Skip to content
This repository has been archived by the owner on Mar 20, 2023. It is now read-only.

Enabling SSL/TLS on the cluster related issues #83

Closed
petertuton opened this issue Feb 5, 2020 · 2 comments
Closed

Enabling SSL/TLS on the cluster related issues #83

petertuton opened this issue Feb 5, 2020 · 2 comments
Assignees
@eiximenis

Comments

@petertuton
Copy link 

kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.5", GitCommit:"20c265fef0741dd71a66480e35bd69f18351daea", GitTreeState:"clean", BuildDate:"2019-10-15T19:16:51Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2020-01-27T21:11:27Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"linux/amd64"}

helm version
version.BuildInfo{Version:"v3.0.3", GitCommit:"ac925eb7279f4a6955df663a0128044a8a6b7593", GitTreeState:"clean", GoVersion:"go1.13.7"}

Add-Cert-Manager.ps1
I recommend replacing using Deploy/powershell/Add-Cert-Manager.ps with instructions to simply follow the documentation at https://cert-manager.io/docs/ otherwise there are a number of challenges to overcome, with version differences, for example.

As is, running Add-Cert-Manager.ps1 results in an error: Error: unknown flag: --name because it's assuming Helm v2 (where the current prerequisites calls for Helm v3). Simply updating the command to use the v3 version will lead you to a bunch more issues, hence my recommendation...

Enable-Ssl.ps1
Similarly, helm install command requires an update for Helm v3:
Lines 78-79:

    Write-Host "helm install $name-ssl tls-support -f $(Join-Path tls-support values-staging.yaml) --set domain=$domain" -ForegroundColor Yellow
    helm install $name-ssl-staging tls-support -f $(Join-Path tls-support values-staging.yaml) --set domain=$domain

Lines 83-84:

    Write-Host "helm install $name-ssl tls-support -f $(Join-Path tls-support values-prod.yaml) --set domain=$domain" -ForegroundColor Yellow
    helm install name-ssl-prod tls-support -f $(Join-Path tls-support values-prod.yaml) --set domain=$domain

Then, the helm charts requires updating, according to the cert-manager spec...

certificate.yaml:

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: {{ .Values.certName }}
  namespace: default
spec:
  secretName: {{ .Values.certSecretName }}
  issuerRef:
    name: {{ .Values.issuerName }}
  commonName: {{ .Values.domain }}
  dnsNames:
  - {{ .Values.domain }}

issuer.yaml:

apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: {{ .Values.issuerName }}
  namespace: default
spec:
  acme:
    server: {{ .Values.server }}
    email: not@used.com
    privateKeySecretRef:
      name: {{ .Values.issuerSecretName }}
    solvers:
    - http01:
        ingress:
          class: {{ .Values.ingressClass }}

I validated the above using staging
This was referenced Mar 27, 2020
Closed
Merged
@dsrodenas
Copy link
Contributor

Thank you for the suggestions. I have submitted the PR #88 which I hope will solve all the issues with the SSL/TLS scripts.

@olgamarti
Copy link
Contributor

If you have any questions, please reopen the issue. Thanks!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@eiximenis eiximenis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@eiximenis @petertuton @olgamarti @dsrodenas