starlingx/docs
Code Issues Proposed changes
docs/doc/source/usertasks/letsencrypt-example.rst
Stone f63f0912c6 User Tasks guide 
Fixed typo in LetsEncrypt example

Removed duplicate Datanet entry from main index.rst

Reworked Use Kubernetes CPU Manager Static Policy prerequisite block.

Restored fault/index version of FM toctree in top-level index.

Added merged doc entries to top level index.rst.

Incorporated review comments. Also some generic formatting clean-up such as
converting abbreviations to rST-style :abbr: markup.

Moved url with embedded substitution out of code-block.

Addressed patch 2 review comments. Some addtional rST tidying. See comment replies
for open questions/issues.

This patch fixes an issue with 'stx' in filenames that may differ downstream using-an-image-from-the-local-docker-registry-in-a-container-spec
new substitution and changing code-blocks to parsed-literals as required.

Initial submission for review. Note that a couple of references to WR persist
in examples. These will be marked up with comments in the review.

Signed-off-by: Stone <ronald.stone@windriver.com>
Change-Id: I1efef569842caff5def9dc00395b594d91d7a5d0
Signed-off-by: Stone <ronald.stone@windriver.com>
2020-12-02 10:34:53 -05:00

3.2 KiB
Raw Blame History

LetsEncrypt Example

The LetsEncrypt example illustrates cert-manager usage.

This example requires that:

  • the LetsEncrypt CA in the public internet can send an http01 challenge to the FQDN of your 's floating OAM IP Address.
  • your has access to the kuard demo application at gcr.io/kuar-demo/kuard-amd64:blue

  1. Create a LetsEncrypt Issuer in the default namespace by applying the following manifest file.

    apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: dave.user@hotmail.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class: nginx

  2. Create a deployment of the kuard demo application (https://github.com/kubernetes-up-and-running/kuard) with an ingress using cert-manager by applying the following manifest file:

    Substitute values in the example as required for your environment.

    apiVersion: apps/v1 kind: Deployment metadata: name: kuard spec: replicas: 1 selector: matchLabels: app: kuard template: metadata: labels: app: kuard spec: containers: - name: kuard image: gcr.io/kuar-demo/kuard-amd64:blue imagePullPolicy: Always ports: - containerPort: 8080 protocol: TCP ---apiVersion: v1 kind: Service metadata: name: kuard labels: app: kuard spec: ports: - port: 80 targetPort: 8080 protocol: TCP selector: app: kuard ---apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: nginx cert-manager.io/issuer: "letsencrypt-prod" name: kuard spec: tls: - hosts: - kuard.my-fqdn-for-.company.com secretName: kuard-ingress-tls rules: - host: kuard.my-fqdn-for-.company.com http: paths: - backend: serviceName: kuard servicePort: 80 path: /

  3. Access the kuard demo from your browser to inspect and verify that the certificate is signed by LetsEncrypt CA. For this example, the URL would be https://kuard.my-fqdn-for-|prefix|.company.com.