In this step, we'll create an Issuer leveraging Let's Encrypt production certificate authority. The Issuer contains the following information:
- name - name of the issuer used to generate new certificate requests
- ACME server - server used to generate the ACME challenge
- email - email used for the certificate information
- solvers - used to validate ownership of the domain
The following example generate a certificate using Let's Encrypt. It validate the domain ownership using DNS and manages the creation of the proof via CloudDNS:
apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: letsencrypt-production-gclouddns namespace: $YOURNAMESPACE - TO BE REPLACE spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: $YOUREMAILMANAGINGCERTIFICATE - TO BE REPLACE privateKeySecretRef: name: letsencrypt-production-gclouddns solvers: - dns01: cloudDNS: project: $PROJECT_ID - TO BE REPLACE
Store the configuration in the file
issuer-prod-lets-enc-gcloud.yaml. Use the following command to deploy it to your cluster:
kubectl apply -f issuer-prod-lets-enc-gcloud.yaml
After deploying your certificate issuer you can now create a new certificate request including your domain.
An important requirement for Hydrolix is to store the certificate into the
That's the default location used by Hydrolix to load the certificate.
Here's a configuration example:
apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: $YOURNAMESPACE - TO BE REPLACE namespace: $YOURNAMESPACE - TO BE REPLACE spec: secretName: traefik-tls issuerRef: name: letsencrypt-production-gclouddns commonName: $YOURDOMAIN - TO BE REPLACE dnsNames: - $YOURDOMAIN - TO BE REPLACE
After generating this certificate request you can store it in the yaml file
cert-req.yaml and deploy it in your cluster:
kubectl apply -f cert-req.yaml
Return to the Add a Custom Certificate guide to validate your results.
Updated about 1 month ago