# echoserver
kubectl apply -f echoserver/00-namespace.yaml
# kube-lego
kubectl apply -f lego/00-namespace.yaml
# nginx-ingress
kubectl apply -f nginx/00-namespace.yaml
kubectl apply -f nginx/default-deployment.yaml
kubectl apply -f nginx/default-service.yaml
kubectl apply -f nginx/configmap.yaml
kubectl apply -f nginx/service.yaml
kubectl apply -f nginx/rbac.yaml
kubectl apply -f nginx/deployment.yaml
The nginx service uses a LoadBalancer to publish the service. A few minutes after you have added the nginx service, you will get it's public IP address or domain via kubectl:
kubectl describe svc nginx --namespace nginx-ingress
[...]
LoadBalancer Ingress: 1.2.3.4
[...]
This is the IP address where you have to point your domains to. IN AWS you will get a domain, use a CNAME record in this case.
kubectl apply -f echoserver/service.yaml
kubectl apply -f echoserver/deployment.yaml
kubectl apply -f echoserver/ingress-notls.yaml
- Make sure the echo service is reachable through http://echo.example.com
# ConfigMap (please setup you KUBE_LEGO EMAIL before deploying)
kubectl apply -f lego/configmap.yaml
# RBAC objects
kubectl apply -f lego/service-account.yaml
kubectl apply -f lego/cluster-role.yaml
kubectl apply -f lego/cluster-role-binding.yaml
# Deployment
kubectl apply -f lego/deployment.yaml
- Change the email address in
lego/configmap.yamlbefore creating the kubernetes resource - Please be aware that kube-lego creates it's related service on its own
kubectl apply -f echoserver/ingress-tls.yaml
- Look at the log output of the nginx pod
- Look at the log output of the ingress pods
- Sometimes after acquiring a new certificate nginx needs to be restarted (as it's not watching change events for secrets)