5

I'm trying to apply SSL to my kubernetes clusters (production & staging environment), but for now only on staging. I successfully installed the cert-manager, and since I have a 5 subdomains, I want to use wildcards, so I want to configure it with dns01. The problem is, we us GoDaddy for DNS management, but it's currently not supported (I think) by cert-manager. There is an issue (https://github.com/jetstack/cert-manager/issues/1083) and also a PR to support this, but I was wondering if there is a workaround for this to use godaddy with cert-manager since there is not a lot of activity on this subject? I want to use ACME so I can use let's encrypt for certificates.

I'm fairly new to kubernetes, so if I missed something let me know.

Is it possible to use let's encrypt with other type of issuers than ACME? Is there any other way where I can use GoDaddy DNS & let's encrypt with kubernetes?

For now I don't have any Ingresses but only 2 services that are external faced. One frontend and one API gateway as LoadBalancer services.

Thanks in advance!

JC97
  • 1,530
  • 2
  • 23
  • 44

3 Answers3

2

The accepted solution does work -- a different issuer is one way to go. Though if you want to use the ACME issuer, you'll need to solve challenges. This can be done via either a HTTP01 solver or a DNS01 solver. If you choose to go with the DNS01 solver, you'll either need:

  1. to move your DNS hosting from GoDaddy to one of the supported providers.
  2. or you can try using this GoDaddy Webhook provider, which you may already be aware of. Though I can't guarantee that the project is in working status.
J.D.
  • 51
  • 4
1

yes definitely you can use the cert-manager with k8s and let's encrypt will be also nice to manage the certificate.

ACME have different api URL to register domain. from there also you can get wildcard * SSl for doamin.

in simple term install cert manager and use ingress controller of nginx and you will be done with it. you have to add the TLS cert on define it on the ingress object.

You can refer this tutorial for setup of cert-manager and nginx ingress controller.

https://cert-manager.io/docs/tutorials

lemoana
  • 158
  • 1
  • 9
Harsh Manvar
  • 27,020
  • 6
  • 48
  • 102
  • Sorry for the late reply, I tried following the quickstart guide: https://docs.cert-manager.io/en/venafi/tutorials/quick-start/index.html which is the same as you linked, but using the latest version (so maybe you could update the url and I'll mark this as a solution to my question). I having other problems now though: https://stackoverflow.com/questions/54907785/cert-manager-certificates-not-found-and-challenges-not-created – JC97 Feb 27 '19 at 14:34
1

If you are looking to connect publicly-trusted CAs to Kubernetes via cert-manager (such as GlobalSign, DigiCert, Entrust), you can use Venafi Cloud as an issuer with cert-manager to automate certificate renewals for Kubernetes. Venafi Cloud connects to third-party CAs and is integrated with cert-manager. Venafi Cloud also has a built-in certification authority for privately trusted certificates for internal-facing infrastructure such as containers.

Here are the links that are relevant to get this this set up:

Sandra Chrust
  • 11
  • 1