aneri90 · August 21, 2018 09:15
diff --git a/0-install_nginx-ingress_chart.sh b/0-install_nginx-ingress_chart.sh
 #!/bin/bash
 # --set rbac.create=false when RBAC is disabled
 # wait for public ip address with: 
 # kubectl --namespace kube-system get services -o wide -w lovely-ladybird-nginx-ingress-controller
 helm install stable/nginx-ingress --namespace kube-system --set rbac.create=false
diff --git a/1-pair_fqdn_to_public_ingress_ip.sh b/1-pair_fqdn_to_public_ingress_ip.sh
 #!/bin/bash

 # Public IP address of your ingress controller
 IP="<NGINX_PUBLIC_IP>"

 # Name to associate with public IP address
 DNSNAME="<NGINX_DNS>"

 # Get the resource-id of the public ip
 PUBLICIPID=$(az network public-ip list --query "[?ipAddress!=null]|[?contains(ipAddress, '$IP')].[id]" --output tsv)

 # Update public ip address with DNS name
 az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME
diff --git a/2-Install_cert-manager.sh b/2-Install_cert-manager.sh
 #!/bin/bash

 # The NGINX ingress controller supports TLS termination. 
 # There are several ways to retrieve and configure certificates for HTTPS
 # NOTE: for cluster without RBAC enabled

 helm install stable/cert-manager \
  --set ingressShim.defaultIssuerName=letsencrypt-prod \
  --set ingressShim.defaultIssuerKind=ClusterIssuer \
  --set rbac.create=false \
  --set serviceAccount.create=false
diff --git a/3-cluster-issuer.yaml b/3-cluster-issuer.yaml
 apiVersion: certmanager.k8s.io/v1alpha1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-prod
 spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: <USER_EMAIL>
    privateKeySecretRef:
      name: letsencrypt-prod
    http01: {}
diff --git a/4-create_cluster_issuer.txt b/4-create_cluster_issuer.txt
 Before certificates can be issued, cert-manager requires an Issuer or ClusterIssuer resource. 
 These Kubernetes resources are identical in functionality, however Issuer works in a single namespace, and ClusterIssuer works across all namespaces. 
 For more information, see the cert-manager issuer documentation.
 Create a cluster issuer, such as cluster-issuer.yaml, using the following example manifest. 
 Update the email address with a valid address from your organization and then apply with:

 kubectl create -f cluster-issuer.yaml
diff --git a/5-create_certificate.txt b/5-create_certificate.txt
 Next, a certificate resource must be created. The certificate resource defines the desired X.509 certificate. 
 For more information, see cert-manager certificates.
 Create the certificate resource, such as certificates.yaml, with the following example manifest. 
 Update the dnsNames and domains to the DNS name you created in a previous step.

 kubectl create -f certificates.yaml
diff --git a/6-certificates.yaml b/6-certificates.yaml
 apiVersion: certmanager.k8s.io/v1alpha1
 kind: Certificate
 metadata:
  name: tls-secret
 spec:
  secretName: tls-secret
  dnsNames:
  - <dns>.eastus.cloudapp.azure.com
  acme:
    config:
    - http01:
        ingressClass: nginx
      domains:
      - <dns>.eastus.cloudapp.azure.com
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
	#!/bin/bash
	# --set rbac.create=false when RBAC is disabled
	# wait for public ip address with:
	# kubectl --namespace kube-system get services -o wide -w lovely-ladybird-nginx-ingress-controller
	helm install stable/nginx-ingress --namespace kube-system --set rbac.create=false
	#!/bin/bash

	# Public IP address of your ingress controller
	IP="<NGINX_PUBLIC_IP>"

	# Name to associate with public IP address
	DNSNAME="<NGINX_DNS>"

	# Get the resource-id of the public ip
	PUBLICIPID=$(az network public-ip list --query "[?ipAddress!=null]\|[?contains(ipAddress, '$IP')].[id]" --output tsv)

	# Update public ip address with DNS name
	az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME
	#!/bin/bash

	# The NGINX ingress controller supports TLS termination.
	# There are several ways to retrieve and configure certificates for HTTPS
	# NOTE: for cluster without RBAC enabled

	helm install stable/cert-manager \
	--set ingressShim.defaultIssuerName=letsencrypt-prod \
	--set ingressShim.defaultIssuerKind=ClusterIssuer \
	--set rbac.create=false \
	--set serviceAccount.create=false
	apiVersion: certmanager.k8s.io/v1alpha1
	kind: ClusterIssuer
	metadata:
	name: letsencrypt-prod
	spec:
	acme:
	server: https://acme-v02.api.letsencrypt.org/directory
	email: <USER_EMAIL>
	privateKeySecretRef:
	name: letsencrypt-prod
	http01: {}
	Before certificates can be issued, cert-manager requires an Issuer or ClusterIssuer resource.
	These Kubernetes resources are identical in functionality, however Issuer works in a single namespace, and ClusterIssuer works across all namespaces.
	For more information, see the cert-manager issuer documentation.
	Create a cluster issuer, such as cluster-issuer.yaml, using the following example manifest.
	Update the email address with a valid address from your organization and then apply with:

	kubectl create -f cluster-issuer.yaml
	Next, a certificate resource must be created. The certificate resource defines the desired X.509 certificate.
	For more information, see cert-manager certificates.
	Create the certificate resource, such as certificates.yaml, with the following example manifest.
	Update the dnsNames and domains to the DNS name you created in a previous step.

	kubectl create -f certificates.yaml
	apiVersion: certmanager.k8s.io/v1alpha1
	kind: Certificate
	metadata:
	name: tls-secret
	spec:
	secretName: tls-secret
	dnsNames:
	- <dns>.eastus.cloudapp.azure.com
	acme:
	config:
	- http01:
	ingressClass: nginx
	domains:
	- <dns>.eastus.cloudapp.azure.com
	issuerRef:
	name: letsencrypt-prod
	kind: ClusterIssuer