Deepfactor portal requires a TLS certificate to encrypt traffic between the portal and your applications running with Deepfactor enabled. This articles describes the steps needed to generate a Let’s Encrypt certificate.
1. Install Cert Manager #
helm repo add jetstack https://charts.jetstack.io helm repo update kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.crds.yaml helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.6.1 --set prometheus.enabled=false
2. Create Deepfactor namespace #
kubectl create ns deepfactor
3. Create issuer for Let’s Encrypt #
Create yaml file, le-issuer.yaml for Let’s Encrypt issuer as follows. Replace the highlighted configs as applicable
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-issuer
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: matt@example.io
privateKeySecretRef:
name: letsencrypt-issuer
solvers:
- http01:
ingress:
class: nginx
Use the following command to create issuer for Let’s encrypt using the file (le-issuer.yaml) created above
kubectl -n deepfactor apply -f le-issuer.yaml
4. Create CA certificate #
wget https://letsencrypt.org/certs/isrgrootx1.pem kubectl -n deepfactor create secret generic deepfactor-certs --from-file=portalca.crt=isrgrootx1.pem
5. Create a certificate for the portal #
Create yaml for Certificate as follows. Replace the highlighted configs as applicable
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: dfp-letsencrypt.dmux.in
spec:
secretName: dfp-letsencrypt.dmux.in
dnsNames:
- dfp-letsencrypt.dmux.in
issuerRef:
name: letsencrypt-issuer
kind: Issuer
group: cert-manager.io
Use the following commands to create a Let’s Encrypt certificate using the file (cert.yaml) created above
kubectl -n deepfactor apply -f cert.yaml