minor fix

ks6088ts · ks6088ts · commit 2392778a1247 · 2025-07-15T11:20:14.000+09:00
diff --git a/docs/scenarios/9_certmanager.md b/docs/scenarios/9_certmanager.md
@@ -17,7 +17,13 @@ kubectl get svc -n ingress-nginx
 # cert-manager を cert-manager 名前空間にデプロイ
 # https://cert-manager.io/docs/installation/kubectl/
 # Install all cert-manager components:
-kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.18.2/cert-manager.yaml
+# kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.18.2/cert-manager.yaml
+helm install \
+  cert-manager jetstack/cert-manager \
+  --namespace cert-manager \
+  --create-namespace \
+  --version v1.18.2 \
+  --set crds.enabled=true
 
 # ClusterIssuerの作成
 # https://cert-manager.io/docs/configuration/acme/
@@ -33,7 +39,7 @@ kubectl get ingress nginx-ingress -w
 # 証明書の状態を確認
 kubectl get certificaterequest -A
 kubectl get certificate -A
-kubectl describe certificate your-domain-com-tls
+kubectl describe certificate ks6088ts-com-tls
 ```
 
 ### [ks6088ts-labs/template-fastapi](https://github.com/ks6088ts-labs/template-fastapi) をデプロイして公開する
diff --git a/k8s/cert-manager/certificate.yaml b/k8s/cert-manager/certificate.yaml
@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+
+kind: Certificate
+metadata:
+  name: ks6088ts-com-tls
+spec:
+  secretName: ks6088ts-com-tls
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  commonName: ks6088ts.com
+  dnsNames:
+    - ks6088ts.com
+    - www.ks6088ts.com
+  privateKey:
+    rotationPolicy: Always
diff --git a/k8s/cert-manager/letsencrypt-clusterissuer.yaml b/k8s/cert-manager/letsencrypt-clusterissuer.yaml
@@ -4,11 +4,11 @@ metadata:
   name: letsencrypt-prod
 spec:
   acme:
-    email: your-email@example.com # あなたのメールアドレス
-    server: https://acme-v02.api.letsencrypt.org/directory # 本番環境
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: "ks6088ts@gmail.com"
     privateKeySecretRef:
-      name: letsencrypt-prod-private-key
+      name: letsencrypt-prod
     solvers:
-    - http01:
-        ingress:
-          class: nginx
+      - http01:
+          ingress:
+            class: nginx
diff --git a/k8s/cert-manager/nginx-deployment.yaml b/k8s/cert-manager/nginx-deployment.yaml
@@ -30,4 +30,3 @@ spec:
       port: 80 # Serviceのポート
       targetPort: 80 # Podのポート
   type: ClusterIP # Ingress Controllerがサービスにアクセスするため、ClusterIPで十分
-
diff --git a/k8s/cert-manager/nginx-ingress.yaml b/k8s/cert-manager/nginx-ingress.yaml
@@ -1,31 +1,25 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: nginx-ingress
+  name: ingress-service
   annotations:
-    kubernetes.io/ingress.class: nginx
-    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/use-regex: 'true'
+    cert-manager.io/cluster-issuer: 'letsencrypt-prod'
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
 spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - www.ks6088ts.com
+      secretName: ks6088ts-com-tls
   rules:
-  - host: www.ks6088ts.com
-    http:
-      paths:
-      # - path: /
-      #   pathType: Prefix
-      #   backend:
-      #     service:
-      #       name: nginx-service # ステップ2で作成したService名
-      #       port:
-      #         number: 80 # Serviceのポート
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: template-fastapi-service
-            port:
-              number: 80 # Serviceのポート
-  tls: # HTTPSを有効にするための設定
-  - hosts:
-    - www.ks6088ts.com # あなたの独自ドメイン
-    secretName: your-domain-com-tls # Cert-Managerが証明書を保存するKubernetes Secretの名前 (任意)
-
+    - host: www.ks6088ts.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: template-fastapi-service
+                port:
+                  number: 80
