From 7303019de1868b32dd7536aa597165de021e8204 Mon Sep 17 00:00:00 2001 From: Christian Simon Date: Wed, 29 Jun 2016 09:23:40 +0200 Subject: [PATCH] Suggest kube-lego for automated cert management --- controllers/nginx/README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/controllers/nginx/README.md b/controllers/nginx/README.md index 6ad4847ca..674dbeb2a 100644 --- a/controllers/nginx/README.md +++ b/controllers/nginx/README.md @@ -11,6 +11,7 @@ This is a nginx Ingress controller that uses [ConfigMap](https://github.com/kube * [HTTPS](#https) * [HTTPS enforcement](#server-side-https-enforcement) * [HSTS](#http-strict-transport-security) + * [Kube-Lego](#automated-certificate-management-with-kube-lego) * [TCP Services](#exposing-tcp-services) * [UDP Services](#exposing-udp-services) * [Proxy Protocol](#proxy-protocol) @@ -149,6 +150,23 @@ By default the controller redirects (301) to HTTPS if there is a TLS Ingress rul To disable this behavior use `hsts=false` in the NGINX config map. +### Automated Certificate Management with Kube-Lego + +[Kube-Lego] automatically requests missing certificates or expired from +[Let's Encrypt] by monitoring ingress resources and its referenced secrets. To +enable this for an ingress resource you have to add an annotation: + +``` +kubectl annotate ing ingress-demo kubernetes.io/tls-acme="true" +``` + +To setup Kube-Lego you can take a look at this [full example]. The first +version to fully support Kube-Lego is nginx Ingress controller 0.8. + +[full example]:https://github.com/jetstack/kube-lego/tree/master/examples +[Kube-Lego]:https://github.com/jetstack/kube-lego +[Let's Encrypt]:https://letsencrypt.org + ## Exposing TCP services Ingress does not support TCP services (yet). For this reason this Ingress controller uses the flag `--tcp-services-configmap` to point to an existing config map where the key is the external port to use and the value is `:`