https://rancher.com/ logo
#k3s
Title
# k3s
a

adamant-kite-43734

09/02/2022, 12:35 AM
This message was deleted.
k

kind-nightfall-56861

09/02/2022, 7:27 AM
I'm busy creating a blog on my portfolio on how to set up a raspberry pi cluster using k3s, where everything is described from flashing your SD-card to deploying your first .NET 6 webapp with automated TLS-certificates using Cert-Manager and Let's Encrypt. Not sure if that would meet your requirements? A lot of topics you're describing aren't handled, since the format is more of a hands-on, that I created for my own backup, but people requested me to publish it.
m

melodic-hamburger-23329

09/09/2022, 2:48 AM
@kind-nightfall-56861 I’m not able to use Let’s Encrypt due to intranet policies. Is it possible to manage also k3s’s certificates using cert-manager? I would ideally want to centralize all certificate management.
k

kind-nightfall-56861

09/09/2022, 6:09 AM
From what I understood, cert-manager is a form of orchestrator too manage certs, not an authority. Meaning that CM is not able to give you certs on its own, it needs a certifitate authority that hands out signed certificates, for example, Lets Encrypt
m

melodic-hamburger-23329

09/09/2022, 6:28 AM
Basically I’m limited to self-signed certificates.
k

kind-nightfall-56861

09/09/2022, 6:54 AM
m

melodic-hamburger-23329

09/12/2022, 3:29 AM
@kind-nightfall-56861 Yes, I read that page. However, I’m trying to figure out how to use cert-manager for all certs - or if it’s even possible. Currently k3s issues it’s own certs, but I’m wondering if I can somehow configure cert-manager to issue the certs also for k3s (api server, kubelets, etc.). Should I just configure same self-generated CA for cert-manager and k3s (ref: https://kubernetes.io/docs/setup/best-practices/certificates/#single-root-ca https://github.com/k3s-io/k3s/issues/1868). Kind of at lost how could/should I configure so that a single CA is used for all issued certs in my k3s setup (including k3s components, Traefik, etc.).
k

kind-nightfall-56861

09/12/2022, 5:43 AM
Ooh, I havent looked into that yet. I'm still using the 'insecure' certs from k3s, lmk when you find an answer
1
3 Views