Difference between revisions of "Kubernetes Letsencrypt"

• https://github.com/jetstack/cert-manager
• https://cert-manager.io/docs/
• https://cert-manager.io/docs/installation/kubernetes/

https://kubernetes.github.io/ingress-nginx/deploy/#digital-ocean

https://www.olivercoding.com/2021-01-07-kubernetes-dns-certificate/

create service

kubectl apply -f https://k8s.io/examples/service/networking/example-ingress.yaml

Create self signed cert store in secrets

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=foo.bar.com"
kubectl create secret tls test-tls --key="tls.key" --cert="tls.crt"

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingresstls
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  tls:
  - hosts:
      - tls.uvoo.io
    secretName: test-tls
  rules:
    - host: tls.uvoo.io
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: web
                port:
                  number: 8080

Let's use letsencrypt

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingresstls2
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    cert-manager.io/cluster-issuer: "letsencrypt-prod" # use staging for self signed fake
spec:
  tls:
  - hosts:
      - tls2.uvoo.io
    secretName: tls2-tls
  rules:
    - host: tls2.uvoo.io
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: web
                port:
                  number: 8080

kubectl get certificate kubectl describe certificate tls2-tls