I have read Helm chart to use secrets from cert-manager, but the answer eludes me...

Does

... write the YAML for the Certificate in the same chart, typically in its own file.

just mean that I create a file inside my helm chart templates folder with the name "Certificate.yaml" with the yaml and helm autodiscovers it?

values.yaml:

replicaCount: 1
image: repository: nginx pullPolicy: IfNotPresent tag: ""
imagePullSecrets: []
nameOverride: "sample-app"
fullnameOverride: "sampleapp-chart"
serviceAccount: create: true annotations: {} name: "sampleappacc"
podAnnotations: {}
podSecurityContext: {}
securityContext: {}
service: type: NodePort port: 80
ingress: enabled: true className: "traefik-internal" annotations: traefik-internal "true" default-redirect-https@kubernetescrd hosts: - host: sample.k8s.tld paths: - path: / pathType: ImplementationSpecific tls: - secretName: sample-tls hosts: - sample.k8s.tld
resources: {}
autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}

Certificate.yaml

apiVersion:
kind: Certificate
metadata: name: {{ (index .Values.ingress.tls 0).secretName }} namespace: default
spec: # Secret names are always required. secretName: {{ (index .Values.ingress.tls 0).secretName }} duration: 2160h # 90d renewBefore: 360h # 15d subject: organizations: - myorg commonName: {{ (index .Values.ingress.hosts 0).host }} isCA: false privateKey: algorithm: RSA encoding: PKCS1 size: 4096 usages: - server auth - client auth # At least one of a DNS Name, URI, or IP address is required. dnsNames: - {{ (index .Values.ingress.hosts 0).host }} issuerRef: name: letsencrypt-prod kind: ClusterIssuer group: cert-manager.io

How do I tell helm to read this file?

Running kubectl get certificate results in No resources found in default namespace.
Running kubectl get certificate -A shows some certificates, but not the one I am expecting. Running kubectl get secret shows me only a secret named sh.helm.release.v1.sampleapp-chart.v1 not sample-tls

Update

I found a warning entitled "BadConfig" from cert-manager-ingress-shim with an issue regarding the Issuer. Since I do have the issuer defined in the Certificate.yaml I assume that cert-manager is trying to guess the details from the bare configuration?

1 Answer

adding the annotation

 letsencrypt-prod

and removing the Certificate.yaml worked.

See the cert-manager documentation regarding ingress for more information on why it works.

values.yaml:

replicaCount: 1
image: repository: nginx pullPolicy: IfNotPresent tag: ""
imagePullSecrets: []
nameOverride: "sample-app"
fullnameOverride: "sampleapp-chart"
serviceAccount: create: true annotations: {} name: "sampleappacc"
podAnnotations: {}
podSecurityContext: {}
securityContext: {}
service: type: NodePort port: 80
ingress: enabled: true className: "traefik" annotations: traefik "true" letsencrypt-prodhttps@kubernetescrd hosts: - host: sample.k8s.tld paths: - path: / pathType: Prefix tls: - secretName: sample-tls hosts: - sample.k8s.tld
resources: {}
autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}

Pop Feed Daily

Getting Helm chart trigger cert-manager

values.yaml:

Certificate.yaml

Update

1 Answer

values.yaml:

Your Answer

Sign up or log in

Post as a guest

You Might Also Like

How can I effectively play a monk solo?

Do any of the Dead Rising 2 books help combo weapons?

Will ranked and unranked Greater Rift Keystones convert to new Greater Rift Keystones in v2.3?

Do I have to become a vampire to get the quest kindred judgement?