This is an automated email from the ASF dual-hosted git repository.
sunyi pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-website.git
The following commit(s) were added to refs/heads/master by this push:
new 7428dcd docs: add EN version of cert-manager (#687)
7428dcd is described below
commit 7428dcd4e222925b8aa54dfcc0e8d2f19902bf87
Author: Sylvia <[email protected]>
AuthorDate: Fri Oct 29 14:39:18 2021 +0800
docs: add EN version of cert-manager (#687)
---
website/blog/2021/10/22/cert-manager-in-ingress.md | 82 +++++++++++-----------
1 file changed, 41 insertions(+), 41 deletions(-)
diff --git a/website/blog/2021/10/22/cert-manager-in-ingress.md
b/website/blog/2021/10/22/cert-manager-in-ingress.md
index 3f446ff..a205225 100644
--- a/website/blog/2021/10/22/cert-manager-in-ingress.md
+++ b/website/blog/2021/10/22/cert-manager-in-ingress.md
@@ -1,6 +1,6 @@
---
-title: "教程篇:如何在 Apache APISIX Ingress Controller 中使用 Cert Manager 管理证书"
-author: "张超"
+title: "Tutorial: How to use Cert Manager to manage certificates in Apache
APISIX Ingress Controller"
+author: "Chao Zhang"
authorURL: "https://github.com/tokers";
authorImageURL: "https://avatars.githubusercontent.com/u/10428333?v=4";
keywords:
@@ -8,35 +8,35 @@ keywords:
- Apache APISIX
- Cert Manager
- Kubernetes
-description: 本文将通过详细的代码步骤为大家介绍如何通过 Cert Manager 在 Apache APISIX Ingress
Controller 里进行证书管理。
+description: This article shows how to create a certificate and pair it with
Apache APISIX Ingress Controller via the Cert Manager.
tags: [technology]
---
-> 本文将通过详细的代码步骤为大家介绍如何通过 Cert Manager 在 Apache APISIX Ingress Controller
里进行证书管理。
+> This article shows how to create a certificate and pair it with Apache
APISIX Ingress Controller via the Cert Manager.
<!--truncate-->
-[Apache APISIX Ingress
Controller](https://github.com/apache/apisix-ingress-controller) 是一款以 [Apache
APISIX](http://apisix.apache.org/) 作为数据面的 [Kubernetes Ingress
Controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/)
开源工具,目前已经更新到
[v1.3](https://github.com/apache/apisix-ingress-controller/blob/master/CHANGELOG.md#130)
版本,实现了如证书管理、负载均衡、金丝雀发布等功能。
+[Apache APISIX Ingress
Controller](https://github.com/apache/apisix-ingress-controller) is a
[Kubernetes Ingress
Controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/)
Open Source Tool that uses [Apache APISIX](http://apisix.apache.org/) as a
data surface and has been updated to
[v1.3](https://github.com/apache/apisix-ingress-controller/blob/master/CHANGELOG.md#130)
with features such as certificate management, load balancing, Canary
Publishing, and more.
-长久以来,证书管理都不是一件简单的事情,虽然 Apache APISIX Ingress Controller 支持从 Kubernetes Secrets
资源中提取证书和私钥,并转换为 Apache APISIX 可识别的 SSL
对象,但这只是整个证书管理链中的一部分,证书的颁发、轮转、吊销逻辑依然需要管理员执行,尤其当证书数量比较多时,工作量往往并不小,因而会占用管理员不少的时间。
+For a long time, certificate management is not a simple thing although Apache
APISIX Ingress Controller supports extracting certificates and private keys
from Kubernetes Secrets Resources and converting them into Apache APISIX
recognizable SSL objects, but this is only a part of the whole certificate
management chain, certificate issuance, rotation, revocation logic still need
to be implemented by administrators, especially when the number of certificates
is relatively large, the workloa [...]
-[Cert Manager](https://cert-manager.io/docs/) 是一款致力于在 Kubernetes
平台上简化证书管理的软件,它支持对接许多不同的证书源,如 [Let’s Encrypt](https://letsencrypt.org/) 和
[HashiCorp Vault](https://www.vaultproject.io/)。
+[Cert Manager](https://cert-manager.io/docs/) is a piece of software dedicated
to simplifying certificate management on the Kubernetes platform and supports
docking many different certificate sources, such as [Let’s
Encrypt](https://letsencrypt.org/) and [HashiCorp
Vault](https://www.vaultproject.io/).
-如果你在使用 Apache APISIX Ingress Controller 时,遇到了证书管理的麻烦,那么使用 Cert Manager
将会是一个不错的选择,本文将介绍如何通过 Cert Manager 来创建证书并对接到 Apache APISIX Ingress Controller。
+If you’re having trouble with certificate management when using Apache APISIX
Ingress Controller, using the Cert Manager is a good option, and this article
shows how to create a certificate and pair it with Apache APISIX Ingress
Controller via the Cert Manager.
-## 步骤一:环境准备
+## Step 1: Environmental Preparation
-如果你希望按照本文的指导进行实际的操作,请确保以下环境和工具已准备就绪:
+If you want to follow the instructions in this article, make sure the
following environments and tools are in place:
-1. 准备一个可用的 Kubernetes 集群,开发环境中,你可以使用 [Kind](https://kind.sigs.k8s.io/) 和
[Minikube](https://kubernetes.io/docs/tutorials/hello-minikube/)
-2. 安装 [kubectl](https://kubernetes.io/docs/tutorials/hello-minikube/)
-3. 安装 [Helm v3](https://helm.sh/)
+1. To prepare a usable Kubernetes cluster, in the development environment, you
can use [Kind](https://kind.sigs.k8s.io/) and
[Minikube](https://kubernetes.io/docs/tutorials/hello-minikube/)
+3. Install [kubectl](https://kubernetes.io/docs/tutorials/hello-minikube/)
+4. Install [Helm v3](https://helm.sh/)
-> 请注意,下文所有的操作都将在 ingress-apisix 命名空间中执行,因此需要先创建该命名空间:`kubectl create namespace
ingress-apisix`
+> Note that all of the following operations will be performed in the
ingress-apisix namespace, so you need to create the namespace first: `kubectl
create namespace ingress-apisix`
-## 步骤二:安装 Apache APISIX Ingress Controller
+## Step 2:Install Apache APISIX Ingress Controller
-我们可以通过 Helm 来安装 Apache APISIX Ingress Controller,包括数据面的 Apache APISIX 和 etcd
集群。
+You can install Apache APISIX Ingress Controller via Helm, including Apache
APISIX and etcd clusters for data planes.
``` shell
helm repo add apisix https://charts.apiseven.com
@@ -44,25 +44,25 @@ helm repo update
helm install apisix apisix/apisix --set gateway.tls.enabled=true --set
ingress-controller.enabled=true --namespace ingress-apisix
```
-点击查看[详细安装介绍](https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/README.md)。
+Click to view the [installation
details](https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/README.md).
-## 步骤三:安装 Cert Manager
+## Step 3:Install Cert Manager
-通过 Helm 来安装 Cert
Manager,点击可查看[详细安装介绍](https://cert-manager.io/docs/installation/)。
+To Install Cert Manager from Helm, click to view the [installation
details](https://cert-manager.io/docs/installation/).
```shell
helm install cert-manager jetstack/cert-manager --namespace ingress-apisix
--set prometheus.enabled=false --set installCRDs=true
```
-安装完毕后请等待一会后查看组件的运行状态,确保所有组件都已正常运行,你可以通过如下命令进行查看。
+Please wait for a moment after installation to check the running status of the
components and make sure that all the components are working properly. You can
do this by following the command.
```shell
kubectl get all -n ingress-apisix
```
-返回结果如下所示,表示所有组件都已正常运行。
+The result is as follows, indicating that all components are working properly.
-```Apache
+```shell
NAME READY STATUS
RESTARTS AGE
pod/apisix-5d99956d88-j68sj 1/1 Running 0
63s
pod/apisix-69459554d4-btnwn 0/1 Terminating 0
57m
@@ -107,11 +107,11 @@ NAME COMPLETIONS
DURATION AGE
job.batch/cert-manager-startupapicheck 1/1 6m24s 45m
```
-> [Kubernetes Controller
Manager](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/)
的机制决定了 Pod 名称会有所不同。
+> The mechanism of the [Kubernetes Controller
Manager](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/)
determines that the Pod name will be different.
-## 步骤四:申请证书并测试
+## Step 4: Apply for a Certificate and Test it
-首先我们需要配置证书颁发对象。
+First we need to configure the credential issuing object.
```yaml
# issuer.yaml
@@ -124,15 +124,15 @@ spec:
selfSigned: {}
```
-并创建自签名证书颁发者。
+And create a self-signed certificate issuer.
```shell
kubectl apply -f issuer.yaml
```
->
请注意,自签名颁发对象不推荐使用在生产环境中!更多证书颁发对象的配置请参考[这里](https://cert-manager.io/docs/configuration/)。
+> Note that self-signed authoring objects are not recommended for use in
production environments! See
[here](https://cert-manager.io/docs/configuration/) for more on the
configuration of the certificate authority object.
-然后为域名 `httpbin.org` 创建一张证书。
+。Then create a certificate for the domain name `httpbin. org`.
```yaml
# httpbin-cert.yaml
@@ -169,7 +169,7 @@ spec:
kubectl apply -f httpbin-cert.yaml
```
-此时需要查看对应 Secrets 是否已经被创建。
+At this point, it is necessary to see whether the corresponding Secrets have
been created.
```shell
kubectl get secrets -n ingress-apisix httpbin
@@ -177,16 +177,16 @@ NAME TYPE DATA AGE
httpbin kubernetes.io/tls 3 2m5s
```
-通过上述验证,该 Secrets 对象的创建事件已经被 Apache APISIX Ingress Controller 捕获到,我们尝试访问 Apache
APISIX Ingress Controller 来验证证书是否生效,首先我们需要创建额外的路由对象。
+With the above validation, the creation of the Secrets object has been
captured by Apache APISIX Ingress Controller, we try to access Apache APISIX
Ingress Controller to verify the certificate is valid, first we need to create
additional routing objects.
```shell
-# 创建后端
+# Create backend
kubectl run httpbin --image kennethreitz/httpbin --namespace ingress-apisix
kubectl expose pod httpbin -n ingress-apisix --port 80
```
```yaml
-# 定义 ApisixTls 对象
+# Define ApisixTls Objects
apiVersion: apisix.apache.org/v1
kind: ApisixTls
metadata:
@@ -199,7 +199,7 @@ spec:
name: httpbin
namespace: ingress-apisix
---
-# 定义访问后端的路由
+# Define the route to access the backend
apiVersion: apisix.apache.org/v2beta1
kind: ApisixRoute
metadata:
@@ -218,15 +218,15 @@ spec:
servicePort: 80
```
-接下来访问服务 `apisix-gateway`。注意,默认情况下该服务的类型为 `NodePort`,你可以根据需要修改其类型,比如你的
Kubernetes 集群是云厂商托管的,则可以考虑将其修改为 `LoadBalancer` 类型,以获取一个外部可达的 IP。
+Next access the service `apisix-gateway`. Note that the service is `NodePort`
by default, and you can change its type as needed. If your Kubernetes cluster
is hosted by the cloud vendor, consider changing it to the `LoadBalancer` type,
to get an externally accessible IP.
-这里我们通过端口转发的方式将服务映射到本地。
+Here we map the service to local via port forwarding.
```shell
kubectl port-forward -n ingress-apisix svc/apisix-gateway 8443:443
```
-然后开始配置访问。
+Then start configuring access.
```shell
curl https://httpbin.org:8443/json --resolve 'httpbin.org:8443:127.0.0.1' -sk
@@ -253,12 +253,12 @@ curl https://httpbin.org:8443/json --resolve
'httpbin.org:8443:127.0.0.1' -sk
}
```
-经过上述操作,可以看到访问成功,说明证书已经生效。注意,由于证书是自签名的,这里需要加上 `-k` 选项来忽略证书的校验。
+After the above operation, you can see that the access was successful, that
the certificate has been validated. Note that since the certificate is
self-signed, the `-k` option needs to be added to ignore the certificate
validation.
-此外,如果你想要轮转证书,删除 `httpbin` 这一 Secret 对象即可,Cert Manager 会立刻创建一个新的 httpbin
Secret 对象,并且包含新的证书。
+In addition, if you want to rotate the certificate, remove the `httpbin` as
the Secret object, and Cert Manager immediately creates a new httpbin Secret
object and includes the new certificate.
-## 总结
+## Summary
-本文主要讲解了如何利用 Cert Manager 在 Apache APISIX Ingress Controller
中进行证书的创建和管理。想了解更多关于 Apache APISIX Ingress
的介绍与内容,可参考[本篇文章](https://apisix.apache.org/zh/blog/2021/10/09/apisix-ingress-techblog/)。
+This article focuses on how to use the CERT Manager to create and manage
certificates in Apache APISIX Ingress Controller. For more on Apache APISIX
Ingress, [see this
article](https://apisix.apache.org/zh/blog/2021/10/09/apisix-ingress-techblog/).
-或者参与 Apache APISIX Ingress 项目每两周举行的线上讨论,分享当下项目进度、最佳实践及设计思路等多个话题,可查看具体
[issue](https://github.com/apache/apisix-ingress-controller/issues/614) 了解更多。
+Or take part in a biweekly [online
discussion](https://github.com/apache/apisix-ingress-controller/issues/614) on
the Apache APISIX Ingress Project to share current project progress, best
practices, and design ideas.
