Skip to content

Wildcard Ingress Nginx | AWS

Bash
kubectl create secret generic route53-secret --namespace=cert-manager --from-literal=secret-access-key=<Your ACCESS Key>

Issuer

YAML
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: [email protected]
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - selector:
        dnsZones:
          - "devops.example.in"
      dns01:
        route53:
          region: us-east-1
          hostedZoneID: Z0152EXAMPLE
          accessKeyID: AKIA5EXAMPLE
          secretAccessKeySecretRef:
            name: route53-secret
            key: secret-access-key

Cert

YAML
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: le-crt
spec:
  secretName: tls-secret
  issuerRef:
    kind: Issuer
    name: letsencrypt-prod
  commonName: "*.devops.example.in"
  dnsNames:
    - "*.devops.example.in"

Ingress

YAML
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    certmanager.k8s.io/issuer: "letsencrypt-prod"
    certmanager.k8s.io/acme-challenge-type: dns01
    certmanager.k8s.io/acme-dns01-provider: route53
  name: ingress-resource-tls
  namespace: default
spec:
  rules:
  - host: "wildcard.somedomain.com"
    http:
      paths:
      - backend:
          serviceName: nginx-service
          servicePort: 80
        path: /
        pathType: ImplementationSpecific
  tls:
  - hosts:
    - "wildcard.somedomain.com"
    secretName: tls-secret
Back to top