This tutorial will walk you through setting up SSL for the Docker Registry you created. SSL is setup using the nginx ingress chart helm and the kube-lego helm chart.
NOTE: This tutorial requires you to own a domain and be able to create A records on it.
This tutorial assumes that:
- You own a domain and are able to create A records on it.
- You want to create the registry at
registry.yourdomain.com.
-
Install Nginx
helm install stable/nginx-ingress --name contoso-nginx --set rbac.create=true
-
Get external facing IP for ingress controller and add a DNS entry with your domain provider (e.g GoDaddy)
kubectl get service contoso-nginx -
Install Lets Encrypt
helm install --name contoso-lego --set [email protected] --set config.LEGO_URL=https://acme-v01.api.letsencrypt.org/directory stable/kube-lego --set rbac.create=true
-
Update the ingress
deployment.yamlfile with the domain for the registry.- Line 11
spec: rules: - host: registry.contoso.com
- Line 20
tls: - hosts: - registry.contoso.com
- Line 11
-
Create Kubernetes ingress (sets up both nginx ingress and lego ingress)
kubectl create -f deployment.yaml
- Explain proxy body size limitation
ingress.kubernetes.io/proxy-body-size: 0m
- Explain
--set rbac.create=true, Not necessary on 1.7, necessary on 1.8 with RBAC
Create the application container
https://dgkanatsios.com/2017/07/07/using-ssl-for-a-service-hosted-on-a-kubernetes-cluster/ https://github.com/nginxinc/kubernetes-ingress https://github.com/kubernetes/charts/tree/master/stable/kube-lego