Kubernetes Letsencrypt
Jump to navigation
Jump to search
- https://github.com/jetstack/cert-manager
- https://cert-manager.io/docs/
- https://cert-manager.io/docs/installation/kubernetes/
https://kubernetes.github.io/ingress-nginx/deploy/#digital-ocean
https://www.olivercoding.com/2021-01-07-kubernetes-dns-certificate/
create service
kubectl apply -f https://k8s.io/examples/service/networking/example-ingress.yaml
Create self signed cert store in secrets
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=foo.bar.com" kubectl create secret tls test-tls --key="tls.key" --cert="tls.crt"
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingresstls
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
tls:
- hosts:
- tls.uvoo.io
secretName: test-tls
rules:
- host: tls.uvoo.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 8080
Let's use letsencrypt
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingresstls2
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
cert-manager.io/cluster-issuer: "letsencrypt-prod" # use staging for self signed fake
spec:
tls:
- hosts:
- tls2.uvoo.io
secretName: tls2-tls
rules:
- host: tls2.uvoo.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 8080
kubectl get certificate kubectl describe certificate tls2-tls