Closed coaxial closed 5 years ago
Thanks for that!
Hi,
How about using Traefik as an ingress controller? It has support for kubernetes and also letsencrypt
p.s. I don't have experience with Traefik, I have only done some research on how to solve the certificate issues.
The last time I checked, traefik required secured endpoints to be listed in a global configuration file, which seemed to be a lot of hassle compared to the solution using nginx and kube-lego.
I don't know about that but they made a release a few weeks ago. I think they made some improvements but did not validate them. I will most likely validate the configuration for a single node in the next few days.
This is the feature tracking the native integration between Traefik and K8s: https://github.com/containous/traefik/issues/2542
And here are the latest release notes: Traefik can load tls from secrets.
https://blog.containo.us/traefik-1-6-get-our-latest-tetedemoine-1859164bf521
[1] https://docs.traefik.io/user-guide/cluster/ [2] https://docs.traefik.io/configuration/backends/etcd/ [3] https://docs.traefik.io/configuration/acme/
Just a shout out: ingress-nginx and cert-manager can both be quickly installed via helm, like here:
Keep in mind I have ingress-nginx
running as DaemonSet
, which will distribute it over all the nodes; also letsencrypt issuer for cert-manager is ClusterIssuer
, which allows all namespaces to issue certificates. This is should be kept in mind when using this in multi-tenant environments.
Please have a look here: https://github.com/hobby-kube/guide/pull/58
This has been merged. Thank you @miciek 🍻
According to https://github.com/jetstack/kube-lego, the project is in maintenance mode.
Someone pointed it out here: https://news.ycombinator.com/item?id=17054466, just wanted to make sure you know about it because it's easy to miss comment replies on HN :)