DevOpsKubernetesSecurity

How to Install HTTPS Let’s Encrypt for Kubernetes

Install cert-manager

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yaml

Create Issuer of Certificates (Let’s Encrypt)

You need to provide unique email param. See below.

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: user@example.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    solvers:
      - http01:
          ingress:
            ingressClassName: nginx

Apply HTTPS for Your App

Deploy a Simple HTTP Server

kubectl create deployment demo --image=httpd --port=80
kubectl expose deployment demo

Create Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-localhost
  annotations:
    cert-manager.io/issuer: "letsencrypt-prod"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - test2.stackthrow.com
    secretName: quickstart-example-tls
  rules:
  - host: test2.stackthrow.com
    http:
      paths:
      - backend:
          service:
            name: demo
            port:
              number: 80
        path: /
        pathType: Prefix

Verify Certificate

kubectl get certificate
#Response
NAME                     READY   SECRET                   AGE
quickstart-tls           True    quickstart-tls           60m
Hi, I’m Vlad

Leave a Reply

Your email address will not be published. Required fields are marked *