Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Cert Manager (Cloudflare) & Rancher

Cert-Manager

helm repo add jetstack https://charts.jetstack.io && helm repo update

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.17.0 \
  --set crds.enabled=true \
  --set prometheus.enabled=false \
  --set webhook.timeoutSeconds=4

Cluster Issuer

kubectl create secret generic cloudflare-api-key-secret --from-literal=api-key="<CF_API_TOKEN>" -n cert-manager

cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
    name: letsencrypt-dns01-issuer
spec:
    acme:
        server: https://acme-v02.api.letsencrypt.org/directory
        email: [email protected]
        privateKeySecretRef:
            name: letsencrypt-dns01-private-key
        solvers:
        - dns01:
                cloudflare:
                    email: [email protected]
                    apiTokenSecretRef:
                        name: cloudflare-api-key-secret
                        key: api-key
EOF

kubectl get clusterissuer
kubectl describe clusterissuer letsencrypt-dns01-issuer

Rancher

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
helm repo update

helm install rancher rancher-latest/rancher \
  --namespace cattle-system \
  --create-namespace \
  --set hostname="rancher-dev.msenturk.net" \
  --set bootstrapPassword="administrator.123" \
  --set replicas=3

kubectl -n cattle-system rollout status deploy/rancher

Rancher Ingress

kubectl delete ing -n cattle-system rancher

cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: rancher-tls-certificate
  namespace: cert-manager
spec:
  secretName: rancher-tls-certificate
  issuerRef:
    name: letsencrypt-dns01-issuer
    kind: ClusterIssuer
  commonName: "rancher-dev.msenturk.net"
  dnsNames:
  - "rancher-dev.msenturk.net"
EOF

cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: rancher-tls-certificate
  namespace: cattle-system
  annotations:
    cert-manager.io/acme-challenge-type: dns01
    cert-manager.io/acme-dns01-provider: cloudflare
    cert-manager.io/cluster-issuer: letsencrypt-dns01-issuer
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
spec:
  ingressClassName: nginx
  rules:
  - host: "rancher-dev.msenturk.net"
    http:
      paths:
      - pathType: ImplementationSpecific
        backend:
          service:
            name: rancher
            port: 
              number: 80
  tls:
  - hosts:
    - "rancher-dev.msenturk.net"
    secretName: rancher-tls-certificate
EOF