Letsencrypt Setup
Deploy Cert Manager in Kubernetes environment.
Steps
-
Install cert-manager
-
Add Jetstack Helm repository:
helm repo add jetstack https://charts.jetstack.io
-
Update your local Helm chart repository cache:
helm repo update
-
Intall Ccert-manager and CustomResourceDefinitions:
- Check the current version -
https://cert-manager.io/docs/installation/helm/#3-install-customresourcedefinitions
helm install \ cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ --version v1.9.1 \ --set installCRDs=true
- Check the current version -
-
-
Create Cluster Issuer
apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: name: dirigible spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: <your-email> privateKeySecretRef: name: dirigible http01: {}
Note
- If your ingress is
Istio
change theClusterIssuer
add:
solvers: - selector: {} http01: ingress: class: istio
- If your ingress is
-
Create certificate
apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: dirigible spec: secretName: dirigible issuerRef: name: dirigible kind: ClusterIssuer commonName: "<your-domain>" dnsNames: - "<your-domain>"
Note
- If your
Istio ingress
is installed to namespaceistio-ingress
addnamespace: istio-ingress
- If your
-
Create Ingress
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: dirigible spec: rules: - host: dirigible http: paths: - path: / pathType: Prefix backend: service: name: dirigible port: number: 8080
!!! note "Note" - You can install
istio
with default profileistioctl install
this will installistio-ingressgateway
andistiod
and you can install manually```yaml apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: dirigible-gateway spec: selector: istio: ingressgateway servers: - port: number: 80 name: http protocol: HTTP hosts: - dirigible.<your-domain> # Initially it should be commented, then uncomment to enforce https! # tls: # httpsRedirect: true - port: number: 443 name: https-443 protocol: HTTPS hosts: - dirigible.<your-domain> tls: mode: SIMPLE credentialName: dirigible ```
-
Create Virtual Service for Istio
apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: dirigible spec: hosts: - "dirigible.<your-domain>" gateways: - dirigible-gateway - mesh http: - match: - uri: prefix: / route: - destination: host: dirigible.default.svc.cluster.local port: number: 8080
-
-
Check certificate status in cert-manager.
kubectl logs -n cert-manager -lapp=cert-manager
Replace Placeholders
<your-domain>
with your domain from previous step