Zero-to-jupyterhub-k8s: Move from kube-lego to cert-manager
From @willingc in https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues/437#issuecomment-361342249:
We should begin looking at cert-manager as kube-lego is deprecated and will not support kubernetes > 1.8. We're currently using Kubernetes 1.8.6.
Here's a guide for migrating to cert-manager:
https://github.com/jetstack/cert-manager/blob/master/docs/tutorials/acme/migrating-from-kube-lego.rstPossibly related DNS issue jetstack/kube-lego#297
We should switch to cert-manager for 0.7, and hopefully do so in a way that doesn't interrupt user service!
yuvipanda
All 5 comments
Bumping off v0.7, don't think we'll do this now.
yuvipanda
on 31 Mar 2018
cert-manager with ingressShim actually works pretty well out of the box, if our ingress has kubernetes.io/tls-acme defined. I guess we can add this to the doc at least, and see if we prefer people to run their own cert-manager or include it in this chart like lego.
clkao
on 8 Jul 2018
@clkao we should make it the default, kube-lego have been deprecated in favor of cert-manager for a while and it sais they only support k8s 1.8.
If you can help us get there I'd be very happy! I'm not confident at all regarding these things.
consideRatio
on 8 Jul 2018
I've just tested ingressShim-based cert-manager. Happy to help later this week.
clkao
on 8 Jul 2018
Fixed by Traefik! https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/1539
manics
on 10 Jun 2020
Related issues
jonathanballs
路
3Comments
ToniChaz
路
4Comments
gsemet
路
3Comments
betatim
路
4Comments
UsDAnDreS
路
4Comments
Most helpful comment
I've just tested ingressShim-based cert-manager. Happy to help later this week.