Cert manager¶
Steps:
Install Cert-manager onto your cluster
Add LetsEncrypt as an Issuer (or ClusterIssuer)
Update ingress to use certificate
cert-manager¶
The cert-manager is a Kubernetes tool that issues certificates from various certificate providers, including Let’s Encrypt.
Issuers¶
Issuers (and ClusterIssuers) represent a certificate authority from which signed x509 certificates can be obtained, such as Let’s Encrypt.
You will need at least one Issuer or ClusterIssuer to begin issuing certificates within your cluster.
An Issuer is a namespace resource, you will need to create an Issuer in each namespace you wish to obtain Certificates in.
https://dev.to/ileriayo/adding-free-ssltls-on-kubernetes-using-certmanager-and-letsencrypt-a1l
https://cert-manager.io/docs/configuration/
https://cert-manager.io/docs/configuration/acme/dns01/cloudflare/
Issuer vs ClusterIssuer¶
The main difference between the two is that an Issuer can only issue certificates within the same namespace!
If you want your CA to issue certificates in other namespaces as well, you will have to use the ClusterIssuer.
https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
Let’s Encrypt ACME¶
Production Environment:
https://acme-v02.api.letsencrypt.org/directory:
This is the URL for the production environment of Let’s Encrypt. When you use this URL, you are interacting with Let’s Encrypt’s live and official infrastructure. Certificates issued here are valid and trusted by major browsers.
Staging Environment:
https://acme-staging-v02.api.letsencrypt.org/directory:
This is the URL for the staging environment of Let’s Encrypt.
The staging environment is a testing environment provided by Let’s Encrypt for developers to test their ACME client implementations without affecting the production infrastructure.
Certificates issued in the staging environment are not trusted by browsers and are meant for testing purposes only.