Knative Custom Domain + AutoTLS

Knative Custom Domain + AutoTLS

August 16, 2022
Software
Tech, Knative

Steps #

  • Set domain name in config-domain configmap in knative-serving namespace.
  • Get LB IP of Envoy k get svc -A. Pick the external IP address
  • Configure DNS provider with A record *.<domain> (eg. *.snative.dev) -> IP address
  • Deploy hello world and curl the url (Note: Browsers use https which isn’t configured yet.)

TLS using LetsEncrypt (Builds on steps above) #

  • Install cert-manager kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml
  • Create a ClusterIssuer for HTTP01 Challenge 
    apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-http01-issuer
spec:
  acme:
    privateKeySecretRef:
      name: letsencrypt
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    - http01:
      ingress:
        class: contour
  • Install net-certmanager-controller kubectl apply -f https://github.com/knative/net-certmanager/releases/download/knative-v1.6.0/release.yaml
  • Patch config-certmanager kubectl edit configmap config-certmanager -n knative-serving to reference ClusterIssuer 
    data:
  issuerRef: |
    kind: ClusterIssuer
    name: letsencrypt-http01-issuer
  • Turn on auto-tls and set http-protocol in config-network (Note: Set http-protocol to Enabled if using HTTP01 Challenge type)
  • Knative Services in all namespaces should eventually get an https url.