helm gitlab - choisungwook/portfolio GitHub Wiki
- cert-manager 연동 버전
- cert-manager는 기존에 있는 것을 사용하고 isser는 dns-01 solver사용
- 네임서버는 cloudflare사용
helm repo add gitlab https://charts.gitlab.io/
helm repo update
- cert-manager namespace에 helm 설치
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--set installCRDs=true
kubectl create ns gitlab
- cloudflare accesstoken을 생성하고 secret 리소스 생성
공식문서: https://cert-manager.io/docs/configuration/acme/dns01/cloudflare/#api-keys
apiVersion: v1
kind: Secret
metadata:
name: cloudflare-api-token-secret
namespace: gitlab
type: Opaque
stringData:
api-key: <API Key>
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: gitlab-prod
namespace: gitlab
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
# cloudflare email
email: <your@email>
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: gitlab-prod
solvers:
- dns01:
cloudflare:
# cloudflare email
email: <your-email>
apiTokenSecretRef:
name: cloudflare-api-token-secret #cloudflare api token secret
key: api-token
global:
edition: ce
hosts:
domain: choilab.xyz
# externalIP: 192.168.25.80
gitlab:
name: gitlab.choilab.xyz
https: true
registry:
name: registry.choilab.xyz
https: true
minio:
name: minio.choilab.xyz
https: true
ingress:
configureCertmanager: true
annotations:
# cert-manager.io/issuer: "gitlab-prod"
certmanager.k8s.io/issuer: "gitlab-prod"
tls:
enabled: true
certmanager:
install: false
nginx-ingress:
enabled: false
certmanager-issuer:
email: <your-email>