For this recipe we will need:
- A VPS instance or other server preferably with 1GB ram
- AWS Route 53 DNS zone
- A kubernetes cluster. In our case k3s
First get a server 😄 Scaleway, Amazon Lightsail, DigitalOcean and Vultr are among the popular and affordable choices. You can get a decent VPS for as less as maybe 6$/mo (at the time of this writing) that will easily get the job done.
Choose your favorite distro. This exercise has been done on Ubuntu 18.04 but other distros will also work fine. Just pick your favorite one and install your k3s server.
Head over to k3s.io and follow the recommended method to install a single node k3s directly on your host.
curl -sfL https://get.k3s.io | sh - # Check for Ready node, takes maybe 30 seconds k3s kubectl get node
Since k3s comes with traefik ingress controller baked-in, you can go ahead and create an ingress for your domain right away. This example from the documentation will get you started.
apiVersion: v1 kind: Service metadata: name: traefik-web-ui namespace: kube-system spec: selector: k8s-app: traefik-ingress-lb ports: - name: web port: 80 targetPort: 8080 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: traefik-web-ui namespace: kube-system spec: rules: - host: traefik-ui.minikube http: paths: - path: / backend: serviceName: traefik-web-ui servicePort: web
Create your DNS record sets to match your domain and static IP on AWS Route 53. While you are here note your
In the IAM console of AWS create a user with administrator access to your AWS account.
AWS_SECRET_ACCESS_KEYfor the account you created in the previous step.
Deploy Cert-manager on your cluster
Configure DNS01 challenge (recommended)
You should end up with an
Issueryaml file like this. Apply and enjoy 🎉
apiVersion: cert-manager.io/v1 kind: Issuer metadata: ... spec: acme: ... solvers: - selector: dnsZones: - 'example.com' - dns01: # Valid values are None and Follow cnameStrategy: Follow route53: region: eu-central-1 accessKeyID: <Access ID for less-privileged.example.org here> hostedZoneID: <Zone ID for less-privileged.example.org here> secretAccessKeySecretRef: ...