Let’s Encrypt all your apps running on OpenShift / Kubernetes

Introduction

If you need an automatic SSL/TLS certificate for free, for all your internet facing applications running on OpenShift and Kubernetes, you gotta read this.

What’s ACME ?

Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating interactions between certificate authorities and their users’ web servers, allowing the automated deployment of public key infrastructure at very low cost (Source)

What’s OpenShift-ACME

Tomáš Nožička developed a fantastic ACME controller for OpenShift and Kubernetes that automatically provisions certificates from Let’s Encrypt CA using ACME v2 protocol and manage their lifecycle including automatic renewals. Link to the original Github project is here

Show me the Code !!

Its a simple two step process

1. Deploy OpenShift-ACME controller on your OpenShift cluster, cluster wide

oc new-project acme
oc apply -fhttps://raw.githubusercontent.com/tnozicka/openshift-acme/master/deploy/cluster-wide/{clusterrole,serviceaccount,issuer-letsencrypt-live,deployment}.yaml