/kubernetes-letsencrypt-tutorial

WIP: Kubernetes Lets Encrypt Tutorial
  1. Go 100.0%
Go
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP
Find file
Switch branches/tags
Nothing to show
Latest commit 70c43b8 Jul 18, 2016 @kelseyhightower kelseyhightower add kube-cert-manager
Permalink
Failed to load latest commit information.
certs first commit Jul 17, 2016
deployments first commit Jul 17, 2016
dynamic-certs first commit Jul 17, 2016
extensions add kube-cert-manager Jul 18, 2016
kube-cert-manager add kube-cert-manager Jul 18, 2016
managed-certs add kube-cert-manager Jul 18, 2016
services first commit Jul 17, 2016
README.md first commit Jul 17, 2016

README.md

Letsencrypt Kubernetes

WORK IN PROGRESS -- THIS TUTORIAL IS BROKEN!

The tutorial walks you through the process of obtaining TLS certificates from Letsencrypt and consuming them from an application.

Generate the test certs

cd tls

cfssl gencert -initca ca-csr.json | cfssljson -bare ca

cfssl gencert \
  -ca=ca.pem \
  -ca-key=ca-key.pem \
  -config=ca-config.json \
  -profile=kubernetes \
  server-csr.json | cfssljson -bare server

cfssl gencert \
  -ca=ca.pem \
  -ca-key=ca-key.pem \
  -config=ca-config.json \
  -profile=kubernetes \
  server-updated-csr.json | cfssljson -bare server-updated

Create the Kubernetes Secret

kubectl create secret tls tls-certs \
  --cert certs/server.pem \
  --key certs/server-key.pem

Deploy the Application

kubectl create -f deployments/dynamic-certs.yaml

kubectl create -f services/dynamic-certs.yaml

Test the Update process

kubectl delete secret tls-certs

kubectl create secret tls tls-certs \
  --cert certs/server-updated.pem \
  --key certs/server-updated-key.pem