Install Cert-Manager
for details :
https://cert-manager.io/docs/tutorials/acme/nginx-ingress/
Install cert manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yamlInstall issuer
Let's encrypt give you two environment, staging and production.
- Create a ClusterIssuer rather than Issuer because the Issuer have namespace scope only into staging environnement. If you want to create issuer into a namespace, change ClusterIssuer with Issuer into Yaml file bellow
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: androidbakyass@gmail.com
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- http01:
ingress:
ingressClassName: nginxingress with cert-manager annotation
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak-development-ingress
namespace: "keycloak-dev"
annotations:
cert-manager.io/issue-temporary-certificate: "true"
acme.cert-manager.io/http01-edit-in-place: "true"
cert-manager.io/cluster-issuer: "letsencrypt-staging"
nginx.ingress.kubernetes.io/force-ssl-redirect: 'false'
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/enable-cors: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- bakdevops.com
secretName: bakdevops-tls
rules:
- host: bakdevops.com
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: keycloak-development-service
port:
number: 53582cert-manager create a certificate and a certificate request then a challange and then an order to validate the ceritifcate
kubectl get challenges
kubectl get order
kubectl get certificate
kubectl get certificaterequestYou can change and get prod issuer :
cert-manager.io/cluster-issuer: "letsencrypt-prod"Troubleshooting
https://cert-manager.io/docs/troubleshooting/