# Overview

Lots of options around the web, this is what worked best for me so far;

Based on results here:
https://traefik.io/blog/https-on-kubernetes-using-traefik-proxy/

# Steps
Do a manual dns certbot to create lets encrypt certs

```bash
docker run -v /tmp/cert:/etc/letsencrypt/archive -it certbot/certbot certonly --preferred-challenges dns --manual

mv /tmp/cert/[your-domain] .
```

Create the secret from the files generated by letsencrypt
```bash
kubectl create secret generic [your-domain]-secret --from-file=tls.crt=[your-domain]/fullchain1.pem --from-file=tls.key=[your-domain]/privkey1.pem
```

Replace the default traefik ssl cert with your letsencrypt one (`default-cert.yaml`)
```yaml
apiVersion: traefik.containo.us/v1alpha1
kind: TLSStore
metadata:
  name: default
  namespace: default
spec:
  defaultCertificate:
    secretName: [your-domain]-secret
```

Apply the file
```bash
kubectl apply -f default-cert.yaml
```

Make sure you have a k8s deployment with TLS like
```yaml
apiVersion: v1
items:
- apiVersion: networking.k8s.io/v1
  kind: Ingress
...
  spec:
    rules:
    - host: bitwarden.[your-domain]
      http:
        paths:
        - backend:
            service:
              name: bitwarden-bitwarden-k8s
              port:
                number: 80
          path: /
          pathType: Prefix
    tls:
    - hosts:
      - bitwarden.[your-domain]
```

Check connectivity
```bash
curl https://bitwarden.[your-domain]

# if something is incorrect, sometimes `curl` is a bit more helpful
# at helping determining what went wrong
```