K
Q

How to create tls certs which I can use in kubernetes?

8/30/2020

I'm facing a trouble that I need certs for my Keycloak inside k8s cluster to use nginx ingress. Which is the easiest way to add them? I started like this:

kubectl create secret tls tls-keycloak-ingress --cert=localtest.me.crt --key=localtest.me.pem

And then include them via secret in Chart yaml:

 ingress:
    enabled: true
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/use-regex: "true"
    path: /auth/?(.*)
    hosts:
      - keycloak.localtest.me
    tls:
      - hosts:
          - keycloak.localtest.me
        secretName: tls-keycloak-ingress

But should I create them on host machine? Or with kubectl somehow?

-- xeLL
keycloak
kubernetes
nginx
ssl-certificate

Similar Questions

kubernetes: specifying maxUnavailable in both Deployment and PDB
image.tag (in values.yaml) vs. appVersion (in Chart.yaml)
1 minute Service timeout for AMLS models deployed on ACI or AKS
Containerising application - design pattern
Kubernetes ALB ingress: How to expose multiple ports on ingress resource

1 Answer

8/30/2020

Typically solved by adding a cert-manager into the cluster. It then tracks all ingress objects tls sections and issues using the provided LE account:

https://cert-manager.io/docs/tutorials/acme/ingress/

It's not only issues and stores cert to an appropriate secret, but also renews automatically.

NOTE: if you are using helm3 skip tiller step.

-- Max Lobur
Source: StackOverflow