kube-lego is in maintenance mode only

[coaxial]

According to https://github.com/jetstack/kube-lego, the project is in maintenance mode.

Someone pointed it out here: https://news.ycombinator.com/item?id=17054466, just wanted to make sure you know about it because it's easy to miss comment replies on HN :)

[pstadler]

Thanks for that!

[ieugen]

Hi,

How about using Traefik as an ingress controller? It has support for kubernetes and also letsencrypt

p.s. I don't have experience with Traefik, I have only done some research on how to solve the certificate issues.

[1] https://docs.traefik.io/user-guide/kubernetes/

[pstadler]

The last time I checked, traefik required secured endpoints to be listed in a global configuration file, which seemed to be a lot of hassle compared to the solution using nginx and kube-lego.

[ieugen]

I don't know about that but they made a release a few weeks ago. I think they made some improvements but did not validate them. I will most likely validate the configuration for a single node in the next few days.

This is the feature tracking the native integration between Traefik and K8s: https://github.com/containous/traefik/issues/2542

And here are the latest release notes: Traefik can load tls from secrets.

https://blog.containo.us/traefik-1-6-get-our-latest-tetedemoine-1859164bf521

[1] https://docs.traefik.io/user-guide/cluster/ [2] https://docs.traefik.io/configuration/backends/etcd/ [3] https://docs.traefik.io/configuration/acme/

[Informatic]

Just a shout out: ingress-nginx and cert-manager can both be quickly installed via helm, like here:

https://git.io/vh2c3

Keep in mind I have ingress-nginx running as DaemonSet, which will distribute it over all the nodes; also letsencrypt issuer for cert-manager is ClusterIssuer, which allows all namespaces to issue certificates. This is should be kept in mind when using this in multi-tenant environments.

[miciek]

Please have a look here: https://github.com/hobby-kube/guide/pull/58

[pstadler]

This has been merged. Thank you @miciek 🍻