Created
December 25, 2022 17:55
-
-
Save gjreasoner/e56d14571b92d4c670d96bafb5822dd4 to your computer and use it in GitHub Desktop.
Revisions
-
gjreasoner created this gist
Dec 25, 2022 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,69 @@ # Overview Lots of options around the web, this is what worked best for me so far; Based on results here: https://traefik.io/blog/https-on-kubernetes-using-traefik-proxy/ # Steps Do a manual dns certbot to create lets encrypt certs ```bash docker run -v /tmp/cert:/etc/letsencrypt/archive -it certbot/certbot certonly --preferred-challenges dns --manual mv /tmp/cert/[your-domain] . ``` Create the secret from the files generated by letsencrypt ```bash kubectl create secret generic [your-domain]-secret --from-file=tls.crt=[your-domain]/fullchain1.pem --from-file=tls.key=[your-domain]/privkey1.pem ``` Replace the default traefik ssl cert with your letsencrypt one (`default-cert.yaml`) ```yaml apiVersion: traefik.containo.us/v1alpha1 kind: TLSStore metadata: name: default namespace: default spec: defaultCertificate: secretName: [your-domain]-secret ``` Apply the file ```bash kubectl apply -f default-cert.yaml ``` Make sure you have a k8s deployment with TLS like ```yaml apiVersion: v1 items: - apiVersion: networking.k8s.io/v1 kind: Ingress ... spec: rules: - host: bitwarden.[your-domain] http: paths: - backend: service: name: bitwarden-bitwarden-k8s port: number: 80 path: / pathType: Prefix tls: - hosts: - bitwarden.[your-domain] ``` Check connectivity ```bash curl https://bitwarden.[your-domain] # if something is incorrect, sometimes `curl` is a bit more helpful # at helping determining what went wrong ```