In this article, I’ll shortly describe how to get an SSL certificate with HTTP01 validation and a wildcard certificate with DNS01 validation on AWS example.

Image for post

So we already have some ingress and HELM for our k8s cluster, and we want to get some certs for domain

Let’s install cert-manager using HELM:

helm install --namespace kube-system -n cert-manager stable/cert-manager

If you prefer to use the latest chart version for cert-manager you can follow the instructions here.

For issuing some certificates we need to have at least one Issuer or ClusterIssuer. The difference between them that Issuer works only inside one namespace, unlike ClusterIssuer which works globally for the cluster.

Let’s create ClusterIssuer:

cat <<EOF | kubectl create -f -
kind: ClusterIssuer
  name: le-clusterissuer
  namespace: kube-system
      name: le-clusterissuer
    http01: {}

What’s there:

  • le-clusteissuer — ClusterIssuer name
  • — mailbox for receiving emails from Let’s Encrypt
  • http01: {} — validation method

After creating ClusterIssuer we can check the status:

kubectl describe clusterissuer le-clusterissuer -n kube-system | egrep "Status|Message"
    Message:    The ACME account was registered with the ACME server
    Status:     True

So now we have ClusterIssuer, and we can create new certificates.

#aws #kubernetes #lets-encrypt #cert-manager #ssl

Getting wildcard SSL certificate in Kubernetes with cert-manager
36.80 GEEK