yolokube/traefik-certmanager
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
traefik-certmanager/README.md
Aaron Riedel 131a1f4106
edit readme
2024-12-22 18:41:28 +01:00

79 lines
2.1 KiB
Markdown
Raw Blame History

[![status-badge](https://woodpecker.ar21.de/api/badges/33/status.svg)](https://woodpecker.ar21.de/repos/33)
This will create a certificate request for IngressRoute objects for Traefik.
# Installing Cert-Manager and Traefik
The default values assume you have cert-manager installed, see also [cert-manager installation](https://cert-manager.io/docs/installation/helm/):
```bash
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.9.1 \
--set installCRDs=true
```
As well as Traefik, see also [traefik installation](https://doc.traefik.io/traefik/getting-started/install-traefik/#use-the-helm-chart):
```
helm install \
traefik traefik/traefik \
--namespace cert-manager \
--create-namespace \
```
## Adding ClusterIssuer to Cert-Manager
Next you install the ClusterIssuer using `kubectl apply`
```yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
email: manager@example.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: lets-encrypt
solvers:
- http01:
ingress:
class: ""
```
# Installing Traefik to Cert-Manager
Finally you can install the traefik-certmanager.
```bash
kubectl apply -f traefik-certmanager.yaml
```
This will create a deployment, service account and role that can read/watch IngressRoutes and can add/delete Certficates. When starting it will check all existing IngressRoutes and see if there is a certificate for them (only for those that have a secretName). Next it will watch the addition and/or deleting of IngressRoutes. If an IngressRoute is removed, it can (false by default) remove the certificate as well.
This is an example of a IngressRoute that will be picked up by this deployment:
```yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard
namespace: traefik
spec:
entryPoints:
- websecure
routes:
- match: Host(`traefik.example.com`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
tls:
secretName: trafik.example
```
Reference in a new issue View git blame Copy permalink