Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to use KubeSphere to install cert-manager in K8s to enable HTTPS for the website. Many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

What is cert-manager?

Cert-manager (https://cert-manager.io/) is the native certificate management controller for Kubernetes. It can help issue certificates from a variety of sources, such as Let's Encrypt,HashiCorp Vault,Venafi, simple signing key pairs, or self-signing. It ensures that the certificate is valid and up to date and attempts to renew the certificate at the configured time before it expires. It is roughly based on the principles of kube-lego and draws some wisdom from other similar projects, such as kube-cert-manager.

Cert-maganer

Preparation requires an IP accessible to the public network. For example, 139.198.121.121 requires a domain name and has been resolved to the corresponding IP, such as A kubesphere.io 139.198.121.121. We have resolved the staging.kubesphere.io domain name to the corresponding service of 139.198.121.121 that is already running on the KubeSphere. For example, ks-console in this example enables the project gateway.

Log in to KubeSphere and enter any project in the enterprise space.

Enable the gateway under the corresponding project in KubeSphere.

We open a NodePort gateway, which needs to be forwarded to the gateway port using LoadBalancer outside the cluster to bind 139.198.121.121 to LoadBalancer, so that we can directly access our services through the public network IP. If the Kubernetes cluster is on a physical machine, you can install Porter (https://porter.kubesphere.io) load balancer to expose the cluster service to the public. If you are on the public cloud, you can install and configure the load balancer plug-in supported by the public cloud, then create a LoadBalancer gateway and enter the eip corresponding to the public network IP. The load balancer will be automatically created and the port will be forwarded to the gateway.

Install cert-manager

For detailed installation documentation, please refer to cert-manager.

When cert-manager is deployed, a webhook is created to verify that cert-manager-related objects conform to the format, but it also increases the complexity of deployment. Here we use an official no-webhook version of the installation.

You can open Web Kubectl in the toolbox in the lower right corner of KubeSphere.

From Web Kubectl, execute the following command to install cert-manager:

# Install the CustomResourceDefinitions and cert-manager itself

Kubectl apply-f https://github.com/jetstack/cert-manager/releases/download/v0.11.0/cert-manager-no-webhook.yaml

Create Issuer

Issuer is a concept in cert-manager that represents the issuer of a certificate. In this example, we use the free letsencrypt to obtain the TLS certificate.

Execute the following command in kubectl to create an Issuer available for the kubesphere-system project (pay attention to modifying the project and email information)

Kubectl-n kubesphere-system create-f-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.