cert-manager
certmaster
cert-manager | certmaster | |
---|---|---|
8 | 4 | |
8,860 | 76 | |
- | - | |
9.9 | 6.5 | |
almost 2 years ago | about 2 months ago | |
Go | Go | |
Apache License 2.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cert-manager
-
Getting Rancher to work with Calico - Web interface won't connect
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.25.8+k3s1 INSTALL_K3S_EXEC="--flannel-backend=none --disable-network-policy --disable=traefik --cluster-cidr=10.42.0.0/16" sh - Install kubectl from APT https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/ Install helm from APT https://helm.sh/docs/intro/install/ cp /etc/rancher/k3s/k3s.yaml .kube/config cp /etc/rancher/k3s/k3s.yaml /root/.kube/config kubectl create -f tigera-operator.yaml #Change ippools CIDR to 10.42.0.0/16 kubectl create -f custom-resources.yaml watch kubectl get pods --all-namespaces kubectl get nodes -o wide helm repo add rancher-stable https://releases.rancher.com/server-charts/stable kubectl create namespace cattle-system kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml helm repo add jetstack https://charts.jetstack.io helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.5.1 helm install rancher rancher-stable/rancher --namespace cattle-system --set hostname=scrapper.todoroff.net --set global.cattle.psp.enabled=false kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{"\n"}}' xxxxxxxxxxxxxxv6h72ckxp2xz2fpgqrlw864s2wjxbw8mwcr75
- cert-manager on kubernetes without hairpin nat
-
Blockchain : Création de réseaux privés décentralisés avec EdgeVPN et application à l’opérateur…
root@edgevpn1:~# kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created namespace/cert-manager created serviceaccount/cert-manager-cainjector created serviceaccount/cert-manager created serviceaccount/cert-manager-webhook created clusterrole.rbac.authorization.k8s.io/cert-manager-cainjector created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-issuers created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificates created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-orders created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-challenges created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created clusterrole.rbac.authorization.k8s.io/cert-manager-view created clusterrole.rbac.authorization.k8s.io/cert-manager-edit created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created clusterrole.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-cainjector created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-issuers created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificates created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-orders created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-challenges created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created role.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created role.rbac.authorization.k8s.io/cert-manager:leaderelection created role.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created rolebinding.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created rolebinding.rbac.authorization.k8s.io/cert-manager:leaderelection created rolebinding.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created service/cert-manager created service/cert-manager-webhook created deployment.apps/cert-manager-cainjector created deployment.apps/cert-manager created deployment.apps/cert-manager-webhook created mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created
-
Kubernetes cert-manager not updating certificates after issuer change
I am using cert-manager 0.5.2 to manage Let's Encrypt certificates on our Kubernetes cluster.
- can't get certs working with cert-manager
-
help with rancher setup
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest helm repo add jetstack https://charts.jetstack.io kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.crds.yaml helm upgrade -i cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace helm upgrade -i rancher rancher-latest/rancher --version 2.5.4 --create-namespace --namespace cattle-system --set hostname=rancher.zbs.local --set bootstrapPassword=bootStrapAllTheThings --set replicas=1
-
CertManager Letsencrypt CertificateRequest "failed to perform self check GET request"
Waiting for http-01 challenge propagation: failed to perform self check GET request, it's similar to this bug https://github.com/jetstack/cert-manager/issues/656but all solutions from GitHub ticket comments didn't help.
-
Rancher 2.6 install via helm on a 3-node shared tenancy (worker/control/etcd) k8s cluster. No ingress created?
- name: Finalize cluster become: no hosts: control[0] remote_user: ansibleadmin vars: tfconfig: "{{ lookup('file', 'variables.auto.tfvars.json') }}" tasks: - name: Remove taint to allow workloads on masters command: kubectl taint nodes --all=true node-role.kubernetes.io/master:NoSchedule- - name: Install helm ansible.builtin.shell: creates: /usr/local/bin/helm cmd: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - name: Install Rancher Helm repo command: helm repo add rancher-stable https://releases.rancher.com/server-charts/stable - name: Install jetstack Helm repo command: helm repo add jetstack https://charts.jetstack.io - name: Update helm repos command: helm repo update - name: Create rancher namespace command: kubectl create namespace cattle-system - name: Install cert manager CRD command: kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.7.1/cert-manager.crds.yaml - name: Install cert manager Helm chart command: helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.7.1 - name: Install Rancher via Helm command: helm install rancher rancher-stable/rancher --namespace cattle-system --set hostname={{ tfconfig['cluster-id'] }}-lb.{{ tfconfig['domain'] }} --set replicas=3 --set bootstrapPassword={{ tfconfig['rancher-password'] }} - name: Show boot pass debug: msg: "Visit this link in your browser to complete rancher setup: https://{{ tfconfig['cluster-id'] }}-lb.{{ tfconfig['domain'] }}/dashboard/?setup={{ tfconfig['rancher-password'] }}"
certmaster
-
Ask HN: What was an interesting project you started and finished over a weekend?
I built a tool that generates and renews letsencrypt certs, automatically verifies via dns, and uploads to your destination (for example, a load balancer.)
https://github.com/poundifdef/certmaster
I want to turn it into a service but haven’t gotten any feedback that people want it!
-
Why Certificate Lifecycle Automation Matters
Shameless plug: I've built a tool that automatically generates certs and uploads to destinations. https://github.com/poundifdef/certmaster
It uses Lego under the hood to issue certs, and then has custom connectors to upload to destinations. Right now those are email, sftp, and hetzner load balancers.
I'm working on adding the ability for it to automatically renew and re-upload when certs are 30 days from expiration.
-
Show HN: Certmaster – Automatically issue and install Let's Encrypt certificates
Noted! In fact I've made it issue #1 https://github.com/poundifdef/certmaster/issues/1
Happy to look over PRs if you want to take a crack at it.
What are some alternatives?
kotal - Blockchain Kubernetes Operator
labca - A private Certificate Authority for internal (lab) use, based on the open source ACME Automated Certificate Management Environment implementation from Let's Encrypt (tm).
ipfs-cluster - Pinset orchestration for IPFS
cert-manager - Automatically provision and manage TLS certificates in Kubernetes
operator - Kubernetes operator for installing Calico and Calico Enterprise
lego - Let's Encrypt/ACME client and library written in Go
craft-jitter - Jitter: the just in time image transformer for Craft CMS.
stackset-controller - Opinionated StackSet resource for managing application life cycle and traffic switching in Kubernetes
sleep-machine - An RP2040-based project for generating brown noise for sleeping
k3s - Lightweight Kubernetes
Pingu - Pingu - 🐧 A nifty menubar app that... pings