Add letsencrypt

ingress/README.md

@@ -1,5 +1,25 @@
+# K8s setup with Nignx Ingress
+
+```kubectl apply -f k8s/ingress```
+
+Edit hosts file on host machine
+
+Get ip of vm
+
+```ip -o a | grep ens```
+
+```sudo nano /etc/hosts```
+
+```<ip> ingress.local```
+
+http://ingress.local
+
+http://ingress.local/v2
+
+
+https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#server-side-https-enforcement-through-redirect
+
 https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/
 
 https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
 
-```kubectl apply -f k8s/ingress```

ingress/web-ingress.yaml

@@ -4,10 +4,11 @@ metadata:
   name: web-ingress
   annotations:
     nginx.ingress.kubernetes.io/rewrite-target: /$1
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/preserve-trailing-slash: "true"
 spec:
   rules:
-    - host: hello-world.info
+    - http:
-      http:
         paths:
           - path: /
             pathType: Prefix
@@ -23,4 +24,7 @@ spec:
               service:
                 name: web2
                 port:
-                  number: 8080
+                  number: 8080
+  tls:
+    - hosts:
+      -  ingress.local

letsencrypt/README.md

@@ -0,0 +1 @@
+https://stackoverflow.com/questions/67430592/how-to-setup-letsencrypt-with-kubernetes-microk8s-using-default-ingress

letsencrypt/ingress-routes.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-routes
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+spec:
+  tls:
+  - hosts:
+  #change to your domain
+    - k8s.technical.kiwi
+    secretName: tls-secret
+  rules:
+#change yourdomain.com to your domain
+  - host: k8s.technical.kiwi
+    http:
+      paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: webserver-svc
+              port: 
+                number: 80

letsencrypt/letsencrypt-prod.yaml

@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+#change to your email
+    email: admin@technical.kiwi
+    privateKeySecretRef:
+       name: letsencrypt-prod
+    solvers:
+    - http01:
+        ingress:
+          class: public

letsencrypt/letsencrypt-staging.yaml

@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+#change to your email
+    email: admin@technical.kiwi
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    solvers:
+    - http01:
+        ingress:
+          class: public

letsencrypt/webserver-depl-svc.yaml

@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: webserver-depl
+spec:
+  selector:
+    matchLabels:
+      app: webserver-app
+  template:
+    metadata:
+      labels:
+        app: webserver-app
+    spec:
+      containers:
+        - name: webserver-app
+          image: nginx:1.8
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: webserver-svc
+spec:
+  selector:
+    app: webserver-app
+  ports:
+  - name: webserver-app
+    protocol: TCP
+    port: 80
+    targetPort: 80