Configuring Lets Encrypt with Traefik using Helm Configuring Lets Encrypt with Traefik using Helm kubernetes kubernetes

Configuring Lets Encrypt with Traefik using Helm


kubernetes lets-encrypt kubernetes-helm traefik

Turns out this is the chicken and the egg problem, described here.

For the helm chart, if acme.enabled is set to true, then Treafik will automatically generate and serve certificates for domains configured in Kubernetes ingress rules. This is the purpose of the onHostRule = true line in the yaml file (referenced above).

To use Traefik with Let's Encrypt, we have to create an A record in our DNS server that points to the ip address of our load balancer. Which we can't do until Traefik is up and running. However, this configuration needs to exist before Traefik starts.

The only solution (at this stage) is to kill the first Pod after the A record configuration has propagated.

kubernetes lets-encrypt kubernetes-helm traefik

Note that the stable/traefik chart now supports the ACME DNS-01 protocol. By using DNS it avoids the chicken and egg problem.

See: https://github.com/kubernetes/charts/tree/master/stable/traefik#example-aws-route-53

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last