kube-lego automatically requests certificates for Kubernetes Ingress resources from Let's Encrypt.<\/p>\n
ref: I run kube-lego v0.1.5 with Kubernetes v1.9.4, everything works very well.<\/p>\n It is strongly recommended to try Let's Encrypt Staging API first.<\/p>\n ref:
\nhttps:\/\/github.com\/jetstack\/kube-lego<\/a>
\nhttps:\/\/letsencrypt.org\/<\/a><\/p>\nDeploy kube-lego<\/h2>\n
# kube-lego\/deployment.yaml\nkind: Namespace\napiVersion: v1\nmetadata:\n name: kube-lego\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: kube-lego\n namespace: kube-lego\ndata:\n LEGO.EMAIL: \"your@email.com\"\n # LEGO.URL: \"https:\/\/acme-v01.api.letsencrypt.org\/directory\"\n LEGO.URL: \"https:\/\/acme-staging.api.letsencrypt.org\/directory\"\n---\nkind: Deployment\napiVersion: apps\/v1\nmetadata:\n name: kube-lego\n namespace: kube-lego\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: kube-lego\n template:\n metadata:\n labels:\n app: kube-lego\n spec:\n containers:\n - name: kube-lego\n image: jetstack\/kube-lego:0.1.5\n ports:\n - containerPort: 8080\n env:\n - name: LEGO_LOG_LEVEL\n value: debug\n - name: LEGO_EMAIL\n valueFrom:\n configMapKeyRef:\n name: kube-lego\n key: LEGO.EMAIL\n - name: LEGO_URL\n valueFrom:\n configMapKeyRef:\n name: kube-lego\n key: LEGO.URL\n - name: LEGO_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: LEGO_POD_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n readinessProbe:\n httpGet:\n path: \/healthz\n port: 8080\n initialDelaySeconds: 5\n timeoutSeconds: 1<\/code><\/pre>\n
\nhttps:\/\/github.com\/jetstack\/kube-lego\/tree\/master\/examples<\/a><\/p>\n$ kubectl apply -f kube-lego\/ -R<\/code><\/pre>\nConfigure the Ingress<\/h2>\n
\n
kubernetes.io\/tls-acme: "true"<\/code> to metadata.annotations<\/code><\/li>\nspec.tls.hosts<\/code>.<\/li>\n<\/ul>\nspec.tls.secretName<\/code> is the Secret used to store the certificate received from Let's Encrypt, i.e., tls.key<\/code> and tls.crt<\/code>. If no Secret exists with that name, it will be created by kube-lego.<\/p>\n# ingress.yaml\nkind: Ingress\napiVersion: extensions\/v1beta1\nmetadata:\n name: simple-project\n annotations:\n kubernetes.io\/ingress.class: \"gce\"\n kubernetes.io\/tls-acme: \"true\"\nspec:\n tls:\n - secretName: kittenphile-com-tls\n hosts:\n - kittenphile.com\n - www.kittenphile.com\n - api.kittenphile.com\n rules:\n - host: kittenphile.com\n http:\n paths:\n - path: \/*\n backend:\n serviceName: simple-frontend\n servicePort: http\n - host: www.kittenphile.com\n http:\n paths:\n - path: \/*\n backend:\n serviceName: simple-frontend\n servicePort: http\n - host: api.kittenphile.com\n http:\n paths:\n - path: \/*\n backend:\n serviceName: simple-api\n servicePort: http<\/code><\/pre>\n