K
Q

Let's encrypt, Kubernetes and Traefik on GKE

12/28/2018

I am trying to setup Traefik on Kubernetes with Let's Encrypt enabled. I managed yesterday to retrieve the first SSL certificated from Let's Encrypt but am a little bit stuck on how to store the SSL certificates.

I am able to create a Volume to store the Traefik certificates but that would mean that I am limited to a single replica (when having multiple replicas am I unable to retrieve a certificate since the validation goes wrong most of the times due to that the volume is not shared).

I read that Traefik is able to use something like Consul but I am wondering if I have to setup/run a complete Consul cluster to just store the fetched certificates etc.?

-- Jeroen Rinzema
kubernetes
lets-encrypt
ssl
traefik

Similar Questions

kubernetes not creating the ELB for ingress-nginx controller
Kubernetes cluster autoscaling using Kubeadm
Kubernetes metrics-server: Error from server (ServiceUnavailable): the server is currently unable to handle the request
How to solve a logging problem on GKE responsed "403 unauthorized"
Generating Java heap dump in Kubernetes container
How to get client ip in Kubernetes hosted application?

2 Answers

5/21/2019

You can set up the ingress with controller and apply for the SSL certificate of let's encrypt.

You can use cluster issuer to manage the SSL certificates and store that tls certificate on ingress.you can also use different ingress controllers like nginx also can use service mess istio.

For more details you can check : https://docs.traefik.io/user-guide/kubernetes/

-- Harsh Manvar
Source: StackOverflow
5/21/2019

You can store the certificate in a kubernetes secret and you reference to this secret in your ingress.

spec:
  tls:
  - secretName: testsecret

The secret has to be in same namespace the ingress is running in. See also https://docs.traefik.io/user-guide/kubernetes/#add-a-tls-certificate-to-the-ingress

-- chriscross
Source: StackOverflow