Kubernetes LetsEncrypt

Kubernetes + LetsEncrypt {#f19f .graf .graf--h3 .graf--leading .graf--title name="f19f"} Recently when migrating a client from AWS to Google Cloud we ran into an issue. While Kubernetes Kops on AWS allows you to use the AWS Certificate Manager to generate and handle SSL certificates, Google Cloud doesn't have the equivalent. We had to either use certificates we obtain or use LetsEncrypt. We think LetsEncrypt rocks so we decided to go with it. To allow for this we needed to do the following:

[Obtain a Certificate and store it]{#5531}
[Renew certificates]{#ff29}
[Generate a Kubernetes secret so that we can use it with our
apps.]{#c37e}

So we created several scripts that allow for this to happen. opszero/kube-letsencrypt
kube-letsencrypt - Use Let's Encrypt to generate a SSL Cert to be used in Kubernetesgithub.com{.markup--anchor .markup--mixtapeEmbed-anchor}{.js-mixtapeImage .mixtapeImage .u-ignoreBlock} Obtain a Certificate {#6bb6 .graf .graf--h4 .graf-after--mixtapeEmbed name="6bb6"}

make obtain-cert DOMAIN=app.opszero.com

Generate a Kubernetes Secret {#aa76 .graf .graf--h4 .graf-after--pre name="aa76"}

make generate-cert DOMAIN=app.opszero.com
make kube-secret

Renew a Certificate {#8852 .graf .graf--h4 .graf-after--pre name="8852"}

make renew-cert DOMAIN=app.opszero.com

Use the Certificate in Your Pod {#fe64 .graf .graf--h4 .graf-after--pre name="fe64"}

kubectl describe secret letsencrypt-app-opszero-com

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Kubernetes LetsEncrypt

Clone this wiki locally