Kubernetes Let’s Encrypt wildcard
Posted on Thu 22 February 2024 in misc
1-Installing Cert-Manager
There's 2 ways to install cert-manager, by kubectl from the cert-manager source and the other one is by using helm. Use only one from the 2 options.
Installing Cert-Manager by kubectl
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.2/cert-manager.yaml
To check the latest cert-manager versions you can visit: Cert-manager kubectl Installation guide
Installing Cert-Manager by helm charts
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
2-Installing Nginx ingress controller
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm update
helm install ingress-controller ingress-nginx/ingress-nginx
Or you can check this link for installation from kubectl: Nginx Ingress Controller Installation Guide
3-Configure The Let's Encrypt Certificate Issuer
To finish this you need to create a file for ex. letsencrypt-production.yaml and put the below inside it:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: example@domain.com
privateKeySecretRef:
name: letsencrypt-production
solvers:
- http01:
ingress:
class: nginx
Then execute the following command:
kubectl create -f letsencrypt-production.yaml
And finally you need to create a file for ex. website.yaml and put the below inside it:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mywebsite-ingress
namespace: default
uid: 9d760e20-99e3-4db1-98a3-c32f49450bc1
resourceVersion: '12967504259'
generation: 1
creationTimestamp: '2024-02-22T10:33:48Z'
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
kubernetes.io/ingress.class: nginx
managedFields:
- manager: kubectl-client-side-apply
operation: Update
apiVersion: networking.k8s.io/v1
time: '2024-02-22T10:33:48Z'
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:cert-manager.io/cluster-issuer: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:kubernetes.io/ingress.class: {}
f:spec:
f:rules: {}
f:tls: {}
- manager: nginx-ingress-controller
operation: Update
apiVersion: networking.k8s.io/v1
time: '2024-02-22T10:34:16Z'
fieldsType: FieldsV1
fieldsV1:
f:status:
f:loadBalancer:
f:ingress: {}
subresource: status
selfLink: /apis/networking.k8s.io/v1/namespaces/default/ingresses/mywebsite-ingress
status:
loadBalancer:
ingress:
- ip: 88.88.88.88 #Your ingress-nginx public IP
spec:
tls:
- hosts:
- example.website.com
secretName: letsencrypt-production
rules:
- host: example.website.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wordpress #Or the name of the service that you need to put
port:
number: 80