Wild card certificate using cert-manager in Kubernetes
Overview
After spending the two days finally manage to get the wild card certificate using cert-manager. Sharing here YAML files for reference.
Cert-manager support the two auth method : https://cert-manager.io/docs/configuration/acme/
- HTTP01
- DNS01
for the wild card, DNS01 is required to use.
Cert-manager support the various DNS provider for the verification process, https://cert-manager.io/docs/configuration/acme/dns01/#supported-dns01-providers.
For this demo, we will be using AWS Route 53 as a DNS provider.
Steps
Create Kubernetes secret to store the credentials of AWS secret key & access key which later will be used by cert-manager.
kubectl create secret route53-secret --namespace=cert-manager --from-literal=secret-access-key=<Your ACCESS Key>
Setup & install the cert-manager in K8s cluster using any preferred method
Once the cert-manager is set, verify the installation.
YAML config file
Use above the YAML issuer config and apply it.
You can check the certificate status using the command :
kubectl get certificate -n <namespace name>
As soon certificate is ready you can use it with ingress and the wildcard certificate will be working from let’s encrypt.
Ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
certmanager.k8s.io/issuer: "letsencrypt-prod"
certmanager.k8s.io/acme-challenge-type: dns01
certmanager.k8s.io/acme-dns01-provider: route53
name: ingress-resource-tls
namespace: default
spec:
rules:
- host: "hello.devops.example.in"
http:
paths:
- backend:
serviceName: hello-app
servicePort: 8080
path: /
pathType: ImplementationSpecific
tls:
- hosts:
- "hello.devops.example.in"
secretName: tls-secret