yolokube/traefik-certmanager
yolokube/traefik-certmanager
Archived
3
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
forked from https://github.com/ncsa/traefik-certmanager -> replaced with https://git.ar21.de/yolokube/go-traefik-certmanager
This repository has been archived on 2025-01-23. You can view files and clone it, but cannot push or open issues or pull requests.
23 commits 1 branch 2 tags 3 MiB
Python 100%
Find a file
Tom Neuber 531ceed350 Merge pull request 'chore(deps): update dependency kubernetes to v32' (#4) from renovate/kubernetes-32.x into main 
Reviewed-on: #4
2025-01-23 21:09:11 +01:00
.woodpecker fix(woodpecker): correct core-deployments repo reference 2024-12-23 08:49:38 +01:00
kubernetes chore(deps): update python docker tag to v3.13 2025-01-05 00:05:31 +00:00
.dockerignore version 1.1.0 2023-11-21 23:33:00 -06:00
.gitignore version 1.1.0 2023-11-21 23:33:00 -06:00
CHANGELOG.md version 1.1.0 2023-11-21 23:33:00 -06:00
Dockerfile fix(kubernetes): temporary solution for updated k8s python client 2025-01-05 00:33:58 +01:00
LICENSE Initial commit 2022-10-09 16:03:44 -05:00
main.py test 2025-01-05 00:55:11 +01:00
README.md docs(readme) [skip ci]: adjust CI link 2024-12-30 22:41:01 +01:00
renovate.json chore(config): migrate config renovate.json 2025-01-22 20:07:08 +00:00
requirements.txt chore(deps): update dependency kubernetes to v32 2025-01-23 20:05:47 +00:00
traefik-certmanager.yaml remove legacy crd and add pipeline 2024-12-22 18:17:37 +01:00

README.md

status-badge

This will create a certificate request for IngressRoute objects for Traefik.

Installing Cert-Manager and Traefik

The default values assume you have cert-manager installed, see also cert-manager installation:

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.9.1 \
  --set installCRDs=true

As well as Traefik, see also traefik installation:

helm install \
	traefik traefik/traefik \
  --namespace cert-manager \
  --create-namespace \

Adding ClusterIssuer to Cert-Manager

Next you install the ClusterIssuer using kubectl apply

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    email: manager@example.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: lets-encrypt
    solvers:
      - http01:
          ingress:
            class: ""

Installing Traefik to Cert-Manager

Finally you can install the traefik-certmanager.

kubectl apply -f traefik-certmanager.yaml

This will create a deployment, service account and role that can read/watch IngressRoutes and can add/delete Certficates. When starting it will check all existing IngressRoutes and see if there is a certificate for them (only for those that have a secretName). Next it will watch the addition and/or deleting of IngressRoutes. If an IngressRoute is removed, it can (false by default) remove the certificate as well.

This is an example of a IngressRoute that will be picked up by this deployment:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard
  namespace: traefik
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`traefik.example.com`)
      kind: Rule
      services:
        - name: api@internal
          kind: TraefikService
  tls:
    secretName: trafik.example