8단계: cert-manager 설치

이 단계에서는 Apigee Hybrid가 작동하는 데 필요한 cert-manager를 다운로드하고 설치하는 방법을 설명합니다.

cert-manager 설치

  1. 다음 명령어를 사용하여 GitHub에서 cert-manager v1.13.0을 설치합니다.
    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml

    cert-manager 네임스페이스 및 일부 cert-manager 리소스가 생성되었다는 응답이 표시됩니다. 예를 들면 다음과 같습니다.

    customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io configured
    customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io configured
    ...
    mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
    validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
    
  2. 다음 명령어를 사용하여 cert-manager 네임스페이스와 해당 구성요소가 성공적으로 생성되었는지 확인합니다.
    kubectl get all -n cert-manager -o wide

    출력은 다음 예시와 유사해야 합니다. cert-manager, cert-manager-cainjector, cert-manager-webhook의 포드가 표시되어야 합니다.

      NAME                                         READY    STATUS   RESTARTS   AGE     IP           NODE                                    NOMINATED NODE   READINESS GATES
      pod/cert-manager-abcd1234-7hkt9               1/1     Running   0          35s   10.20.x.x    gke-hybrid-on-apigee-data-abcd1234-3d54   <none>           <none>
      pod/cert-manager-cainjector-abcd1234-6lb4k    1/1     Running   0          35s   10.20.x.x    gke-hybrid-apigee-runtime-abcd1234-5hmn   <none>           <none>
      pod/cert-manager-webhook-abcd1234-c8bg9       1/1     Running   0          35s   10.20.x.x    gke-hybrid-apigee-runtime-abcd1234-fk39   <none>           <none>
    
      NAME                           TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE   SELECTOR
      service/cert-manager           ClusterIP   10.24.x.x      <none>        9402/TCP   35s   app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager
      service/cert-manager-webhook   ClusterIP   10.24.x.x      <none>        443/TCP    35s   app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook
    
      NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS                IMAGES                                             SELECTOR
      deployment.apps/cert-manager              1/1     1            1           35s   cert-manager-controller   quay.io/jetstack/cert-manager-controller:v1.13.0   app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager
      deployment.apps/cert-manager-cainjector   1/1     1            1           35s   cert-manager-cainjector   quay.io/jetstack/cert-manager-cainjector:v1.13.0   app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector
      deployment.apps/cert-manager-webhook      1/1     1            1           35s   cert-manager-webhook      quay.io/jetstack/cert-manager-webhook:v1.13.0      app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook
    
      NAME                                                DESIRED   CURRENT   READY   AGE   CONTAINERS                IMAGES                                             SELECTOR
      replicaset.apps/cert-manager-abcd1234                1         1         1       35s   cert-manager-controller   quay.io/jetstack/cert-manager-controller:v1.13.0   app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,pod-template-hash=abcd1234
      replicaset.apps/cert-manager-cainjector-abcd1234     1         1         1       35s   cert-manager-cainjector   quay.io/jetstack/cert-manager-cainjector:v1.13.0   app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,pod-template-hash=abcd1234
      replicaset.apps/cert-manager-webhook-abcd1234        1         1         1       35s   cert-manager-webhook      quay.io/jetstack/cert-manager-webhook:v1.13.0      app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,pod-template-hash=abcd1234

요약

cert-manager가 설치되었으므로 이제 Apigee Hybrid 커스텀 리소스 정의(CRD)를 설치할 수 있습니다.

다음 단계

1 2 3 4 5 6 7 8 (다음) 9단계: CRD 설치 10 11 12