Defaults certificate for Ingresses
Cilium can use a default certificate for ingresses without .spec.tls[].secretName
set.
It’s still necessary to have .spec.tls[].hosts
defined.
Prerequisites
Cilium must be configured with Kubernetes Ingress Support. Please refer to Kubernetes Ingress Support for more details.
Installation
Defaults certificate for Ingresses can be enabled with helm flags
ingressController.defaultSecretNamespace
and
ingressController.defaultSecretName`
set as true. Please refer to Installation using Helm for a fresh installation.
$ helm upgrade cilium ./cilium \ --namespace kube-system \ --reuse-values \ --set ingressController.defaultSecretNamespace=kube-system \ --set ingressController.defaultSecretName=default-cert \ $ kubectl -n kube-system rollout restart deployment/cilium-operator $ kubectl -n kube-system rollout restart ds/cilium
Warning
Make sure you install cilium-cli v0.15.0 or later. The rest of instructions do not work with older versions of cilium-cli. To confirm the cilium-cli version that’s installed in your system, run:
cilium version --client
See Cilium CLI upgrade notes for more details.
Install the latest version of the Cilium CLI. The Cilium CLI can be used to install Cilium, inspect the state of a Cilium installation, and enable/disable various features (e.g. clustermesh, Hubble).
CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
CLI_ARCH=amd64
if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
CLI_ARCH=amd64
if [ "$(uname -m)" = "arm64" ]; then CLI_ARCH=arm64; fi
curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}
shasum -a 256 -c cilium-darwin-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-darwin-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}
See the full page of releases.
Clone the Cilium GitHub repository so that the Cilium CLI can access the latest unreleased Helm chart from the main branch:
git clone git@github.com:cilium/cilium.git
cd cilium
Cilium Ingress Controller can be enabled with the following command:
$ cilium install --chart-directory ./install/kubernetes/cilium --set kubeProxyReplacement=true --set ingressController.enabled=true --set ingressController.defaultSecretNamespace=kube-system --set ingressController.defaultSecretName=default-cert