-
-
Save vfarcic/8c42a986668fd8090cc42de38a0a036c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Source: https://gist.github.com/8c42a986668fd8090cc42de38a0a036c | |
################################################################################# | |
# What Is HTTPS? How Does It Work? Automate With cert-manager And Let's Encrypt # | |
# https://youtu.be/D7ijCjE31GA # | |
################################################################################# | |
# Additional Info: | |
# - cert-manager: https://cert-manager.io | |
# - Let's Encrypt: https://letsencrypt.org | |
######### | |
# Setup # | |
######### | |
git clone https://github.com/vfarcic/cert-manager-demo | |
cd cert-manager-demo | |
# Create a Kubernetes cluster with Ingress set as detault | |
helm repo add jetstack https://charts.jetstack.io | |
helm repo update | |
helm upgrade --install cert-manager jetstack/cert-manager \ | |
--namespace cert-manager --create-namespace \ | |
--set installCRDs=true --wait | |
kubectl create namespace production | |
# Set up DNS records to point to the `EXTERNAL-IP` of the Ingress Service | |
# Replace the value with the (sub)domain you have set up for the demo | |
export SILLY_DEMO_ADDR=app.silly-demo.com | |
# Install `yq` from https://github.com/mikefarah/yq if you do not have it already | |
yq --inplace \ | |
".spec.rules[0].host = \"$SILLY_DEMO_ADDR\"" \ | |
app/ing.yaml | |
# Replace `[...]` with your email | |
export EMAIL=[...] | |
yq --inplace \ | |
".spec.acme.email = \"$EMAIL\"" \ | |
issuer.yaml | |
# Change the value if NOT using `traefik` as the Ingress Controller | |
export INGRESS_CLASS=traefik | |
yq --inplace \ | |
".spec.acme.solvers[0].http01.ingress.class = \"$INGRESS_CLASS\"" \ | |
issuer.yaml | |
##################################### | |
# Applications Without HTTPS Access # | |
##################################### | |
cat app/ing.yaml | |
kubectl --namespace production apply --filename app | |
echo "http://$SILLY_DEMO_ADDR" | |
############################################################## | |
# Enable HTTPS Access Through cert-manager And Let's Encrypt # | |
############################################################## | |
echo "https://$SILLY_DEMO_ADDR" | |
cat issuer.yaml | |
kubectl apply --filename issuer.yaml | |
cat certificate.yaml | |
kubectl --namespace production apply --filename certificate.yaml | |
# Add `cert-manager.io/cluster-issuer: production` to `metadata.annotations` in `app/ing.yaml` | |
kubectl --namespace production apply --filename app | |
kubectl --namespace production \ | |
get issuers,certificaterequests,certificates,orders,secrets | |
echo "https://$SILLY_DEMO_ADDR" | |
########### | |
# Destroy # | |
########### | |
yq --inplace \ | |
"del(.metadata.annotations.\"cert-manager.io/cluster-issuer\")" \ | |
app/ing.yaml | |
# Destroy or reset the cluster |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment