Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/itzg/kita

An easy-to-deploy and easy-to-use ACME client service for Kubernetes Ingress instances
https://github.com/itzg/kita

ingress kubernetes letsencrypt tls-support

Last synced: 15 days ago
JSON representation

An easy-to-deploy and easy-to-use ACME client service for Kubernetes Ingress instances

Host: GitHub
URL: https://github.com/itzg/kita
Owner: itzg
Created: 2022-06-15T02:27:26.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-10-28T12:16:21.000Z (16 days ago)
Last Synced: 2024-10-28T15:52:14.803Z (16 days ago)
Topics: ingress, kubernetes, letsencrypt, tls-support
Language: Java
Homepage:
Size: 249 KB
Stars: 3
Watchers: 2
Forks: 1
Open Issues: 4
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

An easy-to-deploy and easy-to-use ACME client service for Kubernetes Ingress instances.

# Kubernetes Ingress TLS using ACME

> **Why not cert-manager?**
>
> Keeping my cert-manager configuration correct was an ongoing struggle. Ultimately, I ran into an issue where cert-manager didn't set the ingressClassName correctly on the solver, no matter what I told it. I had a cert that was about to expire within a week...so I wrote this application.

## Installation

### Configuration

Apply the `kita` config map by applying the starter config, replacing `SET_TO_TRUE` with `true` and `CONFIGURE_EMAIL` with your email address:

```shell
kubectl create --edit -f https://raw.githubusercontent.com/itzg/kita/main/config-starter.yml
```

### Install

```shell
kubectl apply -f https://raw.githubusercontent.com/itzg/kita/main/install.yml
```

## Upgrading

If the kita deployment's image is the default `latest`, then restarting the deployment will pick up the newest image:

```shell
kubectl rollout restart deployment/kita
```

Otherwise, change the image tag on the deployment and re-apply.

## Usage

Add the label `acme.itzg.github.io/issuer` to your ingresses with its value set to one `kita.issuers` keys in the config map created above.

For example:

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
acme.itzg.github.io/issuer: letsencrypt-prod
name: app
spec:
ingressClassName: public
rules:
- host: app.example.com
http:
paths:
- backend:
service:
name: app
port:
name: http
path: /
pathType: Prefix
tls:
- hosts:
- app.example.com
secretName: app-tls
```