Lets Encrypt for cluster applications how?


I deployed the application in the cluster and want to enable the ssl certificate Lets encrypt for it. What tools and procedures do you have in Rancher for this? Thank you!

Hi @111

There are a few different ways to configure SSL certificate to your applications, you can try the following one to have your urls certified.

First, configure Cert Manager in your environment, you can configure it following the procedure specified in their webpage: https://cert-manager.io/docs/installation/kubernetes/

Second, configure a ClusterIssuer as the example below:

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: <your-email@mail.com>
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    #For Staging https://acme-staging-v02.api.letsencrypt.org/directory
    #For Production: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: account-private-key
    solvers:
      - selector: {}
        http01:
          ingress:
            class: nginx

And finally configure you Ingress to use the cluster-issuer as the following example:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: node
  annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true"
spec:
  tls:
- hosts:
    - webpage.example.com
  secretName: ingress-cert
  rules:
- host: webpage.example.com
  http:
    paths:
      - path: /
        backend:
          serviceName: node
          servicePort: 80

I hope it helps you somehow :grin:

ClusterIssuer is which section in the rancher? I can’t find out which section I can create this entry in.