-
-
Notifications
You must be signed in to change notification settings - Fork 150
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Loadbalancer with certificate managed by Hetzner #482
Comments
Hi! I think the reason is that you specified A bit unrelated to your question but why do you want to terminate TLS on the load balancer and manage certificates manually? Unless you have specific requirements for your certificates, you can simplify your setup and use cert-manager to automatically provision and renew certificates e.g. with Let's Encrypt. It's a nice set-and-forget kind of thing. Also note, that you have enabled proxy protocol on the load balancer. In order for this to work, you also need to enable proxy protocol in the ingress nginx configmap, otherwise Nginx won't be able to "understand" the traffic received from the load balancer. Ps. Thanks for the sponsorship! I appreciate :) |
Hi! If I remove the annotation I'm using this config right now, not using http at all:
(The https-redirect-https has no effect it seems) I have enabled proxy protocol in the config map, I mostly followed one of your docs. I find it convenient to use a certificate managed by Hetzner. I pointed my DNS to them, defined the certificate under security->certificates and Hetzner is now doing all the Let's Encrypt stuff and I just got my certificate. I will have a look at cert-manager again, somehow it did not work first time I tried using it and I ended up with the Hetzner managed certificate. Having full TLS between client and ingress controller would be better anyway, but I use my cluster only for playing around at the moment. I appreciate your project, thanks. :) Regards, |
I've never personally used the setup you're describing (TLS termination on the load balancer plus a certificate managed by Hetzner), so I'm not sure how it works. I've always relied on cert-manager, which has been my go-to solution for years. That being said, what issues did you encounter with cert-manager? Was it related to the proxy protocol being enabled? When both the load balancer and nginx have the proxy protocol turned on, you need to add a specific annotation with the hostname for the load balancer, which you seem to be using now. Could that have been the problem when you tested cert-manager - maybe the annotation was missing? |
I don't remember anymore what went wrong with cert-manager. I guess it's was just my lack of K8s knowledge at that time. I will try again. |
Yeah I recommend to try it again because it makes things simpler IMO. |
Hi Guys - is there a full cluster_config.yaml example anywhere that includes a LoadBalancer and all the goodies? |
@saashqdev |
Thanks, I'll check it out. Update: Up and running - all good. |
Hi,
I'm trying to find out how to install the ingress controller in a way that my ingress load balancer will have http on port 80, redirecting to https on port 443. The https service on port 443 should terminate TLS on the load balancer and use a certificate managed by Hetzner, that I previously created manually.
My ingress-nginx-annotations look like this:
This works fine for https on 443, but it also creates a https service on port 80:
Can someone help me to figure out how to make it create the service on port 80 as http instead?
Regards,
Sven
The text was updated successfully, but these errors were encountered: