Difference between revisions of "Kubernetes Letsencrypt"
Jump to navigation
Jump to search
| Line 6: | Line 6: | ||
https://www.olivercoding.com/2021-01-07-kubernetes-dns-certificate/ | https://www.olivercoding.com/2021-01-07-kubernetes-dns-certificate/ | ||
| + | |||
| + | create service | ||
| + | ``` | ||
| + | kubectl apply -f https://k8s.io/examples/service/networking/example-ingress.yaml | ||
| + | ``` | ||
| + | |||
| + | Create self signed cert store in secrets | ||
| + | ``` | ||
| + | openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=foo.bar.com" | ||
| + | kubectl create secret tls test-tls --key="tls.key" --cert="tls.crt" | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | apiVersion: networking.k8s.io/v1 | ||
| + | kind: Ingress | ||
| + | metadata: | ||
| + | name: example-ingresstls | ||
| + | annotations: | ||
| + | nginx.ingress.kubernetes.io/rewrite-target: /$1 | ||
| + | spec: | ||
| + | tls: | ||
| + | - hosts: | ||
| + | - tls.uvoo.io | ||
| + | secretName: test-tls | ||
| + | rules: | ||
| + | - host: tls.uvoo.io | ||
| + | http: | ||
| + | paths: | ||
| + | - path: / | ||
| + | pathType: Prefix | ||
| + | backend: | ||
| + | service: | ||
| + | name: web | ||
| + | port: | ||
| + | number: 8080 | ||
| + | ``` | ||
Revision as of 20:20, 13 February 2021
- https://github.com/jetstack/cert-manager
- https://cert-manager.io/docs/
- https://cert-manager.io/docs/installation/kubernetes/
https://kubernetes.github.io/ingress-nginx/deploy/#digital-ocean
https://www.olivercoding.com/2021-01-07-kubernetes-dns-certificate/
create service
kubectl apply -f https://k8s.io/examples/service/networking/example-ingress.yaml
Create self signed cert store in secrets
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=foo.bar.com" kubectl create secret tls test-tls --key="tls.key" --cert="tls.crt"
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingresstls
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
tls:
- hosts:
- tls.uvoo.io
secretName: test-tls
rules:
- host: tls.uvoo.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 8080