[09.02] Certificate for a dynamic DNS domain in Kubernetes through cert-manager
Вставка
- Опубліковано 15 сер 2024
- ** CLARIFICATION **
at time code 9:25 I am modifying the service account. In video [09.01] I indicate not to touch or change the service account name and let cert-manager create its own. These two options don't work well together. Best course of action is to not touch any of the two options, neither in the cert-manager nor in this file. Leave the service account name alone and use the defaults for both deployments.
** CLARIFICATION **
In this video I install the duckdns webhook to and show how to acquire a valid certifiate for a dynamic DNS. I will walk through a few alternate resolvers for dynamic and Fully Qualified Domain Names (FQDN) but focus on duckdns during the implementation. I will highlight some of the challenges I ran into but also provide sources for how to overcome these challenges. I will download a deployment and walk through its installation process as adding a repository was not possible anymore.
Last but not least I will test the deployment and obtain a staging certificate and highlight what needs to be modified to acquire production level certificates.
Webhooks for kubernetes cert-manager
Duckdns - github.com/ebr...
Linode - github.com/sli...
Digital Ocean - cert-manager.i...
Freedns/Afraid.org - github.com/tgc...
Dynu - github.com/Dop...
No-IP - / minikube-and-lets-encrypt
CloudDNS - julz.github.io...
Chapters:
0:00 Introduction into this video
0:29 Reviewing different cert-manager webhooks
2:14 Challanges with the webhook deployment
2:35 Overcoming the outlined challenges
3:00 Adjustments to cert-manager
5:23 Challanges with the webhook deployment
5:48 Overcoming challenges - reviewing instructions
6:33 Downloading the webhook repo
7:12 Finding and configuring the values file for the installation with helm
12:55 Testing duckdns webhook
19:28 Reviewing the certificate provided through the cert-manager
20:32 Migrating the staging service to the production issuer
21:33 Summary
Commands:
6:55 git clone github.com/ebr...
11:40 helm install cert-manager-webhook-duckdns -n cert-manager -f duckdns-webhook-values.yaml ./deploy/cert-manager-webhook-duckdns
17:35 watch kubectl get challenge,certificaterequest,certificate,secret,orders -n test-web
Yamls:
1 apiVersion: networking.k8s.io/v1
2 kind: Ingress
3 metadata:
4 name: ingress-resource
5 namespace: test-web
6 annotations:
7 cert-manager.io/cluster-issuer: "cert-manager-webhook-duckdns-staging"
8 kubernetes.io/ingress.class: "nginx"
9 #acme.cert-manager.io/http01-edit-in-place: "true"
10 spec:
11 tls:
12 - hosts:
13 - >YourDomainNameHERE<.duckdns.org
14 secretName: tls-secret
15 ingressClassName: nginx
16 rules:
17 - host: >YourDomainNameHERE<.duckdns.org
18 http:
19 paths:
20 - path: /
21 pathType: Prefix
22 backend:
23 service:
24 name: nginx-deploy-main
25 port:
26 number: 80
Sources:
Certificate manager website & documentation - cert-manager.io
Github duckdns webhook - github.com/ebr...
Installing the duckdns webhook without repository - dev.to/javierm... - Наука та технологія