Query: Anyone tried using the tls mode using cert manager to get all the required certs?
mannp opened this issue · comments
I have been using the plugin and like it, but its frustrating to have to create an api key after install, so I am wanting to get the tls mode up and running, so the connection between the plugin and crowdsec is more automated.
That said, i was wanting to use cert manager to create the certs in my kubernetes cluster and manage them for me.
I wondered if anyone had tried and has this working already.
Thanks.
Hello @mannp,
Yes it is definitely possible to manage auto-configuration of bouncer using tls certificates.
There is a documentation in a blog post from Crowdsec: www.crowdsec.net/blog/integrating-crowdsec-kubernetes-tls
The blog post features this Traefik Plugin for demonstration in Kube for Crowdsec TLS.
I just tested and it works well!
Be aware that this adds a dependancy because traefik will mount the TLS certificate as a secret and it needs to be generated before for Traefik can start.
Let me know if that worked for you,
Best,
Mathieu
@mathieuHa Have you ever had the tls cert used for identity expire on you? Mine recently expired and I'm curious if you've been able to provision a new one