Configure a Custom Certificate with Let’s Encrypt

Let’s Encrypt is one of the Certificate Authorities (CA) supported by cert-manager. To set up a Let’s Encrypt certificate, create an Issuer or ClusterIssuer in the target cluster and then reference it in the issuerRef field of the KommanderCluster resource.

  1. Create the Let’s Encrypt ACME cert-manager issuer:

    cat <<EOF | kubectl apply -f -
    apiVersion: cert-manager.io/v1
    kind: ClusterIssuer
    metadata:
      name: custom-acme-issuer
    spec:
      acme:
        email: <your_email>
        server: https://acme-v02.api.letsencrypt.org/directory
        privateKeySecretRef:
          name: kommander-acme-issuer-account
        solvers:
          - dns01:
              route53:
                region: us-east-1
                role: arn:aws:iam::YYYYYYYYYYYY:role/dns-manager
    EOF
    CODE

  2. Configure the Management cluster to use your custom-domain.example.com with a certificate issued by Let’s Encrypt by referencing the created ClusterIssuer:

    cat <<EOF | kubectl -n kommander --kubeconfig <management_cluster_kubeconfig> patch \ kommandercluster host-cluster  --type='merge' --patch-file=/dev/stdin
    spec:
      ingress:
        hostname: custom-domain.example.com
        issuerRef:
          name: custom-acme-issuer
          kind: ClusterIssuer
    EOF
    CODE

Related Topics

Why Should you set up a Custom Domain or Certificate?

Configure Custom Domains or Custom Certificates

Verify and Troubleshoot Configuration Status