We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
First, use helm to install the ingress controller:
$ helm install stable/nginx-ingress --name nginx-ingress --set controller.publishService.enabled=true
NAME: nginx-ingress
LAST DEPLOYED: ...
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/ConfigMap
NAME DATA AGE
nginx-ingress-controller 1 0s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-7658988787-npv28 0/1 ContainerCreating 0 0s
nginx-ingress-default-backend-7f5d59d759-26xq2 0/1 ContainerCreating 0 0s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress-controller LoadBalancer 10.245.9.107 <pending> 80:31305/TCP,443:30519/TCP 0s
nginx-ingress-default-backend ClusterIP 10.245.221.49 <none> 80/TCP 0s
==> v1/ServiceAccount
NAME SECRETS AGE
nginx-ingress 1 0s
==> v1beta1/ClusterRole
NAME AGE
nginx-ingress 0s
==> v1beta1/ClusterRoleBinding
NAME AGE
nginx-ingress 0s
==> v1beta1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-ingress-controller 0/1 1 0 0s
nginx-ingress-default-backend 0/1 1 0 0s
==> v1beta1/Role
NAME AGE
nginx-ingress 0s
==> v1beta1/RoleBinding
NAME AGE
nginx-ingress 0s
NOTES:
...
Then wait for it to become available:
$ kubectl get services -o wide -w nginx-ingress-controller
Then you need to add the jetstack helm repo:
$ helm repo add jetstack https://charts.jetstack.io
"jetstack" has been added to your repositories
Then, you can install cert-manager:
$ helm install --name cert-manager --namespace cert-manager jetstack/cert-manager --set installCRDs=true
NAME: cert-manager
LAST DEPLOYED: ...
NAMESPACE: cert-manager
STATUS: DEPLOYED
RESOURCES:
==> v1/ClusterRole
NAME AGE
cert-manager-edit 3s
cert-manager-view 3s
cert-manager-webhook:webhook-requester 3s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
cert-manager-5d669ffbd8-rb6tr 0/1 ContainerCreating 0 2s
cert-manager-cainjector-79b7fc64f-gqbtz 0/1 ContainerCreating 0 2s
cert-manager-webhook-6484955794-v56lx 0/1 ContainerCreating 0 2s
...
NOTES:
cert-manager has been deployed successfully!
In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
More information on the different types of issuers and how to configure them
can be found in our documentation:
https://docs.cert-manager.io/en/latest/reference/issuers.html
For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:
https://docs.cert-manager.io/en/latest/reference/ingress-shim.html
Lastly, set up an issuer which takes care of managing the certificates:
production-issuer.yaml
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: pieter@yellowduck.be
privateKeySecretRef:
name: letsencrypt-production
solvers:
- http01:
ingress:
class: nginx
Deploy it:
$ kubectl apply -f production-issuer.yaml
clusterissuer.certmanager.k8s.io/letsencrypt-production created
Before we can issue the certificates, we need to create A records on the DNS server pointing to the load balancer. First, get the external IP address of the load balancer:
$ kubectl get service nginx-ingress-controller
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress-controller LoadBalancer 10.0.254.55 52.136.238.205 80:30753/TCP,443:32721/TCP 17m
The external IP address is 52.136.238.205 in this case.
On the DNS server, add the following records:
mywebsite.webhost.com A 52.136.238.205
Once you did this, create the ingress defintion:
ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
annotations:
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/cluster-issuer: letsencrypt-production
spec:
tls:
- hosts:
- mywebsite.webhost.com
secretName: letsencrypt-prod
rules:
- host: mywebsite.webhost.com
http:
paths:
- backend:
serviceName: <my-service>
servicePort: 80
Apply this as well and you're done.
$ kubectl apply -f ingress.yaml
If you now browse to https://mywebsite.webhost.com, the correct content should show up and you should see that it's using a Let's Encrypt certificate.
If this post was enjoyable or useful for you, please share it! If you have comments, questions, or feedback, you can email my personal email. To get new posts, subscribe use the RSS feed.