My domain is: ci.possumlab.com
I ran these command, it is part of a script that does a full setup and teardown of a kubernetes setup.
Full files (obfuscated some azure Id’s) at https://github.com/BasHamer/LetsEncryptAzure easy link for test results https://letsdebug.net/ci.possumlab.com/42755
Write-Host “////// nginx-ingress”
helm install stable/nginx-ingress --namespace kube-system
–set controller.service.loadBalancerIP="$($staticIp)" --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux
–set defaultBackend.nodeSelector.“beta.kubernetes.io/os”=linux --set controller.replicaCount=1
–timeout 600 `
–wait
Write-Host “////// cluster-issuer”
kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.8/deploy/manifests/00-crds.yaml
kubectl create namespace cert-manager
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install --name cert-manager
–namespace cert-manager --version v0.8.0
jetstack/cert-manager
kubectl apply -f cluster-issuer.yaml
Write-Host “////// routes”
kubectl apply -f “route.yaml”
Write-Host “////// certificates”
kubectl apply -f “certificates.yaml”
-------------------------------cluster-issuer.yaml-------------------------------
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
name: letsencrypt-prod
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: bas@possumlabs.com
privateKeySecretRef:
name: letsencrypt-prod
http01: {}
-------------------------------route.yaml-------------------------------
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ci-ingress
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
-
ci.possumlab.com
secretName: tls-secret
rules:
-
ci.possumlab.com
- host: ci.possumlab.com
http:
paths:- path: /
backend:
serviceName: possum-lab-ci
servicePort: 4446
-------------------------------certificates.yaml-------------------------------
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: tls-secret
namespace: cert-manager
spec:
secretName: tls-secret-prod
dnsNames:
- path: /
-
ci.possumlab.com
acme:
config:- http01:
ingressClass: nginx
domains:-
ci.possumlab.com
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
-
ci.possumlab.com
- http01:
The operating system my web server runs on is (include version): kubernetes
My hosting provider, if applicable, is: Azure / kubernetes
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):