## Traefik via Helm helm repo add traefik https://helm.traefik.io/traefik helm install traefik traefik/traefik --namespace traefik --create-namespace --values traefik-values.yaml ## Cert-Manager Cert Manager will be used as it will store certs in a secret, therefore accessible for every pod. In contrast to this, Traefik stores certs on disk, so a volume would be needed in RWX mode (too much effort). ### Issuer - CA An issuer is a CA. This can be done with 2 different kinds. #### Issuer can be used in the namespace they are created in. #### Cluster Issuer can be used throughout the whole cluster, not limited to a specific namespace. i.e. general issuer for all namespaces in cluster. ## Test Deployment k create ns test kubectl create deploy nginx --image=nginx -n test k create svc -n test clusterip nginx --tcp=80 k scale --replicas=3 deployment/nginx -n test ## Install Traefik & Cert-Manager helm install traefik traefik/traefik --namespace traefik --create-namespace --values traefik-values.yaml traefik-dashboard.k8s.schnrbs.work helm repo add jetstack https://charts.jetstack.io --force-update helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --values cert-manager-values.yaml k apply cert-manager-issuer-secret.yaml k get secret -n cert-manager k apply -f cert-manager-cluster-issuer.yaml ## Switch Test Deployment to https k apply -f test/nginx-certificate.yaml k apply -f test/nginx-ingress.yaml ## Troubleshooting steps k get po -n test -o wide k create svc -n test clusterip nginx k create svc -n test clusterip nginx --tcp=80 k get svc -n test dig k.internal.schnrbs.work dig k8s.internal.schnrbs.work dig n.k8s.internal.schnrbs.work k apply -f traefik_lempa/nginx-ingress.yaml k delete ingress nginx-ingress k apply -f traefik_lempa/nginx-ingress.yaml k get svc -n test k get ingress k get ingress -n test k get svc ingressRoute k get svc ingressRoutes k get svc ingressroutes.traefik.io k get ingressroutes.traefik.io --all-namespaces helm upgrade traefik traefik/traefik --namespace traefik --create-namespace --values traefik_lempa/traefik-values.yaml cert-manager-values.yaml echo -n 'P96My4uiHudZtiC2ymjSGQ0174CoRBnI9ztmA0Wh' | base64 k get po alias k=kubectl k get po k apply -f traefik_lempa/cert-manager-issuer-secret.yaml k get secret k get secrets k get clusterissuers.cert-manager.io