search

techno-tim / launchpad

A collection of quick starters for ansible, kubernetes, docker, linux, windows, and more. Great for HomeLabs!
https://technotim.live
1.43k stars 474 forks source link

Cert-manager traefik dashboard tls #54

Closed colts45s closed 6 months ago

colts45s commented 6 months ago

Great video series, Definitely some fun stuff learned while migrating my docker swarm to kubernetes.

In the file launchpad/kubernetes/traefik-cert-manager/traefik/dashboard/ingress.yaml, the tls secret, that is now commented out, won't work because the certificate is generated in the default namespace while the ingressRoute defined for the dashboard is defined in the traefik namespace. I think you would need to either create some form of trust, duplication, or have this all in the default namespace. In the video I think you mentioned that having the certificate in the default namespace would make it available to all other services? Perhaps you meant that it would be available to all services in the default namespace? The nginx sample works fine because the whole example is defined in the default namespace, but you can not access secrets between different namespaces without additional configuration.

If I am mistaken please disregard

timothystewart6 commented 6 months ago

Great video series, Definitely some fun stuff learned while migrating my docker swarm to kubernetes.

In the file launchpad/kubernetes/traefik-cert-manager/traefik/dashboard/ingress.yaml, the tls secret, that is now commented out, won't work because the certificate is generated in the default namespace while the ingressRoute defined for the dashboard is defined in the traefik namespace. I think you would need to either create some form of trust, duplication, or have this all in the default namespace. In the video I think you mentioned that having the certificate in the default namespace would make it available to all other services? Perhaps you meant that it would be available to all services in the default namespace? The nginx sample works fine because the whole example is defined in the default namespace, but you can not access secrets between different namespaces without additional configuration.

If I am mistaken please disregard

Check out https://github.com/emberstack/kubernetes-reflector, that's what I use to mirror secrets to multiple namespaces

I even have docs on it :) https://technotim.live/posts/k8s-reflector/