ocelot-Social-Community/Ocelot-Social
1
0
Fork 0
mirror of https://github.com/Ocelot-Social-Community/Ocelot-Social.git synced 2025-12-13 07:46:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refine HTTPS README.md for cert-manager

Browse Source
This commit is contained in:
Wolfgang Huß 2020-12-16 08:16:10 +01:00
parent 4f8f2da586
commit 28c3d185c3
1 changed files with 52 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
deployment/digital-ocean/https/README.md
View File

@ -3,9 +3,11 @@
{% tabs %} {% tabs %}
{% tab title="Helm 3" %} {% tab title="Helm 3" %}
## Via Helm 3
Follow [this quick start guide](https://cert-manager.io/docs/) and install certmanager via Helm 3: Follow [this quick start guide](https://cert-manager.io/docs/) and install certmanager via Helm 3:
## Via Kubernetes Directly ## Or Via Kubernetes Directly
```bash ```bash
$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml $ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml
@ -96,7 +98,26 @@ Now let's get a valid HTTPS certificate. According to the tutorial above, check
```bash ```bash
$ kubectl -n ocelot-social describe certificate tls $ kubectl -n ocelot-social describe certificate tls
<
...
Spec:
...
Issuer Ref:
Group: cert-manager.io
Kind: ClusterIssuer
Name: letsencrypt-staging
...
Events:
<no errors>
>
$ kubectl -n ocelot-social describe secret tls $ kubectl -n ocelot-social describe secret tls
<
...
Annotations: ...
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-staging
...
>
``` ```
If everything looks good, update the cluster-issuer of your ingress. Change the annotation `cert-manager.io/cluster-issuer` from `letsencrypt-staging` (for testing by getting a dummy certificate no blocking by letsencrypt, because of to many request cycles) to `letsencrypt-prod` (for production with a real certificate possible blocking by letsencrypt for several days, because of to many request cycles) in your ingress configuration in `ingress.yaml`. If everything looks good, update the cluster-issuer of your ingress. Change the annotation `cert-manager.io/cluster-issuer` from `letsencrypt-staging` (for testing by getting a dummy certificate no blocking by letsencrypt, because of to many request cycles) to `letsencrypt-prod` (for production with a real certificate possible blocking by letsencrypt for several days, because of to many request cycles) in your ingress configuration in `ingress.yaml`.
@ -106,10 +127,38 @@ If everything looks good, update the cluster-issuer of your ingress. Change the
$ kubectl apply -f ingress.yaml $ kubectl apply -f ingress.yaml
``` ```
Delete the former secret to force a refresh: Take a minute and have a look if the certificate is now newly generated by `letsencrypt-prod`, the cluster-issuer for production:
```bash
$ kubectl -n ocelot-social describe certificate tls
<
...
Spec:
...
Issuer Ref:
Group: cert-manager.io
Kind: ClusterIssuer
Name: letsencrypt-prod
...
Events:
<no errors>
>
$ kubectl -n ocelot-social describe secret tls
<
...
Annotations: ...
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-prod
...
>
```
In case the certificate is not newly created delete the former secret to force a refresh:
```bash ```bash
$ kubectl -n ocelot-social delete secret tls $ kubectl -n ocelot-social delete secret tls
``` ```
Now, HTTPS should be configured on your domain. Congrats. Now, HTTPS should be configured on your domain. Congrats!
For troubleshooting have a look at the cert-manager's [Troubleshooting](https://cert-manager.io/docs/faq/troubleshooting/) or [Troubleshooting Issuing ACME Certificates](https://cert-manager.io/docs/faq/acme/).