Hydrolix deployment can leverage k8s cert-manager to deploy and manage certificates on your cluster.
Already Have a Certificate?
If you have a certificate in PEM format, you can load the certificate using the following command:
kubectl create secret tls traefik-tls --key=certificates.key --cert=fullchain.pem
To begin, install
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml
There are several ways to get a certificate from
- If your Hydrolix cluster allows public IP access, you can follow our guide using Let's Encrypt and HTTP Challenge.
- If your Hydrolix cluster doesn't allow public IP access, your setup instructions depend on your DNS zone manager:
Complete the guide linked above that best matches your hosting setup, then return to this guide to validate your results.
Restart Traefik to Finalize Changes
Changes to the
traefikservice don't go into effect until you restart the service. Common
- enabling TLS
- enabling basic authorization
- modifying secrets
Run the following command to restart
kubectl rollout restart deployment traefik
Once applied, you can check the certificate status with the following command:
kubectl describe certificate $YOURNAMESPACE
If the certificate successfully validates, you can should see the following:
Normal Issuing 12s cert-manager-certificates-issuing The certificate has been successfully issued
Once the certificate is deployed, enable HTTPS by changing the
hydrolix_url field in your cluster configuration from "http" to "https":
After changing the protocol,
traefik should restart and use the newly deployed Let's Encrypt certificate.
Updated about 1 month ago