GithubHelp home page GithubHelp logo

letsencrypt-rancher-cert-manager-config's Introduction

Let’s Encrypt and Rancher 2.0 with cert-manager

1 - Preparing the enviroment

2 - Install cert-manager on Rancher

Install cert-manager on project level.

  • Rancher > [Cluster] > [Project] > Apps > Launch
  • Find cert-manager and [view details]
  • Set false the option Create Default Cluster Issuer
  • Set cluster as Available Roles
  • Then Launch

3 - Install ingress-nginx

# ingress
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml

# load balancer
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml

4 - Apply the issuer

The issuer is the the layer of comunication between rancher and the letsencrypt.

The content of the file is in: 1-create-prod-issuer.yaml

  1. Change your e-mail on line 9
  2. Run:
kubectl create -f 1-create-prod-issuer.yaml

To view the result, just run: kubectl describe Issuer letsencrypt-staging

5 - Create the ingress

This example uses two hosts: apisslteste.brasilsabido.com.br and apisslteste2.brasilsabido.com.br.

The file to run is 2-create-ingress.yaml.

  1. On line 4, set your ingress name (any name);
  2. On line 12, set the domains list for the ingress;
  3. On lines 18 and 26, is used theese domains;
  4. On lines 22 and 30, set your service name.
  5. Run:
kubectl create -f 2-create-ingress.yaml

5.1 - Creating ingress by rancher interface

  1. Configure the ingress
  2. In ssl/tls, add certificate, then set your host
  3. use the follow annotations:
kubernetes.io/ingress.class=nginx
certmanager.k8s.io/cluster-issuer=letsencrypt-prod
kubernetes.io/tls-acme="true"
  1. Save
  2. An anoing bug is that sometimes the value yaml for spec > tls > hosts > secretName is not filled. This means, that is necessary go [View/Edit Yaml] and add the secret name:
#[...]
  tls:
  - hosts:
    - geoapi.brasilsabido.com.br
    # ADD_THE_NEXT_LINE
    secretName: letsencrypt-prod
status:
  loadBalancer:
#[...]

Rancher

Rancher

References

Troubleshooting

If the message customresourcedefinitions.apiextensions.k8s.io "certificates.certmanager.k8s.io" already exists, is necessary delete the customresourcedefinition.

kubectl get customresourcedefinition | certmanager
kubectl delete customresourcedefinition challenges.certmanager.k8s.io

letsencrypt-rancher-cert-manager-config's People

Contributors

verissimor avatar

Stargazers

avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.