ENV: GKE, 1.22
Install cert-manager by kubectl
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml
Create cluster issuer – “letsencrypt-prod”
kubectl apply -f cluster-issuer.yaml
-- cluster-issuer.yaml --
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: $DOMAIN_MAIL
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
Update ingress (get tls secret from “letsencrypt-prod”)
kubectl -n XXX apply -f ingress.yaml
--- ingress.yaml ---
metadata:
kubernetes.io/ingress.class: gce
kubernetes.io/ingress.allow-http: "true"
kubernetes.io/ingress.global-static-ip-name: web-ip
+ cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
+ tls:
+ - secretName: $WEB_SSL
+ hosts:
+ - $DOMAIN_NAME
Verify
kubectl -n XXX get cert,secret
And don’t worry about the “-xxxx” behind the “WEB_SSL” secret, just wait for the certificate ready: TRUE
(Optional) Uninstall
kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/vX.Y.Z/cert-manager.yaml
Ref: full doc but using just Issuer inside namespace https://cert-manager.io/docs/tutorials/getting-started-with-cert-manager-on-google-kubernetes-engine-using-lets-encrypt-for-ingress-ssl/
Leave a Reply