Ingress + Letsencrypt

Domain Registration

Before starting your journey with Let's Encrypt, you first need to acquire a domain name. This can be done through websites such as GoDaddy or Name. You can refer to various internet tutorials for the registration process as it's outside the scope of this article.

Deploying Nginx Ingress Controller

Use Helm for deployment as follows:

helm install stable/nginx-ingress --name nginx-ingress --set rbac.create=true --namespace=kube-system

After successful deployment, find the public IP address of the Ingress service (for this article, let’s assume it to be 6.6.6.6):

$ kubectl -n kube-system get service nginx-ingress-controller
NAME                       TYPE           CLUSTER-IP     EXTERNAL-IP     PORT(S)                      AGE
nginx-ingress-controller   LoadBalancer   10.0.216.124   6.6.6.6         80:31935/TCP,443:31797/TCP   4d

Next, go to the domain registrar's website and create an 'A' record to resolve the needed domain towards the IP 6.6.6.6.

Let's Get 'Letsencrypt' Going

# Install cert-manager
helm install --namespace=kube-system --name cert-manager stable/cert-manager --set ingressShim.defaultIssuerName=letsencrypt --set ingressShim.defaultIssuerKind=ClusterIssuer

# create cluster issuer
kubectl apply -f https://raw.githubusercontent.com/feiskyer/kubernetes-handbook/master/manifests/ingress-nginx/cert-manager/cluster-issuer.yaml

Create Ingress

Firstly, create a Secret for authentication:

HTTP Ingress Example

Create a TLS Ingress for your nginx service (at port 80) and also automatically redirect http://echo-tls.example.com to https://echo-tls.example.com:

TLS Ingress

Create a TLS Ingress for the Kubernetes Dashboard service (at port 443) and disable HTTP access for the domain:

References

• Nginx Ingress Controller Documentation