iT邦幫忙

2019 iT 邦幫忙鐵人賽

DAY 3
0
Kubernetes

kubernetes學習日誌系列 第 3

kube-lego 自動更新 Let's Encrypt的憑證

https://github.com/jetstack/kube-lego

這個功能很實用,
現在網站,
只要沒https,
chrome直接就給你跳不安全,
而憑證要錢啊!

但免費憑證是有的
Let's Encrypt
但每次最多只給3個月,
還得手動更新。

而kube-lego則可以協助我們自動更新。


教學

Features
Recognizes the need of a new certificate for this cases:
No certificate existing
Existing certificate is not containing all domain names
Existing certificate is expired or near to its expiry date (cf. option LEGO_MINIMUM_VALIDITY)
Existing certificate is unparseable, invalid or not matching the secret key
Creates a user account (incl. private key) for Let's Encrypt and stores it in Kubernetes secrets (secret name is configurable via LEGO_SECRET_NAME)
Obtains the missing certificates from Let's Encrypt and authorizes the request with the HTTP-01 challenge
Makes sure that the specific Kubernetes objects (Services, Ingress) contain the rights configuration for the HTTP-01 challenge to succeed
Official Kubernetes Helm chart for simplistic deployment.


上一篇
k8s學習規畫
下一篇
Helm 跟 關於學習二三事
系列文
kubernetes學習日誌14

尚未有邦友留言

立即登入留言