cert-manager refactoring

2025-06-06 17:01:30 +00:00 · 2020-12-06 22:41:46 +11:00 · 2020-12-06 22:41:46 +11:00 · 88a86f681a
commit 88a86f681a
parent fa92a6fd70
4 changed files with 45 additions and 53 deletions
--- a/kubernetes/cert-manager/README.md
+++ b/kubernetes/cert-manager/README.md
@ -9,20 +9,15 @@ kind create cluster --name certmanager --image kindest/node:v1.19.1
 ```


-## Issuer 
+## Concepts 

-https://cert-manager.io/docs/concepts/issuer/
-
-
-## Certificate
-
-https://cert-manager.io/docs/concepts/certificate/
-
-
-## CertificateRequests
-
-## Orders and Challenges
+It's important to understand the various concepts and new Kubernetes resources that <br/>
+`cert-manager` introduces.

+* Issuers [docs](https://cert-manager.io/docs/concepts/issuer/)
+* Certificate [docs](https://cert-manager.io/docs/concepts/certificate/)
+* CertificateRequests [docs](https://cert-manager.io/docs/concepts/certificaterequest/)
+* Orders and Challenges [docs](https://cert-manager.io/docs/concepts/acme-orders-challenges/)

 ## Installation 

@ -95,21 +90,22 @@ replicaset.apps/cert-manager-webhook-578954cdd       1         1         1
 Let's create some test certificates

 ```
- kubectl apply -f test.yaml
+kubectl create ns cert-manager-test

-  kubectl describe certificate -n cert-manager-test
+kubectl apply -f ./selfsigned/issuer.yaml
+
+kubectl apply -f ./selfsigned/certificate.yaml
+
+kubectl describe certificate -n cert-manager-test
+kubectl get secrets -n cert-manager-test
+
+kubectl delete ns cert-manager-test
 ```

 ## Configuration 

-
 https://cert-manager.io/docs/configuration/

-
-## DNS
-
-## HTTP
-
 ## Ingress Controller

 Let's deploy an Ingress controller: <br/>
@ -120,7 +116,6 @@ kubectl create ns ingress-nginx
 kubectl -n ingress-nginx apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.41.2/deploy/static/provider/cloud/deploy.yaml

 kubectl -n ingress-nginx get pods
-kubectl -n ingress-nginx get svc

 kubectl -n ingress-nginx --address 0.0.0.0 port-forward svc/ingress-nginx-controller 80
 kubectl -n ingress-nginx --address 0.0.0.0 port-forward svc/ingress-nginx-controller 443
@ -155,6 +150,17 @@ kubectl describe clusterissuer letsencrypt-cluster-issuer

 ```

+## Deploy a pod that uses SSL
+
+```
+kubectl apply -f .\kubernetes\deployments\
+kubectl apply -f .\kubernetes\services\
+kubectl get pods
+# deploy an ingress route
+kubectl apply -f .\kubernetes\cert-manager\ingress.yaml
+
+```
+
 ## Issue Certificate 

 ```
@ -169,11 +175,3 @@ kubectl get secrets
 NAME                  TYPE                                  DATA   AGE
 example-app-tls       kubernetes.io/tls                     2      84m
 ```
-
-## Deploy a pod that uses SSL
-
-```
-kubectl apply -f .\kubernetes\deployments\
-kubectl apply -f .\kubernetes\configmaps\
-kubectl apply -f .\kubernetes\services\
-```
--- a/kubernetes/cert-manager/selfsigned/certificate.yaml
+++ b/kubernetes/cert-manager/selfsigned/certificate.yaml
@ -0,0 +1,11 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: selfsigned-cert
+  namespace: cert-manager-test
+spec:
+  dnsNames:
+    - example.com
+  secretName: selfsigned-cert-tls
+  issuerRef:
+    name: test-selfsigned
--- a/kubernetes/cert-manager/selfsigned/issuer.yaml
+++ b/kubernetes/cert-manager/selfsigned/issuer.yaml
@ -0,0 +1,7 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: test-selfsigned
+  namespace: cert-manager-test
+spec:
+  selfSigned: {}
--- a/kubernetes/cert-manager/test.yaml
+++ b/kubernetes/cert-manager/test.yaml
@ -1,24 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: cert-manager-test
---
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: test-selfsigned
-  namespace: cert-manager-test
-spec:
-  selfSigned: {}
---
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: selfsigned-cert
-  namespace: cert-manager-test
-spec:
-  dnsNames:
-    - example.com
-  secretName: selfsigned-cert-tls
-  issuerRef:
-    name: test-selfsigned