This repository has been archived on 2025-01-23. You can view files and clone it, but cannot push or open issues or pull requests.
traefik-certmanager/README.md

78 lines
2 KiB
Markdown
Raw Normal View History

2022-10-09 23:18:29 +02:00
This will create a certificate request for IngressRoute objects for Traefik.
# Installing Cert-Manager and Traefik
The default values assume you have cert-manager installed, see also [cert-manager installation](https://cert-manager.io/docs/installation/helm/):
```bash
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.9.1 \
--set installCRDs=true
```
As well as Traefik, see also [traefik installation](https://doc.traefik.io/traefik/getting-started/install-traefik/#use-the-helm-chart):
```
helm install \
traefik traefik/traefik \
--namespace cert-manager \
--create-namespace \
```
## Adding ClusterIssuer to Cert-Manager
Next you install the ClusterIssuer using `kubectl apply`
```yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
email: manager@example.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: lets-encrypt
solvers:
- http01:
ingress:
class: ""
```
# Installing Traefik to Cert-Manager
Finally you can install the traefik-certmanager.
```bash
kubectl apply -f traefik-certmanager.yaml
```
This will create a deployment, service account and role that can read/watch IngressRoutes and can add/delete Certficates. When starting it will check all existing IngressRoutes and see if there is a certificate for them (only for those that have a secretName). Next it will watch the addition and/or deleting of IngressRoutes. If an IngressRoute is removed, it can (false by default) remove the certificate as well.
This is an example of a IngressRoute that will be picked up by this deployment:
```yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard
namespace: traefik
spec:
entryPoints:
- websecure
routes:
- match: Host(`traefik.example.com`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
tls:
secretName: trafik.example
```