Add a Custom Certificate
Hydrolix deployment can leverage k8s cert-manager to deploy and manage certificates on your cluster.
Already Have a Certificate?
If you have a certificate in PEM format, you can load the certificate using the following command:
kubectl create secret tls traefik-tls --key=certificates.key --cert=fullchain.pem
Install cert-manager
cert-manager
To begin, install cert-manager
using kubectl
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml
Set Up the Certificate
There are several ways to get a certificate from cert-manager
:
- If your Hydrolix cluster allows public IP access, you can follow our guide using Let's Encrypt and HTTP Challenge.
- If your Hydrolix cluster doesn't allow public IP access, your setup instructions depend on your DNS zone manager:
Complete the guide linked above that best matches your hosting setup, then return to this guide to validate your results.
Restart Traefik to Finalize Changes
Changes to the
traefik
service don't go into effect until you restart the service. Commontraefik
changes include:
- enabling TLS
- enabling basic authorization
- modifying secrets
Run the following command to restart
traefik
:kubectl rollout restart deployment traefik
Check the Certificate Request Status
Once applied, you can check the certificate status with the following command:
kubectl describe certificate $YOURNAMESPACE
If the certificate successfully validates, you can should see the following:
Normal Issuing 12s cert-manager-certificates-issuing The certificate has been successfully issued
Enable TLS on traefik
traefik
Once the certificate is deployed, enable HTTPS by changing the hydrolix_url
field in your cluster configuration from "http" to "https":
hydrolix_url: <https://$YOURHOSTNAME>
After changing the protocol, traefik
should restart and use the newly deployed Let's Encrypt certificate.
Updated about 2 months ago