traefik-certmanager/README.md

[![status-badge](https://woodpecker.ar21.de/api/badges/34/status.svg)](https://woodpecker.ar21.de/repos/34)

This will create a certificate request for IngressRoute objects for Traefik. 

# Installing Cert-Manager and Traefik

The default values assume you have cert-manager installed, see also [cert-manager installation](https://cert-manager.io/docs/installation/helm/):

```bash
helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.9.1 \
  --set installCRDs=true
```

As well as Traefik, see also [traefik installation](https://doc.traefik.io/traefik/getting-started/install-traefik/#use-the-helm-chart):

```
helm install \
	traefik traefik/traefik \
  --namespace cert-manager \
  --create-namespace \

```

## Adding ClusterIssuer to Cert-Manager

Next you install the ClusterIssuer using `kubectl apply`

```yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    email: manager@example.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: lets-encrypt
    solvers:
      - http01:
          ingress:
            class: ""
```

# Installing Traefik to Cert-Manager

Finally you can install the traefik-certmanager. 

```bash
kubectl apply -f traefik-certmanager.yaml
```

This will create a deployment, service account and role that can read/watch IngressRoutes and can add/delete Certficates. When starting it will check all existing IngressRoutes and see if there is a certificate for them (only for those that have a secretName). Next it will watch the addition and/or deleting of IngressRoutes. If an IngressRoute is removed, it can (false by default) remove the certificate as well.

This is an example of a IngressRoute that will be picked up by this deployment:

```yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard
  namespace: traefik
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`traefik.example.com`)
      kind: Rule
      services:
        - name: api@internal
          kind: TraefikService
  tls:
    secretName: trafik.example
```
docs(readme) [skip ci]: adjust CI link 2024-12-30 22:41:01 +01:00			`[![status-badge](https://woodpecker.ar21.de/api/badges/34/status.svg)](https://woodpecker.ar21.de/repos/34)`
edit readme 2024-12-22 18:41:28 +01:00
initial code 2022-10-09 23:18:29 +02:00			`This will create a certificate request for IngressRoute objects for Traefik.`

			`# Installing Cert-Manager and Traefik`

			`The default values assume you have cert-manager installed, see also [cert-manager installation](https://cert-manager.io/docs/installation/helm/):`

			```bash
			`helm install \`
			`cert-manager jetstack/cert-manager \`
			`--namespace cert-manager \`
			`--create-namespace \`
			`--version v1.9.1 \`
			`--set installCRDs=true`
			```

			`As well as Traefik, see also [traefik installation](https://doc.traefik.io/traefik/getting-started/install-traefik/#use-the-helm-chart):`

			```
			`helm install \`
			`traefik traefik/traefik \`
			`--namespace cert-manager \`
			`--create-namespace \`

			```

			`## Adding ClusterIssuer to Cert-Manager`

			Next you install the ClusterIssuer using `kubectl apply`

			```yaml
			`apiVersion: cert-manager.io/v1`
			`kind: ClusterIssuer`
			`metadata:`
			`name: letsencrypt`
			`spec:`
			`acme:`
			`email: manager@example.com`
			`server: https://acme-v02.api.letsencrypt.org/directory`
			`privateKeySecretRef:`
			`name: lets-encrypt`
			`solvers:`
			`- http01:`
			`ingress:`
			`class: ""`
			```

			`# Installing Traefik to Cert-Manager`

			`Finally you can install the traefik-certmanager.`

			```bash
			`kubectl apply -f traefik-certmanager.yaml`
			```

			`This will create a deployment, service account and role that can read/watch IngressRoutes and can add/delete Certficates. When starting it will check all existing IngressRoutes and see if there is a certificate for them (only for those that have a secretName). Next it will watch the addition and/or deleting of IngressRoutes. If an IngressRoute is removed, it can (false by default) remove the certificate as well.`

			`This is an example of a IngressRoute that will be picked up by this deployment:`

			```yaml
			`apiVersion: traefik.containo.us/v1alpha1`
			`kind: IngressRoute`
			`metadata:`
			`name: traefik-dashboard`
			`namespace: traefik`
			`spec:`
			`entryPoints:`
			`- websecure`
			`routes:`
			- match: Host(`traefik.example.com`)
			`kind: Rule`
			`services:`
			`- name: api@internal`
			`kind: TraefikService`
			`tls:`
			`secretName: trafik.example`
			```