0

I'm trying to setup a reverse proxy to work with Kubernetes. I currently have an ingress load-balancer using Metallb and Contour with Envoy.

I also have a working certificate issuer with Let's Encrypt and cert-manager allowing services and deployments to get certificates for HTTPS.

My problem is trying to get other websites and servers not run in Kubernetes but are in our DNS range to have HTTPS certificates and I feel like I am missing something.

My IP for my load-balancer is 10.64.1.35 while the website I am trying to get a certificate for is 10.64.0.145.

Thank you if you could offer any help!

Eric Fritz
  • 1

1 Answers1

0

I think that will never work. Something needs to request a certificate, in kubernetes this usually is the presence of a Resource. The cert-manager listens to the creation of that resource, and requests a certificate from let's encrypt.

Then that certificate must be configured in some loadbalancer and the loadbalancer must reload its configuration (That's what Metallb does).

When you have applications running elsewhere outside of this setup, those applications will never have certificates.

If you really want to have that Metallb loadbalancer request and attach the certificates, you'll need to create a resource in kubernetes and proxy all the traffic for that application through kubernetes.

myapp.com -> metallb -> kubernetes -> VPS

However, I think the better way for you is to setup let's encrypt on the server where you need it. That way you prevent 2 additional network hops, and resources on the metallb and kubernetes server(s).

Leroy
  • 1,600
  • 13
  • 23
  • Thank you for the headsup! I kept thinking about it and why it doesn't sound right. It helps to hear someone else's opinion on the matter. – Eric Fritz Jul 07 '22 at 20:40