Skip to content

Update tls guides for cert-manager 1.4.0 and coder 1.20 #472

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Jul 21, 2021
Merged

Update tls guides for cert-manager 1.4.0 and coder 1.20 #472

Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
b707a0c
Update cloudflare tls guide
Jul 8, 2021
b8d6deb
Updated route53 guide with similar tweaks
Jul 8, 2021
ef94a90
update google cloud dns walkthrough
Jul 8, 2021
68b1459
Update azure walkthrough with current info
Jul 8, 2021
aa41a6f
Update clusterissuer to cert-manager.io/v1
Jul 9, 2021
9f9d421
Update issuer to cert-manager.io/v1
Jul 9, 2021
0b6bc29
Update guides/ssl-certificates/cloudflare.md
Jul 20, 2021
a54c2f4
Merge branch 'main' into update-tls-walkthroughs
Jul 21, 2021
d3beac8
Lint; fix typos
Jul 21, 2021
ac8bce8
Lint
Jul 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
update google cloud dns walkthrough
  • Loading branch information
Mike Terhar authored Jul 8, 2021
commit ef94a9065e7c2277bf09b9ecda639b0521133cdd
71 changes: 20 additions & 51 deletions guides/ssl-certificates/cloudDNS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
---
title: Cloud DNS
title: Google Cloud DNS
description:
Learn how to use cert-manager to set up SSL certificates using Cloud DNS for
DNS01 challenges.
Learn how to use cert-manager to set up SSL certificates using Google Cloud
DNS for DNS01 challenges.
---

[cert-manager](https://cert-manager.io/) allows you to enable HTTPS on your
Coder installation, regardless of whether you're using
[Let's Encrypt](https://letsencrypt.org/) or you have your own certificate
authority.

This guide will show you how to install cert-manager v1.0.1 and set up your
This guide will show you how to install cert-manager v1.4.0 and set up your
cluster to issue Let's Encrypt certificates for your Coder installation so that
you can enable HTTPS on your Coder deployment. It will also show you how to
configure your Coder hostname and dev URLs.
Expand All @@ -21,7 +21,7 @@ configure your Coder hostname and dev URLs.

You must have:

- A Kubernetes cluster with internet connectivity
- A Kubernetes cluster [of a supported version](https://kubernetes.io/releases/version-skew-policy/#supported-version-skew) with internet connectivity
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggest we link to our internal Kubernetes page instead of directly to the upstream docs, as the versions Coder supports may differ from the versions Kubernetes upstream supports

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are guides so I'd like folks to start with a recommendation that makes the most sense. Even this should probably just say "latest" probably since it's not a document that expresses the limits but tries to get people started from the best point.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, the latest version of Kubernetes may not be a version that Coder (both the company & the product) supports. We currently follow the same support policy so it does't make a difference, but in the future it might. I think in general we want to keep people in our docs.

To clarify, I'm suggesting that we link to: https://github.com/cdr/docs/blob/main/setup/kubernetes/index.md rather than the Kubernetes documentation, or omit the new link completely here.

Of course, the content right now is not complete, and will be better once I finish/merge #232

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That page does make more sense than the current one. I'll leave it to @khorne3 and others which link makes more sense from a holistic docs management perspective.

- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
- A [Cloud DNS](https://cloud.google.com/dns) account
- A
Expand All @@ -30,16 +30,13 @@ You must have:

## Step 1: Add cert-manager to your Kubernetes cluster

To add cert-manager to your cluster (which we assume to be running Kubernetes
1.16+), run:
To add cert-manager to your cluster, run:

```console
kubectl apply --validate=false -f \
https://github.com/jetstack/cert-manager/releases/download/v1.0.1/cert-manager.yaml
$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.4.0/cert-manager.yaml
```

> `--validate=false` is required to bypass kubectl's resource validation on the
> client-side that exists in older versions of Kubernetes.
More specifics can be found in the [cert-manager install documentation](https://cert-manager.io/docs/installation/kubernetes/#installing-with-regular-manifests).

Once you've started the installation process, verify that all the pods are
running:
Expand Down Expand Up @@ -111,18 +108,22 @@ secret/clouddns-dns01-solver-svc-acct created
name: clouddns-dns01-solver-svc-acct
key: key.json
```

More information on the values in the yaml file above can be found in [the dns01
solver configuration documentation](https://cert-manager.io/docs/configuration/acme/dns01/)


1. Apply your configuration changes:

```console
kubectl apply -f ./letsencrypt.yaml
kubectl apply -f letsencrypt.yaml
```

If successful, you'll see a response similar to:
If successful, you'll see a response similar to:

```console
clusterissuer.cert-manager.io/letsencrypt created
```
```console
clusterissuer.cert-manager.io/letsencrypt created
```

## Step 5: Install Coder

Expand All @@ -143,44 +144,12 @@ helm install coder coder/coder --namespace coder \
```

The cluster-issuer will create the certificates you need, using the values
provided in the `helm install` command for the dev URL and host secret. The
following is a sample `certificates.yaml` file issued for your Coder instance:

```yaml
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: coder-root
namespace: # Your Coder deployment namespace
spec:
secretName: coder-root-cert # Your Coder base url secret name. Use hyphens in place of spaces.
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- domain.com # Your base domain for Coder
issuerRef:
name: letsencrypt
kind: ClusterIssuer

---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: coder-devurls
namespace: # Your Coder deployment namespace
spec:
secretName: coder-devurls-cert # Your Coder devurls secret name
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- "*.domain.com" # Your dev URLs wildcard subdomain
issuerRef:
name: letsencrypt
kind: ClusterIssuer
```
provided in the `helm install` command for the dev URL and host secret.

There are additional steps to make sure that your hostname and Dev URLs work.

## Step 6: Configure DNS resolution

1. Check the contents of your namespace

```console
Expand Down