diff --git a/Kubernetes.md b/Kubernetes.md index 22c2dc2..92dacc0 100644 --- a/Kubernetes.md +++ b/Kubernetes.md @@ -75,6 +75,56 @@ save and apply the L2Advertisement config kubectl apply -f file.yaml ``` +# Certificate manager with Let'sEncrypt certificate issuer + +CM allows us to issue and maintain SSL certificates in our cluster +``` +kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml +``` + +By default it will issue fake, self signed certificates , but if your cluster is available directly form the internet you can issue let'sencrypt certs +so we need to create a file +``` +CapiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: + privateKeySecretRef: + name: letsencrypt-prod-key + solvers: + - http01: + ingress: + class: internal-nginx + podTemplate: + spec: + nodeSelector: + "kubernetes.io/os": linux +``` +Customize and then apply it: +``` +kubectl apply -f file.yml +``` + +To issue valid certs you will need to add these toingress configs for your services + +``` +... +metadata: + annotations: + cert-manager.io/cluster-issuer:letsencrypt-prod +... +spec: +... + tls: + - hosts: + - + secretName: some-secret-tls +... +``` # Ingress nginx