{"id":2318,"date":"2020-05-22T22:35:40","date_gmt":"2020-05-22T13:35:40","guid":{"rendered":"http:\/\/blue-bear.jp\/kb\/?p=2318"},"modified":"2020-06-20T12:53:55","modified_gmt":"2020-06-20T03:53:55","slug":"gke-ingress-nginx%e9%85%8d%e4%b8%8b%e3%81%aeweb%e3%82%b5%e3%83%bc%e3%83%90%e7%94%a8%e3%81%aessl%e8%a8%bc%e6%98%8e%e6%9b%b8%e3%82%92cert-manager%e3%81%a7%e4%bb%98%e4%b8%8e%e3%81%97%e3%81%a6ssl","status":"publish","type":"post","link":"https:\/\/blue-bear.jp\/kb\/gke-ingress-nginx%e9%85%8d%e4%b8%8b%e3%81%aeweb%e3%82%b5%e3%83%bc%e3%83%90%e7%94%a8%e3%81%aessl%e8%a8%bc%e6%98%8e%e6%9b%b8%e3%82%92cert-manager%e3%81%a7%e4%bb%98%e4%b8%8e%e3%81%97%e3%81%a6ssl\/","title":{"rendered":"[GKE] ingress-nginx\u914d\u4e0b\u306eweb\u30b5\u30fc\u30d0\u7528\u306eSSL\u8a3c\u660e\u66f8\u3092cert-manager\u3067\u4ed8\u4e0e\u3057\u3066SSL\u5316\u2192Redirect\u8fbc\u307f"},"content":{"rendered":"

GKE(Google Kubernetes Engine)\u3067\u52d5\u4f5c\u3057\u3066\u3044\u308bingress-nginx\u914d\u4e0b\u306eweb\u30b5\u30fc\u30d0\u7528\u306bSSL\u8a3c\u660e\u66f8\u3092\u4ed8\u4e0e\u3057\u3001\u30b5\u30a4\u30c8\u3092SSL\u5316\u3059\u308b\u65b9\u6cd5\u3092\u8a18\u8ff0\u3059\u308b<\/p>\n

Kubernetes\u4e0a\u306e\u30b3\u30f3\u30c6\u30caWEB\u30b5\u30a4\u30c8\u306eSSL\u5316\u306f\u3044\u308d\u3044\u308d\u3042\u308b\uff08Cloud CDN, Loadbalancer\u3067SSL\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3057\u3066\u3082\u3089\u3046\u65b9\u6cd5\uff09\u304c\u3001GKE\u306e\u90fd\u5408\u4e0a15\u306e\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\u5206\u3057\u304b\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3067\u304d\u306a\u3044\u306e\u3067\u3001let’s encrypt\u306ecert-manager\u30b3\u30f3\u30c6\u30ca\u3092\u5efa\u3066\u3001SSL\u767a\u884c\u2192ingress-nginx\u3067\u4f7f\u7528\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u305f\u3002<\/p>\n

Let’s Encrypt\u306e\u8a3c\u660e\u66f8\u767a\u884c\u306b\u3082\u5236\u9650\u304c\u3042\u308b\u304c\u3001GKE\u3088\u308a\u3082\u7de9\u304f\u3001\u6bce\u903150\u500b\u306e\u30c9\u30e1\u30a4\u30f3\u7528\u306e\u8a3c\u660e\u66f8\u304c\u767a\u884c\u3067\u304d\u308b\uff08https:\/\/letsencrypt.org\/ja\/docs\/rate-limits\/<\/a>\uff09<\/p>\n

http\u3067\u30a2\u30af\u30bb\u30b9\u3057\u3066\u3082https\u306bRedirect\u3059\u308bannotation\u3092\u4ed8\u4e0e\u3059\u308c\u3070Redirect\u3082\u53ef\u80fd\u3068\u306a\u3063\u3066\u3044\u308b\u3002<\/p>\n

 <\/p>\n

Helm\u3068Tiller\u3092\u4f7f\u7528\u3057\u3066cert-manager\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h2>\n

Kubernetes\u306bHelm\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/p>\n

kubectl apply --validate=false -f https:\/\/raw.githubusercontent.com\/jetstack\/cert-manager\/v0.13.1\/deploy\/manifests\/00-crds.yaml<\/pre>\n
\u540d\u524d\u7a7a\u9593\u3082\u4f5c\u6210\u3057\u3066\u304a\u304f<\/p>\n
kubectl create namespace cert-manager\r\n<\/code><\/pre>\n
Tiller\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/p>\n
kubectl create serviceaccount tiller --namespace=kube-system<\/pre>\n
helm init --service-account=tiller<\/pre>\n
Repository\u3092\u8ffd\u52a0<\/p>\n
helm repo add jetstack https:\/\/charts.jetstack.io<\/pre>\n
Repositoty\u3092Update<\/p>\n
helm repo update<\/pre>\n
Helm\u3092\u4f7f\u7528\u3057\u3066cert-manager\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3002<\/p>\n
helm install \\\r\n --name cert-manager \\\r\n --namespace cert-manager \\\r\n --version v0.13.1 \\\r\n jetstack\/cert-manager<\/pre>\n
 <\/p>\n
\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u5f8c\u306b3\u3064\u306epod\u304c\u4f5c\u6210\u2192\u7a3c\u50cd\u3057\u3066\u3044\u308c\u3070\u554f\u984c\u306a\u304f\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u308b<\/p>\n
$ kubectl get pods --namespace cert-manager\r\n\r\nNAME READY STATUS RESTARTS AGE\r\ncert-manager-5c6866597-zw7kh 1\/1 Running 0 2m\r\ncert-manager-cainjector-577f6d9fd7-tr77l 1\/1 Running 0 2m\r\ncert-manager-webhook-787858fcdb-nlzsq 1\/1 Running 0 2m<\/pre>\n
\u3082\u3057\u3001cert-manager-cainjector\u304c\u518d\u8d77\u52d5\u3092\u7e70\u308a\u8fd4\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u3001<\/p>\n
[GKE] Cert-Manager\u3092deploy\u3059\u308b\u3068cert-manager-cainjector\u4e0a\u3067crashloopbackoff\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u305f\u4ef6<\/a><\/p>\n
\u3092\u53c2\u7167\u306e\u3053\u3068\u3002<\/p>\n
 <\/p>\n
Cert-Manager\u306e\u52d5\u4f5c\u30c6\u30b9\u30c8<\/h2>\n
\u30c6\u30b9\u30c8\u306eIssuer\u3092\u4f5c\u6210\u3057\u3066\u8a3c\u660e\u66f8\u304c\u4f5c\u6210\u3055\u308c\u308b\u3053\u3068\u3092\u78ba\u8a8d<\/p>\n
$ cat <<EOF > test-resources.yaml\r\napiVersion: v1\r\nkind: Namespace\r\nmetadata:\r\n  name: cert-manager-test\r\n---\r\napiVersion: cert-manager.io\/v1alpha2\r\nkind: Issuer\r\nmetadata:\r\n  name: test-selfsigned\r\n  namespace: cert-manager-test\r\nspec:\r\n  selfSigned: {}\r\n---\r\napiVersion: cert-manager.io\/v1alpha2\r\nkind: Certificate\r\nmetadata:\r\n  name: selfsigned-cert\r\n  namespace: cert-manager-test\r\nspec:\r\n  dnsNames:\r\n    - example.com\r\n  secretName: selfsigned-cert-tls\r\n  issuerRef:\r\n    name: test-selfsigned\r\nEOF<\/code><\/pre>\n
test-resources.yaml\u3068\u3044\u3046\u30d5\u30a1\u30a4\u30eb\u304c\u4f5c\u6210\u3055\u308c\u308b\u306e\u3067apply\u3059\u308b<\/p>\n
kubectl apply -f test-resources.yaml<\/pre>\n
\u8a3c\u660e\u66f8\u304c\u4f5c\u6210\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d<\/p>\n
 <\/p>\n
$ kubectl describe certificate -n cert-manager-test\r\n\r\n...\r\nSpec:\r\n Common Name: example.com\r\n Issuer Ref:\r\n Name: test-selfsigned\r\n Secret Name: selfsigned-cert-tls\r\nStatus:\r\n Conditions:\r\n Last Transition Time: 2019-01-29T17:34:30Z\r\n Message: Certificate is up to date and has not expired\r\n Reason: Ready\r\n Status: True\r\n Type: Ready\r\n Not After: 2019-04-29T17:34:29Z\r\nEvents:\r\n Type Reason Age From Message\r\n ---- ------ ---- ---- -------\r\n Normal CertIssued 4s cert-manager Certificate issued successfully<\/pre>\n
Last Transition\u304capply\u3057\u305f\u65e5\u6642\u3068\u540c\u3058\u3067\u3042\u308c\u3070\u6210\u529f\u3057\u3066\u3044\u308b<\/p>\n
 <\/p>\n
\u52d5\u4f5c\u78ba\u8a8d\u3067\u304d\u305f\u3089\u30c6\u30b9\u30c8\u74b0\u5883\u306f\u524a\u9664<\/p>\n
kubectl delete -f test-resources.yaml<\/pre>\n
 <\/p>\n
 <\/p>\n
NGINX Ingress Controller\u3092Deploy<\/h2>\n
\u30ea\u30d0\u30fc\u30b9Proxy\u3067\u3042\u308bNginx\u3092\u7a3c\u50cd\u3055\u305b\u3066Ingress\u3092\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\u306b\u5f93\u3063\u3066\u9069\u5207\u306aWEB\u30b3\u30f3\u30c6\u30ca\u306b\u901a\u4fe1\u3092\u632f\u308a\u5206\u3051\u3055\u305b\u308b\u3002<\/p>\n
\u65e2\u306bNGINX Ingress Controller\u304c\u7a3c\u50cd\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u3053\u306e\u7ae0\u306f\u30b9\u30ad\u30c3\u30d7\u3057\u3066\u3088\u3044\u3002<\/p>\n
 <\/p>\n
Nginx\u3092Deploy<\/p>\n
helm install stable\/nginx-ingress --name quickstart<\/pre>\n
\u7d50\u679c\u78ba\u8a8d<\/p>\n
$ kubectl get svc\r\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\r\nkubernetes ClusterIP 10.63.240.1 <none> 443\/TCP 23m\r\nquickstart-nginx-ingress-controller LoadBalancer 10.63.248.177 35.233.154.161 80:31345\/TCP,443:31376\/TCP 16m\r\nquickstart-nginx-ingress-default-backend ClusterIP 10.63.250.234 <none> 80\/TCP 16m<\/pre>\n
nginx-ingress-controller\u306epod\u306bLoadBalancer\u304c\u4ed8\u4e0e\u3055\u308c\u3001Global IP\u304c\u4ed8\u4e0e\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d<\/p>\n
 <\/p>\n
WEB\u30b5\u30fc\u30d3\u30b9\u30b3\u30f3\u30c6\u30ca(\u4eee)\u3092Deploy<\/h2>\n
\u65e2\u306bnginx\u306b\u632f\u308a\u5206\u3051\u3055\u305b\u305f\u3044WEB\u30b5\u30fc\u30d3\u30b9\u30b3\u30f3\u30c6\u30ca\u304c\u7a3c\u50cd\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u8aad\u307f\u98db\u3070\u3057\u3066\u3088\u3044<\/p>\n
\u3053\u3061\u3089\u306f\u30c6\u30b9\u30c8\u7528\u306bWEB\u30b5\u30fc\u30d3\u30b9\u30b3\u30f3\u30c6\u30ca(\u4eee)\u3092Deploy\u3059\u308b<\/p>\n
kubectl apply -f https:\/\/netlify.cert-manager.io\/docs\/tutorials\/acme\/example\/deployment.yaml<\/pre>\n
kubectl apply -f https:\/\/netlify.cert-manager.io\/docs\/tutorials\/acme\/example\/service.yaml<\/pre>\n
kuard\u3068\u3044\u3046Service\u3068Deployment\u304c\u4f5c\u6210\u3055\u308c\u308b<\/p>\n
 <\/p>\n
 <\/p>\n
Ingress\u30eb\u30fc\u30eb\u3092Deploy<\/h2>\n
Nginx\u306b\u632f\u308a\u5206\u3051\u3055\u305b\u305f\u3044Ingress\u30eb\u30fc\u30eb\u3092Deploy\u3059\u308b<\/p>\n
ingress-nginx.yaml\u3092\u4f5c\u6210\u3057<\/p>\n
apiVersion: extensions\/v1beta1\r\nkind: Ingress\r\nmetadata:\r\n name: kuard\r\n annotations:\r\n kubernetes.io\/ingress.class: \"nginx\" \r\n #cert-manager.io\/issuer: \"letsencrypt-staging\"\r\n\r\nspec:\r\n tls:\r\n - hosts:\r\n - [nginx\u306b\u632f\u308a\u5206\u3051\u3055\u305b\u305f\u3044\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\uff1a\u4f8b\uff1aexample.example.com]\r\n secretName: quickstart-example-tls\r\n rules:\r\n - host: [nginx\u306b\u632f\u308a\u5206\u3051\u3055\u305b\u305f\u3044\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\uff1a\u4f8b\uff1aexample.example.com]\r\n http:\r\n paths:\r\n - path: \/\r\n backend:\r\n serviceName: kuard\r\n servicePort: 80<\/pre>\n
Apply\u3059\u308b<\/p>\n
kubectl apply -f ingress-nginx.yaml<\/pre>\n
 <\/p>\n
\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\u7d4c\u7531\u3067WEB\u30b5\u30fc\u30d0\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3053\u3068\u3092\u30d6\u30e9\u30a6\u30b6\u306a\u3069\u3067\u78ba\u8a8d<\/p>\n
\u73fe\u6642\u70b9\u3067\u306f\u307e\u3060SSL\u5316\u304c\u7d42\u4e86\u3057\u3066\u3044\u306a\u3044<\/p>\n
 <\/p>\n
Let\u2019s Encrypt Issuer\u3092\u8a2d\u5b9a<\/h2>\n
Staging\u7528Issuer\u8a2d\u5b9a<\/h3>\n
\u672c\u756a\u7a3c\u50cd\u524d\u306b\u52d5\u4f5c\u78ba\u8a8d\u3057\u305f\u3044\u5834\u5408\u306fStaging\u8a2d\u5b9a\u3067\u52d5\u4f5c\u78ba\u8a8d\u3059\u308b\u3068\u3088\u3044\u3002\u7279\u306b\u767a\u884c\u5236\u9650\u304c\u3042\u308b\u7a0b\u5ea6\u8a2d\u3051\u3089\u308c\u3066\u3044\u308b\u305f\u3081\u3001\u3044\u308d\u3044\u308d\u5b9f\u9a13\u3057\u305f\u3044\u5834\u5408\u306fStaging Issuer\u3067\u30c6\u30b9\u30c8\u3059\u308b\u3068\u3088\u3044\u3002<\/p>\n
\u3082\u3057\u3044\u304d\u306a\u308a\u672c\u756a\u7a3c\u50cd\u3055\u305b\u305f\u3044\u5834\u5408\u306f\u3001Staging\u306e\u3068\u3053\u308d\u306fSkip\u3057\u3066\u3088\u3044<\/p>\n
letsencrypt-staging.yaml\u3092\u4f5c\u6210
\n*\u81ea\u5206\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306b\u5909\u66f4\u3057\u3066\u304a\u304f\u3053\u3068<\/p>\n
 apiVersion: cert-manager.io\/v1alpha2\r\n kind: Issuer\r\n metadata:\r\n name: letsencrypt-staging\r\n spec:\r\n acme:\r\n # The ACME server URL\r\n server: https:\/\/acme-staging-v02.api.letsencrypt.org\/directory\r\n # Email address used for ACME registration\r\n email: [\u81ea\u5206\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306b\u5909\u66f4\uff1a\u4f8b\uff1auser@example.com]\r\n # Name of a secret used to store the ACME account private key\r\n privateKeySecretRef:\r\n name: letsencrypt-staging\r\n # Enable the HTTP-01 challenge provider\r\n solvers:\r\n - http01:\r\n ingress:\r\n class: nginx<\/pre>\n
apply<\/p>\n
kubectl apply -f letsencrypt-staging.yaml<\/pre>\n
\u8a3c\u660e\u66f8\u78ba\u8a8d<\/p>\n
kubectl describe issuer letsencrypt-staging<\/pre>\n
apply\u30b3\u30de\u30f3\u30c9\u3092\u767a\u884c\u3057\u305f\u65e5\u6642\u3067\u8a3c\u660e\u66f8\u304c\u767a\u884c\u3055\u308c\u3066\u3044\u308c\u3070OK\uff08Creation Timestamp\uff09<\/p>\n
 <\/p>\n
 <\/p>\n
\u672c\u756a\u7528Issuer\u8a2d\u5b9a<\/h3>\n
\u672c\u756a\u7a3c\u50cd\u7528\u306eIssuer\u3082\u4f5c\u6210\u3057\u3066\u304a\u304f\u3002letsencrypt-prod.yaml\u3092\u4f5c\u6210
\n*\u81ea\u5206\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306b\u5909\u66f4\u3057\u3066\u304a\u304f\u3053\u3068<\/p>\n
 apiVersion: cert-manager.io\/v1alpha2\r\n kind: Issuer\r\n metadata:\r\n name: letsencrypt-prod\r\n spec:\r\n acme:\r\n # The ACME server URL\r\n server: https:\/\/acme-v02.api.letsencrypt.org\/directory\r\n # Email address used for ACME registration\r\n email: [\u81ea\u5206\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306b\u5909\u66f4\uff1a\u4f8b\uff1auser@example.com]\r\n # Name of a secret used to store the ACME account private key\r\n privateKeySecretRef:\r\n name: letsencrypt-prod\r\n # Enable the HTTP-01 challenge provider\r\n solvers:\r\n - http01:\r\n ingress:\r\n class: nginx<\/pre>\n
apply<\/p>\n
kubectl apply -f letsencrypt-prod.yaml<\/pre>\n
\u8a3c\u660e\u66f8\u78ba\u8a8d<\/p>\n
kubectl describe issuer letsencrypt-prod<\/pre>\n
apply\u30b3\u30de\u30f3\u30c9\u3092\u767a\u884c\u3057\u305f\u65e5\u6642\u3067\u8a3c\u660e\u66f8\u304c\u767a\u884c\u3055\u308c\u3066\u3044\u308c\u3070OK\uff08Creation Timestamp\uff09<\/p>\n
 <\/p>\n
TLS\u3092Ingress\u306b\u8a2d\u5b9a\u3057\u3066SSL\u5316<\/h2>\n
\u3088\u3046\u3084\u304fIngress-Nginx\u306bTLS\u8a2d\u5b9a\u3092\u884c\u3063\u3066WEB\u901a\u4fe1\u3092SSL\u5316\u3067\u304d\u308b\u3002<\/p>\n
ingress-nginx.yaml\u306b\u8ffd\u8a18\u3059\u308b<\/p>\n
\u2193\u306fStaging Issuer\u306e\u8a3c\u660e\u66f8\u3092\u4f7f\u7528\u3059\u308b\u30eb\u30fc\u30eb\u8a2d\u5b9a<\/p>\n
apiVersion: extensions\/v1beta1\r\nkind: Ingress\r\nmetadata:\r\n name: kuard\r\n annotations:\r\n kubernetes.io\/ingress.class: \"nginx\" \r\n cert-manager.io\/issuer: \"letsencrypt-staging\"\r\n\r\nspec:\r\n tls:\r\n - hosts:\r\n - [nginx\u306b\u632f\u308a\u5206\u3051\u3055\u305b\u305f\u3044\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\uff1a\u4f8b\uff1aexample.example.com]\r\n secretName: quickstart-example-tls\r\n rules:\r\n - host: [nginx\u306b\u632f\u308a\u5206\u3051\u3055\u305b\u305f\u3044\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\uff1a\u4f8b\uff1aexample.example.com]\r\n http:\r\n paths:\r\n - path: \/\r\n backend:\r\n serviceName: kuard\r\n servicePort: 80<\/pre>\n
Apply<\/p>\n
kubectl appply -f ingress-nginx.yaml<\/pre>\n
\u8a3c\u660e\u66f8\u767a\u884c\u72b6\u614b\u78ba\u8a8d<\/p>\n
kubectl describe certificate quickstart-example-tls<\/pre>\n
Certificate issued Successfully\u3068\u51fa\u3066\u3044\u308c\u3070OK<\/p>\n
\u672c\u756a\u7528Issuer\u3092\u4f7f\u7528\u3059\u308bIngress\u30eb\u30fc\u30eb\u306f\u4ee5\u4e0b\u306e\u901a\u308a<\/p>\n
apiVersion: extensions\/v1beta1\r\nkind: Ingress\r\nmetadata:\r\n name: kuard\r\n annotations:\r\n kubernetes.io\/ingress.class: \"nginx\" \r\n cert-manager.io\/issuer: \"letsencrypt-prod\"\r\n\r\nspec:\r\n tls:\r\n - hosts:\r\n - [nginx\u306b\u632f\u308a\u5206\u3051\u3055\u305b\u305f\u3044\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\uff1a\u4f8b\uff1aexample.example.com]\r\n secretName: quickstart-example-tls\r\n rules:\r\n - host: [nginx\u306b\u632f\u308a\u5206\u3051\u3055\u305b\u305f\u3044\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\uff1a\u4f8b\uff1aexample.example.com]\r\n http:\r\n paths:\r\n - path: \/\r\n backend:\r\n serviceName: kuard\r\n servicePort: 80<\/pre>\n
Apply<\/p>\n
kubectl appply -f ingress-nginx.yaml<\/pre>\n
\u8a3c\u660e\u66f8\u767a\u884c\u72b6\u614b\u78ba\u8a8d<\/p>\n
kubectl describe certificate quickstart-example-tls<\/pre>\n
Certificate issued Successfully\u3068\u51fa\u3066\u3044\u308c\u3070OK<\/p>\n
 <\/p>\n
 <\/p>\n
\u5f8c\u306f\u3001SSL\u5316\u8a2d\u5b9a\u3092\u884c\u3063\u305fURL\u306b\u30d6\u30e9\u30a6\u30b6\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3057\u3066\u307f\u3066SSL\u5316\u304c\u6210\u529f\u3057\u3066\u3044\u308b\u304b\u3001\u8a3c\u660e\u66f8\u304cLets Encrypt\u306b\u306a\u3063\u3066\u3044\u308b\u304b\u78ba\u8a8d\u3067\u304d\u308c\u3070OK<\/p>\n
\u3061\u306a\u307f\u306b\u3001\u4e0a\u8a18\u8a2d\u5b9a\u3067\u306fhttps\u3078\u306e\u81ea\u52d5\u30d5\u30a9\u30ef\u30fc\u30c7\u30a3\u30f3\u30b0\u306f\u3055\u308c\u306a\u3044\u306e\u3067\u3001\u30d6\u30e9\u30a6\u30b6\u304b\u3089\u305f\u305f\u304f\u5834\u5408\u306fhttps:\/\/\u3068\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u306e\u3067\u6ce8\u610f\u3002<\/p>\n
 <\/p>\n
SSL Redirect<\/h2>\n
\u3044\u308d\u3044\u308d\u30cd\u30c3\u30c8\u3067\u8abf\u3079\u3066GKE\u306b\u306fHTTPS\u3078\u306eRedirect\u306f\u5b9f\u88c5\u3055\u308c\u3066\u3044\u306a\u3044\u3068\u3044\u3046\u8a18\u4e8b\u3057\u304b\u8f09\u3063\u3066\u3044\u306a\u3044\u304c\u3001Ingress\u306eAnnotation\u3092\u4ed8\u4e0e\u3059\u308c\u3070Redirect\u3082\u53ef\u80fd<\/p>\n
apiVersion: extensions\/v1beta1\r\nkind: Ingress\r\nmetadata:\r\n name: ingress-resource\r\n annotations:\r\n kubernetes.io\/ingress.class: nginx\r\n nginx.ingress.kubernetes.io\/ssl-redirect: \"true\" \/\/true\u306b\u3059\u308b\u3068Redirect\u3055\u308c\u308b\r\n cert-manager.io\/issuer: \"letsencrypt-prod\"\r\n\r\n\uff5e\u4ee5\u4e0b\u7565<\/pre>\n
 <\/p>\n
 <\/p>\n
\u53c2\u8003\uff1a<\/p>\n
https:\/\/cert-manager.io\/docs\/tutorials\/acme\/ingress\/<\/a><\/p>\n
https:\/\/cert-manager.io\/docs\/installation\/kubernetes\/<\/a><\/p>\n
https:\/\/kubernetes.github.io\/ingress-nginx\/user-guide\/nginx-configuration\/annotations\/#server-side-https-enforcement-through-redirect<\/a><\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
GKE(Google Kubernete<\/p>\n","protected":false},"author":1,"featured_media":2211,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[210],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blue-bear.jp\/kb\/wp-json\/wp\/v2\/posts\/2318"}],"collection":[{"href":"https:\/\/blue-bear.jp\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blue-bear.jp\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blue-bear.jp\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blue-bear.jp\/kb\/wp-json\/wp\/v2\/comments?post=2318"}],"version-history":[{"count":7,"href":"https:\/\/blue-bear.jp\/kb\/wp-json\/wp\/v2\/posts\/2318\/revisions"}],"predecessor-version":[{"id":2328,"href":"https:\/\/blue-bear.jp\/kb\/wp-json\/wp\/v2\/posts\/2318\/revisions\/2328"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blue-bear.jp\/kb\/wp-json\/wp\/v2\/media\/2211"}],"wp:attachment":[{"href":"https:\/\/blue-bear.jp\/kb\/wp-json\/wp\/v2\/media?parent=2318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blue-bear.jp\/kb\/wp-json\/wp\/v2\/categories?post=2318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blue-bear.jp\/kb\/wp-json\/wp\/v2\/tags?post=2318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}