Cert Manager on Kubernetes¶
Cert manager is software to manage certificates and SSL on a Kubernetes or Podinate cluster. It issues certificates using the ACME protocol for completely automated certificate management and issuance, so there's no need to manually rotate certificates once per year like you may be used to.
Cert-manager is installed by default when you set up a Podinate cluster.
Single-domain Certificates¶
To create an HTTPS website on Podinate, you'll need to set up Port Forwarding to forward Podinate's load balancer ports to the Podinate cluster. You can then create an HTTPS website using the following PCL:
pod "https-test" {
image = "nginx"
service "web-secure" {
port = 80 #The port on the Pod
protocol = "https"
domain_name = "testsecure.example.com"
}
}
pod "http-test" {
image = "nginx"
service "web-insecure" {
port = 80 #The port on the Pod
protocol = "http"
domain_name = "testsecure.example.com"
}
}
Wildcard Certificates¶
If the above example of issuing a single-domain certificate is used, you may notice a lot of traffic coming to your new test website. This is because the certificate is published to Certificate Transparency Logs, which is scanned by many automated crawlers (not all of them bad). If you're planning to run many things on the Podinate cluster, it may be worthwhile to set up a Wildcard certificate for *.example.com
instead of issuing them one by one.