Last active
February 14, 2020 15:45
-
-
Save trutzonline/03acdf7555aed2d3445a63e649d4c86d to your computer and use it in GitHub Desktop.
New Kubernetes cluster on Digital Ocean
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # create cluster via website | |
| doctl kubernetes cluster kubeconfig save [clustername] | |
| kubectl cluster-info | |
| # install cert-manager | |
| kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/v0.13.0/deploy/manifests/00-crds.yaml | |
| kubectl create namespace cert-manager | |
| helm repo add jetstack https://charts.jetstack.io | |
| helm repo update | |
| helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v0.13.0 | |
| helm list --namespace cert-manager | |
| kubectl get pods --namespace cert-manager | |
| # install cluster-issuer | |
| cat <<EOF > cluster-issuer-letsencrypt-staging.yaml | |
| apiVersion: cert-manager.io/v1alpha2 | |
| kind: ClusterIssuer | |
| metadata: | |
| name: letsencrypt-staging | |
| spec: | |
| acme: | |
| # Let's Encrypt will use this to contact you about expiring | |
| # certificates, and issues related to your account. | |
| email: info@trutz-software-consulting.de | |
| server: https://acme-staging-v02.api.letsencrypt.org/directory | |
| privateKeySecretRef: | |
| name: letsencrypt-staging-account-key | |
| solvers: | |
| - http01: | |
| ingress: | |
| class: nginx | |
| EOF | |
| kubectl apply -f cluster-issuer-letsencrypt-staging.yaml | |
| kubectl describe clusterissuer letsencrypt-staging | |
| rm cluster-issuer-letsencrypt-staging.yaml | |
| # install cluster-issuer | |
| cat <<EOF > cluster-issuer-letsencrypt-prod.yaml | |
| apiVersion: cert-manager.io/v1alpha2 | |
| kind: ClusterIssuer | |
| metadata: | |
| name: letsencrypt-prod | |
| spec: | |
| acme: | |
| # Let's Encrypt will use this to contact you about expiring | |
| # certificates, and issues related to your account. | |
| email: info@trutz-software-consulting.de | |
| server: https://acme-v02.api.letsencrypt.org/directory | |
| privateKeySecretRef: | |
| name: letsencrypt-prod-account-key | |
| solvers: | |
| - http01: | |
| ingress: | |
| class: nginx | |
| EOF | |
| kubectl apply -f cluster-issuer-letsencrypt-prod.yaml | |
| kubectl describe clusterissuer letsencrypt-prod | |
| rm cluster-issuer-letsencrypt-prod.yaml | |
| # install nginx ingress | |
| kubectl create namespace ingress | |
| helm install nginx-ingress stable/nginx-ingress --set controller.publishService.enabled=true --namespace ingress | |
| kubectl describe ingress | |
| # install application with helm | |
| helm install test . | |
| helm upgrade test . | |
| helm list | |
| kubectl describe certificate | |
| kubectl describe certificaterequest |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment