:\r\n name: letsencrypt-production\r\n namespace: cert-manager\r\nspec:\r\n acme:\r\n server: https:\/\/acme-v02.api.letsencrypt.org\/directory\r\n # This will register an issuer with LetsEncrypt. Replace\r\n # with your admin email address.\r\n email: noreply@mailserver123.com\r\n privateKeySecretRef:\r\n # Set privateKeySecretRef to any unused secret name.\r\n name: letsencrypt-production\r\n dns01:\r\n providers:\r\n - name: dns\r\n clouddns:\r\n # Set this to your GCP project-id\r\n project: YOUR_GCP_PROJECT\r\n # Set this to the secret that we publish our service account key\r\n # in the previous step.\r\n serviceAccountSecretRef:\r\n name: clouddns-dns01-solver-svc-acct\r\n key: key.json\r\n<\/pre>\n
\r\nkubectl create -f letsencrypt-staging.yml\r\nkubectl create -f letsencrypt-production.yml\r\n<\/pre>\n
\r\napiVersion: extensions\/v1beta1\r\nkind: Ingress\r\nmetadata:\r\n annotations:\r\n kubernetes.io\/ingress.class: nginx\r\n certmanager.k8s.io\/cluster-issuer: letsencrypt-production\r\n certmanager.k8s.io\/acme-challenge-type: dns01\r\n certmanager.k8s.io\/acme-dns01-provider: dns\r\n name: artem-service-ing\r\n namespace: staging\r\nspec:\r\n tls:\r\n - hosts:\r\n - artem.services\r\n secretName: artem.services-tls\r\n rules:\r\n - host: artem.services\r\n http:\r\n paths:\r\n - path: \/\r\n backend:\r\n serviceName: artem-services-svc\r\n servicePort: 80\r\n<\/pre>\n
\n80<\/strong> — service port<\/span><\/span><\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"