K8s – cert-manager (https) tls

ENV: GKE, 1.22

Install cert-manager by kubectl

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml

Create cluster issuer – “letsencrypt-prod”

kubectl apply -f cluster-issuer.yaml

-- cluster-issuer.yaml --
apiVersion: cert-manager.io/v1 
kind: ClusterIssuer 
metadata: 
  name: letsencrypt-prod 
spec: 
  acme: 
    server: https://acme-v02.api.letsencrypt.org/directory 
    email: $DOMAIN_MAIL 
    privateKeySecretRef: 
      name: letsencrypt-prod 
    solvers: 
    - http01: 
        ingress: 
          class: nginx

Update ingress  (get tls secret from “letsencrypt-prod”)

kubectl -n XXX apply -f ingress.yaml

--- ingress.yaml ---
metadata: 
     kubernetes.io/ingress.class: gce 
     kubernetes.io/ingress.allow-http: "true" 
     kubernetes.io/ingress.global-static-ip-name: web-ip 
+    cert-manager.io/cluster-issuer: letsencrypt-prod 
 spec: 
+  tls: 
+    - secretName: $WEB_SSL 
+      hosts: 
+        - $DOMAIN_NAME

Verify

kubectl -n XXX get cert,secret

And don’t worry about the “-xxxx” behind the “WEB_SSL” secret, just wait for the certificate ready: TRUE

(Optional) Uninstall

kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/vX.Y.Z/cert-manager.yaml

Ref: full doc but using just Issuer inside namespace  https://cert-manager.io/docs/tutorials/getting-started-with-cert-manager-on-google-kubernetes-engine-using-lets-encrypt-for-ingress-ssl/

Be the first to comment

Leave a Reply

Your email address will not be published.


*