ams0 · March 19, 2020 20:48
diff --git a/nginx-ingress + cert-manager.txt b/nginx-ingress + cert-manager.txt
 #1.16.7 works, 1.17.3 no (AKS)

 #helm3

 #nginx-ingress
 helm repo add stable https://kubernetes-charts.storage.googleapis.com

 kubectl create ns ingress

 helm upgrade --install ingress stable/nginx-ingress \
 --namespace ingress \
 --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
 --set autoscaling.enabled=true \
 --set controller.metrics.enabled=true \
 --set controller.stats.enabled=true \
 --set controller.service.externalTrafficPolicy=Local


 #Cert manager
 helm repo add jetstack https://charts.jetstack.io

 kubectl create ns cert-manager
 kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
 kubectl apply --validate=false \
    -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.14/deploy/manifests/00-crds.yaml

 helm install cert-manager \
  --namespace cert-manager \
  --set ingressShim.defaultIssuerName=letsencrypt-prod \
  --set ingressShim.defaultIssuerKind=ClusterIssuer \
  --set image.tag=v0.14.0 \
  jetstack/cert-manager
  
  
 kubectl apply -f - <<EOF
 apiVersion: cert-manager.io/v1alpha2
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-prod
 spec:
  acme:
    email: [email protected]
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-prod-issuer-account-key
    solvers:
    - http01:
        ingress:
          class: nginx
 EOF


 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  name: hello-world-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/rewrite-target: /$1
 spec:
  tls:
  - hosts:
    - aksingressip.westeurope.cloudapp.azure.com
    secretName: tls-secret
  rules:
  - host: aksingressip.westeurope.cloudapp.azure.com 
    http:
      paths:
      - backend:
          serviceName: aks-helloworld
          servicePort: 80
        path: /(.*)
      - backend:
          serviceName: ingress-demo
          servicePort: 80
        path: /hello-world-two(/|$)(.*)
	#1.16.7 works, 1.17.3 no (AKS)

	#helm3

	#nginx-ingress
	helm repo add stable https://kubernetes-charts.storage.googleapis.com

	kubectl create ns ingress

	helm upgrade --install ingress stable/nginx-ingress \
	--namespace ingress \
	--set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
	--set autoscaling.enabled=true \
	--set controller.metrics.enabled=true \
	--set controller.stats.enabled=true \
	--set controller.service.externalTrafficPolicy=Local


	#Cert manager
	helm repo add jetstack https://charts.jetstack.io

	kubectl create ns cert-manager
	kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
	kubectl apply --validate=false \
	-f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.14/deploy/manifests/00-crds.yaml

	helm install cert-manager \
	--namespace cert-manager \
	--set ingressShim.defaultIssuerName=letsencrypt-prod \
	--set ingressShim.defaultIssuerKind=ClusterIssuer \
	--set image.tag=v0.14.0 \
	jetstack/cert-manager


	kubectl apply -f - <<EOF
	apiVersion: cert-manager.io/v1alpha2
	kind: ClusterIssuer
	metadata:
	name: letsencrypt-prod
	spec:
	acme:
	email: [email protected]
	server: https://acme-v02.api.letsencrypt.org/directory
	privateKeySecretRef:
	name: letsencrypt-prod-issuer-account-key
	solvers:
	- http01:
	ingress:
	class: nginx
	EOF


	apiVersion: extensions/v1beta1
	kind: Ingress
	metadata:
	name: hello-world-ingress
	annotations:
	kubernetes.io/ingress.class: nginx
	cert-manager.io/cluster-issuer: letsencrypt-prod
	nginx.ingress.kubernetes.io/rewrite-target: /$1
	spec:
	tls:
	- hosts:
	- aksingressip.westeurope.cloudapp.azure.com
	secretName: tls-secret
	rules:
	- host: aksingressip.westeurope.cloudapp.azure.com
	http:
	paths:
	- backend:
	serviceName: aks-helloworld
	servicePort: 80
	path: /(.*)
	- backend:
	serviceName: ingress-demo
	servicePort: 80
	path: /hello-world-two(/\|$)(.*)