Skip to content

Instantly share code, notes, and snippets.

@gjreasoner

gjreasoner/readme.md

Created December 25, 2022 17:55
Show Gist options
  • Save gjreasoner/e56d14571b92d4c670d96bafb5822dd4 to your computer and use it in GitHub Desktop.
Save gjreasoner/e56d14571b92d4c670d96bafb5822dd4 to your computer and use it in GitHub Desktop.
Download ZIP
k3 tls
Raw
readme.md

Overview

Lots of options around the web, this is what worked best for me so far;

Based on results here: https://traefik.io/blog/https-on-kubernetes-using-traefik-proxy/

Steps

Do a manual dns certbot to create lets encrypt certs

docker run -v /tmp/cert:/etc/letsencrypt/archive -it certbot/certbot certonly --preferred-challenges dns --manual

mv /tmp/cert/[your-domain] .

Create the secret from the files generated by letsencrypt

kubectl create secret generic [your-domain]-secret --from-file=tls.crt=[your-domain]/fullchain1.pem --from-file=tls.key=[your-domain]/privkey1.pem

Replace the default traefik ssl cert with your letsencrypt one (default-cert.yaml)

apiVersion: traefik.containo.us/v1alpha1
kind: TLSStore
metadata:
  name: default
  namespace: default
spec:
  defaultCertificate:
    secretName: [your-domain]-secret

Apply the file

kubectl apply -f default-cert.yaml

Make sure you have a k8s deployment with TLS like

apiVersion: v1
items:
- apiVersion: networking.k8s.io/v1
  kind: Ingress
...
  spec:
    rules:
    - host: bitwarden.[your-domain]
      http:
        paths:
        - backend:
            service:
              name: bitwarden-bitwarden-k8s
              port:
                number: 80
          path: /
          pathType: Prefix
    tls:
    - hosts:
      - bitwarden.[your-domain]

Check connectivity

curl https://bitwarden.[your-domain]

# if something is incorrect, sometimes `curl` is a bit more helpful
# at helping determining what went wrong
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment