Gestion de certificats SSL avec cert-manager et Nginx dans Kubernetes

modifié le : 13 septembre 2022,
par Guillaume Chéramy
 

[fusion_builder_container type="flex" hundred_percent="no" hundred_percent_height="no" min_height="" hundred_percent_height_scroll="no" align_content="stretch" flex_align_items="flex-start" flex_justify_content="flex-start" flex_column_spacing="" hundred_percent_height_center_content="yes" equal_height_columns="no" container_tag="div" menu_anchor="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" status="published" publish_date="" class="" id="" link_color="" link_hover_color="" border_sizes="" border_sizes_top="" border_sizes_right="" border_sizes_bottom="" border_sizes_left="" border_color="" border_style="solid" spacing_medium="" margin_top_medium="" margin_bottom_medium="" spacing_small="" margin_top_small="" margin_bottom_small="" margin_top="" margin_bottom="" padding_dimensions_medium="" padding_top_medium="" padding_right_medium="" padding_bottom_medium="" padding_left_medium="" padding_dimensions_small="" padding_top_small="" padding_right_small="" padding_bottom_small="" padding_left_small="" padding_top="" padding_right="" padding_bottom="" padding_left="" box_shadow="no" box_shadow_vertical="" box_shadow_horizontal="" box_shadow_blur="0" box_shadow_spread="0" box_shadow_color="" box_shadow_style="" z_index="" overflow="" gradient_start_color="" gradient_end_color="" gradient_start_position="0" gradient_end_position="100" gradient_type="linear" radial_direction="center center" linear_angle="180" background_color="" background_image="" background_position="center center" background_repeat="no-repeat" fade="no" background_parallax="none" enable_mobile="no" parallax_speed="0.3" background_blend_mode="none" video_mp4="" video_webm="" video_ogv="" video_url="" video_aspect_ratio="16:9" video_loop="yes" video_mute="yes" video_preview_image="" absolute="off" absolute_devices="small,medium,large" sticky="off" sticky_devices="small-visibility,medium-visibility,large-visibility" sticky_background_color="" sticky_height="" sticky_offset="" sticky_transition_offset="0" scroll_offset="0" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset="" filter_hue="0" filter_saturation="100" filter_brightness="100" filter_contrast="100" filter_invert="0" filter_sepia="0" filter_opacity="100" filter_blur="0" filter_hue_hover="0" filter_saturation_hover="100" filter_brightness_hover="100" filter_contrast_hover="100" filter_invert_hover="0" filter_sepia_hover="0" filter_opacity_hover="100" filter_blur_hover="0" admin_label="Introduction"][fusion_builder_row][fusion_builder_column type="1_1" layout="1_1" align_self="auto" content_layout="column" align_content="flex-start" content_wrap="wrap" spacing="" center_content="no" link="" target="_self" min_height="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" type_medium="" type_small="" order_medium="0" order_small="0" dimension_spacing_medium="" dimension_spacing_small="" dimension_spacing="" dimension_margin_medium="" dimension_margin_small="" margin_top="" margin_bottom="" padding_medium="" padding_small="" padding_top="" padding_right="" padding_bottom="" padding_left="" hover_type="none" border_sizes="" border_color="" border_style="solid" border_radius="" box_shadow="no" dimension_box_shadow="" box_shadow_blur="0" box_shadow_spread="0" box_shadow_color="" box_shadow_style="" background_type="single" gradient_start_color="" gradient_end_color="" gradient_start_position="0" gradient_end_position="100" gradient_type="linear" radial_direction="center center" linear_angle="180" background_color="" background_image="" background_image_id="" background_position="left top" background_repeat="no-repeat" background_blend_mode="none" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset="" filter_type="regular" filter_hue="0" filter_saturation="100" filter_brightness="100" filter_contrast="100" filter_invert="0" filter_sepia="0" filter_opacity="100" filter_blur="0" filter_hue_hover="0" filter_saturation_hover="100" filter_brightness_hover="100" filter_contrast_hover="100" filter_invert_hover="0" filter_sepia_hover="0" filter_opacity_hover="100" filter_blur_hover="0" last="true" border_position="all" first="true"][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

Je continue mon auto-formation sur Kubernetes, après avoir monté mes clusters (voir les articles précédents) j'ai besoins maintenant d'accéder à des applications web (interface de grafana, de longhorn etc ...) en passant par une connexion sécurisée avec un certificat SSL.

J'utilises habituellement Let's Encrypt pour les certificats et donc pourquoi changer. Cependant il faut un mécanisme pour les mettre automatiquement en place lors du déploiement des applications et les renouveller automatiquement.

Comme l'optique est de gérer ça dans le cluster, il faut que les certificats soient gérés par un outils et pas stockés en local sur le disque d'un des noeuds.

C'est donc ce que nous allons voir avec cert-manager en utilisant un ingress Nginx, je ne reviendrais pas sur la définition d'un Ingress il y a plein d'articles là-dessus.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container type="flex" hundred_percent="no" hundred_percent_height="no" min_height="" hundred_percent_height_scroll="no" align_content="stretch" flex_align_items="flex-start" flex_justify_content="flex-start" flex_column_spacing="" hundred_percent_height_center_content="yes" equal_height_columns="no" container_tag="div" menu_anchor="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" status="published" publish_date="" class="" id="" link_color="" link_hover_color="" border_sizes="" border_sizes_top="" border_sizes_right="" border_sizes_bottom="" border_sizes_left="" border_color="" border_style="solid" spacing_medium="" margin_top_medium="" margin_bottom_medium="" spacing_small="" margin_top_small="" margin_bottom_small="" margin_top="" margin_bottom="" padding_dimensions_medium="" padding_top_medium="" padding_right_medium="" padding_bottom_medium="" padding_left_medium="" padding_dimensions_small="" padding_top_small="" padding_right_small="" padding_bottom_small="" padding_left_small="" padding_top="" padding_right="" padding_bottom="" padding_left="" box_shadow="no" box_shadow_vertical="" box_shadow_horizontal="" box_shadow_blur="0" box_shadow_spread="0" box_shadow_color="" box_shadow_style="" z_index="" overflow="" gradient_start_color="" gradient_end_color="" gradient_start_position="0" gradient_end_position="100" gradient_type="linear" radial_direction="center center" linear_angle="180" background_color="" background_image="" background_position="center center" background_repeat="no-repeat" fade="no" background_parallax="none" enable_mobile="no" parallax_speed="0.3" background_blend_mode="none" video_mp4="" video_webm="" video_ogv="" video_url="" video_aspect_ratio="16:9" video_loop="yes" video_mute="yes" video_preview_image="" absolute="off" absolute_devices="small,medium,large" sticky="off" sticky_devices="small-visibility,medium-visibility,large-visibility" sticky_background_color="" sticky_height="" sticky_offset="" sticky_transition_offset="0" scroll_offset="0" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset="" filter_hue="0" filter_saturation="100" filter_brightness="100" filter_contrast="100" filter_invert="0" filter_sepia="0" filter_opacity="100" filter_blur="0" filter_hue_hover="0" filter_saturation_hover="100" filter_brightness_hover="100" filter_contrast_hover="100" filter_invert_hover="0" filter_sepia_hover="0" filter_opacity_hover="100" filter_blur_hover="0" admin_label="Mise en place cert-manager"][fusion_builder_row][fusion_builder_column type="1_1" layout="1_1" align_self="auto" content_layout="column" align_content="flex-start" content_wrap="wrap" spacing="" center_content="no" link="" target="_self" min_height="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" type_medium="" type_small="" order_medium="0" order_small="0" dimension_spacing_medium="" dimension_spacing_small="" dimension_spacing="" dimension_margin_medium="" dimension_margin_small="" margin_top="" margin_bottom="" padding_medium="" padding_small="" padding_top="" padding_right="" padding_bottom="" padding_left="" hover_type="none" border_sizes="" border_color="" border_style="solid" border_radius="" box_shadow="no" dimension_box_shadow="" box_shadow_blur="0" box_shadow_spread="0" box_shadow_color="" box_shadow_style="" background_type="single" gradient_start_color="" gradient_end_color="" gradient_start_position="0" gradient_end_position="100" gradient_type="linear" radial_direction="center center" linear_angle="180" background_color="" background_image="" background_image_id="" background_position="left top" background_repeat="no-repeat" background_blend_mode="none" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset="" filter_type="regular" filter_hue="0" filter_saturation="100" filter_brightness="100" filter_contrast="100" filter_invert="0" filter_sepia="0" filter_opacity="100" filter_blur="0" filter_hue_hover="0" filter_saturation_hover="100" filter_brightness_hover="100" filter_contrast_hover="100" filter_invert_hover="0" filter_sepia_hover="0" filter_opacity_hover="100" filter_blur_hover="0" last="true" border_position="all" first="true"][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

Mise en place cert-manager

On déploie la dernière version de cert-manager :

[/fusion_text][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]a3ViZWN0bCBhcHBseSAtZiBodHRwczovL2dpdGh1Yi5jb20vamV0c3RhY2svY2VydC1tYW5hZ2VyL3JlbGVhc2VzL2Rvd25sb2FkL3YxLjIuMC9jZXJ0LW1hbmFnZXIueWFtbA==[/fusion_syntax_highlighter][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

Ce qui va déployer des pods, des services dans le namespace cert-manager : 

[/fusion_text][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]a3ViZWN0bCBnZXQgcG9kcyAtbiBjZXJ0LW1hbmFnZXIgLW8gd2lkZQpOQU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUkVBRFkgICBTVEFUVVMgICAgUkVTVEFSVFMgICBBR0UgICBJUCAgICAgICAgICBOT0RFICAgICAgICAgTk9NSU5BVEVEIE5PREUgICBSRUFESU5FU1MgR0FURVMKY2VydC1tYW5hZ2VyLTY1ODg4OThjYjQtNTc1aDUgICAgICAgICAgICAgIDEvMSAgICAgUnVubmluZyAgIDAgICAgICAgICAgNjRzICAgMTAuNDAuMC4xICAgaS10d28td2sxMSAgIDxub25lPiAgICAgICAgICAgPG5vbmU+CmNlcnQtbWFuYWdlci1jYWluamVjdG9yLTdiY2JkYmQ5OWYtaHpoNG4gICAxLzEgICAgIFJ1bm5pbmcgICAxICAgICAgICAgIDY0cyAgIDEwLjM5LjAuMSAgIGktdHdvLXdrMTIgICA8bm9uZT4gICAgICAgICAgIDxub25lPgpjZXJ0LW1hbmFnZXItd2ViaG9vay01ZmQ5ZjlkZDg2LXpodmNkICAgICAgMS8xICAgICBSdW5uaW5nICAgMCAgICAgICAgICA2NHMgICAxMC40NC4wLjEgICBpLXR3by13azAxICAgPG5vbmU+ICAgICAgICAgICA8bm9uZT4=[/fusion_syntax_highlighter][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container type="flex" hundred_percent="no" hundred_percent_height="no" min_height="" hundred_percent_height_scroll="no" align_content="stretch" flex_align_items="flex-start" flex_justify_content="flex-start" flex_column_spacing="" hundred_percent_height_center_content="yes" equal_height_columns="no" container_tag="div" menu_anchor="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" status="published" publish_date="" class="" id="" link_color="" link_hover_color="" border_sizes="" border_sizes_top="" border_sizes_right="" border_sizes_bottom="" border_sizes_left="" border_color="" border_style="solid" spacing_medium="" margin_top_medium="" margin_bottom_medium="" spacing_small="" margin_top_small="" margin_bottom_small="" margin_top="" margin_bottom="" padding_dimensions_medium="" padding_top_medium="" padding_right_medium="" padding_bottom_medium="" padding_left_medium="" padding_dimensions_small="" padding_top_small="" padding_right_small="" padding_bottom_small="" padding_left_small="" padding_top="" padding_right="" padding_bottom="" padding_left="" box_shadow="no" box_shadow_vertical="" box_shadow_horizontal="" box_shadow_blur="0" box_shadow_spread="0" box_shadow_color="" box_shadow_style="" z_index="" overflow="" gradient_start_color="" gradient_end_color="" gradient_start_position="0" gradient_end_position="100" gradient_type="linear" radial_direction="center center" linear_angle="180" background_color="" background_image="" background_position="center center" background_repeat="no-repeat" fade="no" background_parallax="none" enable_mobile="no" parallax_speed="0.3" background_blend_mode="none" video_mp4="" video_webm="" video_ogv="" video_url="" video_aspect_ratio="16:9" video_loop="yes" video_mute="yes" video_preview_image="" absolute="off" absolute_devices="small,medium,large" sticky="off" sticky_devices="small-visibility,medium-visibility,large-visibility" sticky_background_color="" sticky_height="" sticky_offset="" sticky_transition_offset="0" scroll_offset="0" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset="" filter_hue="0" filter_saturation="100" filter_brightness="100" filter_contrast="100" filter_invert="0" filter_sepia="0" filter_opacity="100" filter_blur="0" filter_hue_hover="0" filter_saturation_hover="100" filter_brightness_hover="100" filter_contrast_hover="100" filter_invert_hover="0" filter_sepia_hover="0" filter_opacity_hover="100" filter_blur_hover="0" admin_label="Ingress et Issuers"][fusion_builder_row][fusion_builder_column type="1_1" layout="1_1" align_self="auto" content_layout="column" align_content="flex-start" content_wrap="wrap" spacing="" center_content="no" link="" target="_self" min_height="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" type_medium="" type_small="" order_medium="0" order_small="0" dimension_spacing_medium="" dimension_spacing_small="" dimension_spacing="" dimension_margin_medium="" dimension_margin_small="" margin_top="" margin_bottom="" padding_medium="" padding_small="" padding_top="" padding_right="" padding_bottom="" padding_left="" hover_type="none" border_sizes="" border_color="" border_style="solid" border_radius="" box_shadow="no" dimension_box_shadow="" box_shadow_blur="0" box_shadow_spread="0" box_shadow_color="" box_shadow_style="" background_type="single" gradient_start_color="" gradient_end_color="" gradient_start_position="0" gradient_end_position="100" gradient_type="linear" radial_direction="center center" linear_angle="180" background_color="" background_image="" background_image_id="" background_position="left top" background_repeat="no-repeat" background_blend_mode="none" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset="" filter_type="regular" filter_hue="0" filter_saturation="100" filter_brightness="100" filter_contrast="100" filter_invert="0" filter_sepia="0" filter_opacity="100" filter_blur="0" filter_hue_hover="0" filter_saturation_hover="100" filter_brightness_hover="100" filter_contrast_hover="100" filter_invert_hover="0" filter_sepia_hover="0" filter_opacity_hover="100" filter_blur_hover="0" last="true" border_position="all" first="true"][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

 

Mise en place de l'Ingress et des Issuers

Pour mettre en place notre Ingress il faut qu'il soit paramétré pour écouter sur l'ip externe publique de mon cluster.

Pour cela je vais utiliser la configuration proposée ici : https://github.com/imixs/imixs-cloud/tree/master/management/nginx en modifiant dans 020-service.yaml mon adresse ip.

[/fusion_text][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]a3ViZWN0bCBhcHBseSAtLWt1c3RvbWl6ZSAuL25naW54[/fusion_syntax_highlighter][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

 

On vérifie que tout est ok :

[/fusion_text][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]a3ViZWN0bCBnZXQgcG9kcyAtbiBpbmdyZXNzLW5naW54IC1sIGFwcC5rdWJlcm5ldGVzLmlvL25hbWU9aW5ncmVzcy1uZ2lueCAtLXdhdGNo[/fusion_syntax_highlighter][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

C'est prêt, on à Ingress fonctionnel avec deux ClusterIssuers (https://cert-manager.io/docs/concepts/issuer/) qui vont permettre de gérer les fournisseurs de certificats SSL, pour le moment Let's Encrypt Staging et Let's Encrypt Prod.

[/fusion_text][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]a3ViZWN0bCBhcHBseSAtZiBjbHVzdGVyLWlzc3VlcnMueW1sCgprdWJlY3RsIGdldCBjbHVzdGVyaXNzdWVycwpOQU1FICAgICAgICAgICAgICAgICAgUkVBRFkgICBBR0UKbGV0c2VuY3J5cHQtcHJvZCAgICAgIFRydWUgICAgMTBoCmxldHNlbmNyeXB0LXN0YWdpbmcgICBUcnVlICAgIDEwaAo=[/fusion_syntax_highlighter][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

Attention il faut que les ClusterIssuers soient en Ready pour que cela fonctionne, j'ai eu un petit soucis avec mon cluster https://github.com/jetstack/cert-manager/issues/3688

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container type="flex" hundred_percent="no" hundred_percent_height="no" min_height="" hundred_percent_height_scroll="no" align_content="stretch" flex_align_items="flex-start" flex_justify_content="flex-start" flex_column_spacing="" hundred_percent_height_center_content="yes" equal_height_columns="no" container_tag="div" menu_anchor="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" status="published" publish_date="" class="" id="" link_color="" link_hover_color="" border_sizes="" border_sizes_top="" border_sizes_right="" border_sizes_bottom="" border_sizes_left="" border_color="" border_style="solid" spacing_medium="" margin_top_medium="" margin_bottom_medium="" spacing_small="" margin_top_small="" margin_bottom_small="" margin_top="" margin_bottom="" padding_dimensions_medium="" padding_top_medium="" padding_right_medium="" padding_bottom_medium="" padding_left_medium="" padding_dimensions_small="" padding_top_small="" padding_right_small="" padding_bottom_small="" padding_left_small="" padding_top="" padding_right="" padding_bottom="" padding_left="" box_shadow="no" box_shadow_vertical="" box_shadow_horizontal="" box_shadow_blur="0" box_shadow_spread="0" box_shadow_color="" box_shadow_style="" z_index="" overflow="" gradient_start_color="" gradient_end_color="" gradient_start_position="0" gradient_end_position="100" gradient_type="linear" radial_direction="center center" linear_angle="180" background_color="" background_image="" background_position="center center" background_repeat="no-repeat" fade="no" background_parallax="none" enable_mobile="no" parallax_speed="0.3" background_blend_mode="none" video_mp4="" video_webm="" video_ogv="" video_url="" video_aspect_ratio="16:9" video_loop="yes" video_mute="yes" video_preview_image="" absolute="off" absolute_devices="small,medium,large" sticky="off" sticky_devices="small-visibility,medium-visibility,large-visibility" sticky_background_color="" sticky_height="" sticky_offset="" sticky_transition_offset="0" scroll_offset="0" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset="" filter_hue="0" filter_saturation="100" filter_brightness="100" filter_contrast="100" filter_invert="0" filter_sepia="0" filter_opacity="100" filter_blur="0" filter_hue_hover="0" filter_saturation_hover="100" filter_brightness_hover="100" filter_contrast_hover="100" filter_invert_hover="0" filter_sepia_hover="0" filter_opacity_hover="100" filter_blur_hover="0" admin_label="Tests"][fusion_builder_row][fusion_builder_column type="1_1" layout="1_1" align_self="auto" content_layout="column" align_content="flex-start" content_wrap="wrap" spacing="" center_content="no" link="" target="_self" min_height="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" type_medium="" type_small="" order_medium="0" order_small="0" dimension_spacing_medium="" dimension_spacing_small="" dimension_spacing="" dimension_margin_medium="" dimension_margin_small="" margin_top="" margin_bottom="" padding_medium="" padding_small="" padding_top="" padding_right="" padding_bottom="" padding_left="" hover_type="none" border_sizes="" border_color="" border_style="solid" border_radius="" box_shadow="no" dimension_box_shadow="" box_shadow_blur="0" box_shadow_spread="0" box_shadow_color="" box_shadow_style="" background_type="single" gradient_start_color="" gradient_end_color="" gradient_start_position="0" gradient_end_position="100" gradient_type="linear" radial_direction="center center" linear_angle="180" background_color="" background_image="" background_image_id="" background_position="left top" background_repeat="no-repeat" background_blend_mode="none" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset="" filter_type="regular" filter_hue="0" filter_saturation="100" filter_brightness="100" filter_contrast="100" filter_invert="0" filter_sepia="0" filter_opacity="100" filter_blur="0" filter_hue_hover="0" filter_saturation_hover="100" filter_brightness_hover="100" filter_contrast_hover="100" filter_invert_hover="0" filter_sepia_hover="0" filter_opacity_hover="100" filter_blur_hover="0" last="true" border_position="all" first="true"][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

 

Test

Pour tester tout ça on va déployer une application basique whoami. Avec les 3 fichiers deployment, service et ingress https://github.com/imixs/imixs-cloud/tree/master/apps/whoami

Il suffit de modifier l'url dans le fichier 030-ingress.yml et de modifier l'issuer si vous voulez passer en letesencrypt-prod. Ensuite pour déployer :

[/fusion_text][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]a3ViZWN0bCBhcHBseSAtZiB3aG9hbWk=[/fusion_syntax_highlighter][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

 

Pour vérifier si le certificat à bien été généré :

[/fusion_text][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]a3ViZWN0bCBnZXQgY2VydGlmaWNhdGVzLENlcnRpZmljYXRlUmVxdWVzdCxjaGFsbGVuZ2VzLG9yZGVycyxpbmdyZXNzZXMubmV0d29ya2luZy5rOHMuaW8KTkFNRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBSRUFEWSAgIFNFQ1JFVCAgICAgICBBR0UKY2VydGlmaWNhdGUuY2VydC1tYW5hZ2VyLmlvL3Rscy13aG9hbWkgICBUcnVlICAgIHRscy13aG9hbWkgICAzOXMKCk5BTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFJFQURZICAgQUdFCmNlcnRpZmljYXRlcmVxdWVzdC5jZXJ0LW1hbmFnZXIuaW8vdGxzLXdob2FtaS1nNzRseCAgIFRydWUgICAgMzlzCgpOQU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBTVEFURSAgIEFHRQpvcmRlci5hY21lLmNlcnQtbWFuYWdlci5pby90bHMtd2hvYW1pLWc3NGx4LTE3ODMxOTczNjMgICB2YWxpZCAgIDM5cwoKTkFNRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDTEFTUyAgICBIT1NUUyAgICAgICAgICAgICAgICAgICAgICBBRERSRVNTICAgUE9SVFMgICAgIEFHRQppbmdyZXNzLm5ldHdvcmtpbmcuazhzLmlvL3dob2FtaSAgIDxub25lPiAgIHdob2FtaS5pLXR3by5hdWtmb29kLm92aCAgICAgICAgICAgICA4MCwgNDQzICAgNDBzCg==[/fusion_syntax_highlighter][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

Le certificat est bien généré (hésitez pas à faire des describes sur les objets pour regarder les détails) et l'ingress va bien router les requêtes vers le bon service. C'est parfait, il me reste plus qu'à déployer d'autres applications avec cert-manager et nginx.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container type="flex" hundred_percent="no" hundred_percent_height="no" min_height="" hundred_percent_height_scroll="no" align_content="stretch" flex_align_items="flex-start" flex_justify_content="flex-start" flex_column_spacing="" hundred_percent_height_center_content="yes" equal_height_columns="no" container_tag="div" menu_anchor="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" status="published" publish_date="" class="" id="" link_color="" link_hover_color="" border_sizes="" border_sizes_top="" border_sizes_right="" border_sizes_bottom="" border_sizes_left="" border_color="" border_style="solid" spacing_medium="" margin_top_medium="" margin_bottom_medium="" spacing_small="" margin_top_small="" margin_bottom_small="" margin_top="" margin_bottom="" padding_dimensions_medium="" padding_top_medium="" padding_right_medium="" padding_bottom_medium="" padding_left_medium="" padding_dimensions_small="" padding_top_small="" padding_right_small="" padding_bottom_small="" padding_left_small="" padding_top="" padding_right="" padding_bottom="" padding_left="" box_shadow="no" box_shadow_vertical="" box_shadow_horizontal="" box_shadow_blur="0" box_shadow_spread="0" box_shadow_color="" box_shadow_style="" z_index="" overflow="" gradient_start_color="" gradient_end_color="" gradient_start_position="0" gradient_end_position="100" gradient_type="linear" radial_direction="center center" linear_angle="180" background_color="" background_image="" background_position="center center" background_repeat="no-repeat" fade="no" background_parallax="none" enable_mobile="no" parallax_speed="0.3" background_blend_mode="none" video_mp4="" video_webm="" video_ogv="" video_url="" video_aspect_ratio="16:9" video_loop="yes" video_mute="yes" video_preview_image="" absolute="off" absolute_devices="small,medium,large" sticky="off" sticky_devices="small-visibility,medium-visibility,large-visibility" sticky_background_color="" sticky_height="" sticky_offset="" sticky_transition_offset="0" scroll_offset="0" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset="" filter_hue="0" filter_saturation="100" filter_brightness="100" filter_contrast="100" filter_invert="0" filter_sepia="0" filter_opacity="100" filter_blur="0" filter_hue_hover="0" filter_saturation_hover="100" filter_brightness_hover="100" filter_contrast_hover="100" filter_invert_hover="0" filter_sepia_hover="0" filter_opacity_hover="100" filter_blur_hover="0" admin_label="Sources"][fusion_builder_row][fusion_builder_column type="1_1" layout="1_1" align_self="auto" content_layout="column" align_content="flex-start" content_wrap="wrap" spacing="" center_content="no" link="" target="_self" min_height="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" type_medium="" type_small="" order_medium="0" order_small="0" dimension_spacing_medium="" dimension_spacing_small="" dimension_spacing="" dimension_margin_medium="" dimension_margin_small="" margin_top="" margin_bottom="" padding_medium="" padding_small="" padding_top="" padding_right="" padding_bottom="" padding_left="" hover_type="none" border_sizes="" border_color="" border_style="solid" border_radius="" box_shadow="no" dimension_box_shadow="" box_shadow_blur="0" box_shadow_spread="0" box_shadow_color="" box_shadow_style="" background_type="single" gradient_start_color="" gradient_end_color="" gradient_start_position="0" gradient_end_position="100" gradient_type="linear" radial_direction="center center" linear_angle="180" background_color="" background_image="" background_image_id="" background_position="left top" background_repeat="no-repeat" background_blend_mode="none" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset="" filter_type="regular" filter_hue="0" filter_saturation="100" filter_brightness="100" filter_contrast="100" filter_invert="0" filter_sepia="0" filter_opacity="100" filter_blur="0" filter_hue_hover="0" filter_saturation_hover="100" filter_brightness_hover="100" filter_contrast_hover="100" filter_invert_hover="0" filter_sepia_hover="0" filter_opacity_hover="100" filter_blur_hover="0" last="true" border_position="all" first="true"][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

Sources

Je tiens à mettre en avant ce projet que j'utilise régulièrement pour mes test : ## Sources
https://github.com/imixs/imixs-cloud

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]