Skip to main content

Let's Encrypt

Overview

Let's Encrypt is available as an add-on within Ankra's platform, providing free and automated TLS/SSL certificates to secure your websites. It simplifies the process of obtaining and renewing certificates, making web security more accessible.

Configuration Options

The Let's Encrypt add-on offers configurable inputs that allow you to customize the deployment for your specific needs. Below are the available inputs:

Inputs

  • Email
    This input defines the email address associated with the Let's Encrypt account. It is used to receive expiration notices and other important updates.

    Example:

    email: "[email protected]"

  • Solver
    This input sets the solver used to validate Let's Encrypt certificates.

    • Default: http01
    • Options:
      • http01 (default)
      • dns01

    Example:

    solver: "http01"

  • DNS01 Provider
    This input specifies the DNS provider for the DNS01 solver. It is only required when using DNS01 for certificate validation.

    • Default: cloudflare
    • Options:
      • cloudflare

    Example:

    dns01_provider: "cloudflare"

  • Cloudflare API Email
    This input defines the email address associated with the Cloudflare account. It is required for using the Cloudflare DNS01 solver.

    • Default: ""

    Example:

    cloudflare_api_email: "[email protected]"

  • Cloudflare API Key Variable Name
    This input specifies the name of the secret key that contains the Cloudflare API key. It is required for using the Cloudflare DNS01 solver.

    • Default: CLOUDFLARE_API_KEY

    Example:

    cloudflare_api_key_variable_name: "CLOUDFLARE_API_KEY"

Usage

Deploying Let's Encrypt

To deploy Let's Encrypt in your Kubernetes cluster using Ankra, follow these steps:

  1. Access the Add-ons Section
    In Ankra's platform, navigate to the Add-ons section and select Let's Encrypt from the list of available add-ons.

  2. Configure Inputs
    You will be prompted to configure the following inputs:

    caution

    Email is a required field

    • Email: Enter the email address for Let's Encrypt notifications.
    • Solver: Choose the solver type (http01 or dns01).
    • DNS01 Provider: If using DNS01, set the DNS provider.
    • Cloudflare API Email: Enter the email address for the Cloudflare DNS01 solver.
    • Cloudflare API Key Variable Name: Specify the secret key name for the Cloudflare API.

    Example configuration:

    email: "[email protected]"
    solver: "dns01"
    dns01_provider: "cloudflare"
    cloudflare_api_email: "[email protected]"
    cloudflare_api_key_variable_name: "CLOUDFLARE_API_KEY"

  3. How to use Lets Encrypt 3. Using Cert Manager:

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
    name: example-ingress
    namespace: default
    annotations:
        cert-manager.io/cluster-issuer: "letsencrypt-prod"  # Specifies the Cert-Manager ClusterIssuer to use
        cert-manager.io/acme-challenge-type: "http01"  # Specifies the ACME challenge type (http01 for Let's Encrypt)
        cert-manager.io/issue-temporary-certificate: "true"  # Issues a temporary certificate while waiting for ACME challenge completion
    spec:
    tls:
    - hosts:
        - example.com
        secretName: example-tls
    rules:
    - host: example.com
        http:
        paths:
        - path: /
            pathType: Prefix
            backend:
            service:
                name: example-service
                port:
                number: 80