Add a Custom Certificate

Hydrolix deployment can leverage k8s cert-manager to deploy and manage certificates on your cluster.


Already Have a Certificate?

If you have a certificate in PEM format, you can load the certificate using the following command:

kubectl create secret tls traefik-tls --key=certificates.key --cert=fullchain.pem

Install cert-manager

To begin, install cert-manager using kubectl

kubectl apply -f

Set Up the Certificate

There are several ways to get a certificate from cert-manager:

Complete the guide linked above that best matches your hosting setup, then return to this guide to validate your results.


Restart Traefik to Finalize Changes

Changes to the traefik service don't go into effect until you restart the service. Common traefik changes include:

  • enabling TLS
  • enabling basic authorization
  • modifying secrets

Run the following command to restart traefik:

kubectl rollout restart deployment traefik

Check the Certificate Request Status

Once applied, you can check the certificate status with the following command:

kubectl describe certificate $YOURNAMESPACE

If the certificate successfully validates, you can should see the following:

Normal  Issuing    12s   cert-manager-certificates-issuing          The certificate has been successfully issued

Enable TLS on traefik

Once the certificate is deployed, enable HTTPS by changing the hydrolix_url field in your cluster configuration from "http" to "https":

hydrolix_url: <https://$YOURHOSTNAME>

After changing the protocol, traefik should restart and use the newly deployed Let's Encrypt certificate.