Skip to content

Instantly share code, notes, and snippets.

@riskiwah

riskiwah/README.md

Created June 27, 2024 17:33
Show Gist options
  • Save riskiwah/d9280211622d0bd34eeef77ad042632c to your computer and use it in GitHub Desktop.
Save riskiwah/d9280211622d0bd34eeef77ad042632c to your computer and use it in GitHub Desktop.
Download ZIP
[k3s] traefik cert manager selfsign
Raw
README.md

Traefik cert-manager selfsign redirect

Generate CA and ClusterIssuer

---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned-cluster-issuer
  namespace: cert-manager
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: majumundur-ca
  namespace: cert-manager
spec:
  isCA: true
  commonName: majumundur-aszek
  secretName: root-secret
  subject:
    organizations:
      - "MajuMundur Corp."
  emailAddresses:
    - good@example.com
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048
  issuerRef:
    name: selfsigned-cluster-issuer
    kind: ClusterIssuer
    group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: majumundur-ca-cluster-issuer
  namespace: cert-manager
spec:
  ca:
    secretName: root-secret

(Optional) Traefik middleware

kind: Middleware
metadata:
  name: https-redirect
  namespace: app
spec:
  redirectScheme:
    scheme: https
    permanent: true

Sample deployment and ingress

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:alpine
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
  namespace: app
spec:
  type: ClusterIP
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
  selector:
    app: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: app
  annotations:
    cert-manager.io/cluster-issuer: "majumundur-ca-cluster-issuer"
    traefik.ingress.kubernetes.io/router.middlewares: app-https-redirect@kubernetescrd
    #cert-manager.io/common-name: "majumundur-aszek"
    #cert-manager.io/subject-organizations: "MajuMundur Corp."
spec:
  ingressClassName: traefik
  tls:
  - hosts:
    - nginx.k3s.internal
    secretName: nginx.k3s.int-tls
  rules:
  - host: nginx.k3s.internal
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-service
            port:
              number: 80
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment