athiwatp · February 12, 2020 16:20
diff --git a/Helm3 - nginx ingress and cert-manager.txt b/Helm3 - nginx ingress and cert-manager.txt
 alias h3='helm3'

 #I can only make it work in kube-system
 kubectl config set-context $(kubectl config current-context) --namespace=kube-system

 #to be replaced with helm?
 kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.8/deploy/manifests/00-crds.yaml

 h3 upgrade --install cert-manager \
 --version v0.8.0 jetstack/cert-manager \
 --set ingressShim.defaultIssuerName=letsencrypt-prod \
 --set ingressShim.defaultIssuerKind=ClusterIssuer

 #http challenge
 cat <<EOF | kubectl apply -f -
 apiVersion: certmanager.k8s.io/v1alpha1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-prod
 spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-prod
    http01: {}
 EOF


 kubectl create ns ingress
 kubectl config set-context $(kubectl config current-context) --namespace=ingress

 # https://github.com/helm/charts/blob/master/stable/nginx-ingress/templates/controller-poddisruptionbudget.yaml#L1 should be changed https://github.com/helm/helm/issues/3005
 h3 upgrade --install ingress stable/nginx-ingress \
 #--set controller.replicaCount=2 \
 --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
 --set autoscaling.enabled=true \
 --set controller.metrics.enabled=true \
 --set controller.stats.enabled=true \
 --set controller.service.externalTrafficPolicy=Local

 az network dns record-set a add-record -g dns -z cookingwithazure.com -n *.ingress -a 23.97.238.199
 az network dns record-set a update -n *.ingress -g dns -z cookingwithazure.com --set ttl=10

 kubectl run --image=nginx --expose=true --port=80 nginx

 cat <<EOF | kubectl apply -f -
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  name: nginx-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
 spec:
  tls:
  - hosts:
    - nginx.ingress.cookingwithazure.com
    secretName: nginx.ingress.cookingwithazure.com.secret
  rules:
  - host: nginx.ingress.cookingwithazure.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx
          servicePort: 80
 EOF
	alias h3='helm3'

	#I can only make it work in kube-system
	kubectl config set-context $(kubectl config current-context) --namespace=kube-system

	#to be replaced with helm?
	kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.8/deploy/manifests/00-crds.yaml

	h3 upgrade --install cert-manager \
	--version v0.8.0 jetstack/cert-manager \
	--set ingressShim.defaultIssuerName=letsencrypt-prod \
	--set ingressShim.defaultIssuerKind=ClusterIssuer

	#http challenge
	cat <<EOF \| kubectl apply -f -
	apiVersion: certmanager.k8s.io/v1alpha1
	kind: ClusterIssuer
	metadata:
	name: letsencrypt-prod
	spec:
	acme:
	server: https://acme-v02.api.letsencrypt.org/directory
	email: [email protected]
	privateKeySecretRef:
	name: letsencrypt-prod
	http01: {}
	EOF


	kubectl create ns ingress
	kubectl config set-context $(kubectl config current-context) --namespace=ingress

	# https://github.com/helm/charts/blob/master/stable/nginx-ingress/templates/controller-poddisruptionbudget.yaml#L1 should be changed https://github.com/helm/helm/issues/3005
	h3 upgrade --install ingress stable/nginx-ingress \
	#--set controller.replicaCount=2 \
	--set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
	--set autoscaling.enabled=true \
	--set controller.metrics.enabled=true \
	--set controller.stats.enabled=true \
	--set controller.service.externalTrafficPolicy=Local

	az network dns record-set a add-record -g dns -z cookingwithazure.com -n *.ingress -a 23.97.238.199
	az network dns record-set a update -n *.ingress -g dns -z cookingwithazure.com --set ttl=10

	kubectl run --image=nginx --expose=true --port=80 nginx

	cat <<EOF \| kubectl apply -f -
	apiVersion: extensions/v1beta1
	kind: Ingress
	metadata:
	name: nginx-ingress
	annotations:
	kubernetes.io/ingress.class: nginx
	certmanager.k8s.io/cluster-issuer: letsencrypt-prod
	spec:
	tls:
	- hosts:
	- nginx.ingress.cookingwithazure.com
	secretName: nginx.ingress.cookingwithazure.com.secret
	rules:
	- host: nginx.ingress.cookingwithazure.com
	http:
	paths:
	- path: /
	backend:
	serviceName: nginx
	servicePort: 80
	EOF