blog

12020-03-28

SEAN K.H. LIAO

Goals

tldr

config: seankhliao/kluster @ v0.19.0

use with:

cluster / config
certificates

cluster

GKE, but cheaply, ok? 1 zonal E2 node

config

use kubectl's built in kustomize support

tls

cert-manager is a royal pain to get running. DO NOT attempt to change anything from their default config

Lets Encrypt Cluster Issuer with Cloudflare DNS Challenge

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: le-issuer
spec:
  acme:
    email: admin@example.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: le-issuer-account
    solvers:
      - dns01:
          cloudflare:
            email: admin@example.com
            apiTokenSecretRef:
              name: cloudflare
              key: token

certificate resource:

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: api.seankhliao.com
spec:
  secretName: api-seankhliao-com-tls
  duration: 2160h
  renewBefore: 360h
  dnsNames:
    - api.seankhliao.com
    - "*.api.seankhliao.com"
  issuerRef:
    name: le-issuer
    kind: ClusterIssuer