K3S SSL Configuration

Prerequisite

Finish K3S installation

Steps

1. Create namespace for cert-manager

    kubectl create namespace cert-manager
   

2. Apply default static install

    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.yaml
   

3. Create cloudflare token secret

    # personal-tools/k8s/cert-manager/issuers
    kubectl apply -f secret-cf-token.yaml
   

4. Create ClusterIssuer

    # personal-tools/k8s/cert-manager/issuers
    kubectl apply -f letsencrypt-staging.yaml  # staging
    kubectl apply -f letsencrypt-production.yaml  # production
   

5. Install kubernetes-reflector to enable ssl secret to be copied to multiple namespaces

    kubectl -n kube-system apply -f https://github.com/emberstack/kubernetes-reflector/releases/latest/download/reflector.yaml
   

6. Create certs

    # personal-tools/k8s/cert-manager/certificates/staging
    kubectl apply -f local-goblincove-xyz.yaml  # staging
    # personal-tools/k8s/cert-manager/certificates/production
    kubectl apply -f local-goblincove-xyz.yaml  # production
   

7. Wait until the tls secrets created in home namespace. If stuck in pending, you can manually delete the TXT record in Cloudflare and try to creat certs again

Usage

Refer to personal-tools/k8s/home/ingress.yaml

Reference

• Wildcard Certificates with Traefik + cert-manager + Let’s Encrypt in Kubernetes Tutorial