Google CloudDNS Certificates
In this step, we'll create an Issuer leveraging Let's Encrypt production certificate authority. The Issuer contains the following information:
- name - name of the issuer used to generate new certificate requests
- ACME server - server used to generate the ACME challenge
- email - email used for the certificate information
- solvers - used to validate ownership of the domain
The following example generate a certificate using Let's Encrypt. It validate the domain ownership using DNS and manages the creation of the proof via CloudDNS:
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-production-gclouddns
namespace: $YOURNAMESPACE - TO BE REPLACE
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: $YOUREMAILMANAGINGCERTIFICATE - TO BE REPLACE
privateKeySecretRef:
name: letsencrypt-production-gclouddns
solvers:
- dns01:
cloudDNS:
project: $PROJECT_ID - TO BE REPLACE
Store the configuration in the file issuer-prod-lets-enc-gcloud.yaml
. Use the following command to deploy it to your cluster:
kubectl apply -f issuer-prod-lets-enc-gcloud.yaml
Create a certificate request configuration
After deploying your certificate issuer you can now create a new certificate request including your domain.
An important requirement for Hydrolix is to store the certificate into the secretName: traefik-tls
.
That's the default location used by Hydrolix to load the certificate.
Here's a configuration example:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: $YOURNAMESPACE - TO BE REPLACE
namespace: $YOURNAMESPACE - TO BE REPLACE
spec:
secretName: traefik-tls
issuerRef:
name: letsencrypt-production-gclouddns
commonName: $YOURDOMAIN - TO BE REPLACE
dnsNames:
- $YOURDOMAIN - TO BE REPLACE
After generating this certificate request you can store it in the yaml file cert-req.yaml
and deploy it in your cluster:
kubectl apply -f cert-req.yaml
Return to the Add a Custom Certificate guide to validate your results.
Updated about 2 months ago