K3S (v1.0) + Traefik (Letsencrypt) SSL 443 - working example

I have been trying to find a contemporary WORKING example of ACME / Letsencrypt SSL 443 (containous/whoami) for over a week.

All the examples I have found to date in documentation or web posts seem to be:

  1. Out-of-date
  2. Incomplete
  3. Failing to work

Is there any possibility of providing this most basic building block of knowledge to the K3S user community?

1 Like

Hi @jsmith-dev,

As k3s deploy Traefik using the official Helm Chart (ref. https://github.com/helm/charts/tree/master/stable/traefik) , either:

  • Update the configmap containing the traefik.toml static configuration, created by the helm install, and add the ACME section to configure Let's Encrypt. You might need to specify an acme.json file storage path to a persistent volume. Then kill Traefik's pod to apply the configuration.

  • Or (recommended) update the helm chart values of traefik, using https://github.com/helm/charts/tree/master/stable/traefik#configuration , to pass the right settings for ACME.

The 2nd one seems a better fit, as k3s propose the following option: https://rancher.com/docs/k3s/latest/en/configuration/#auto-deploying-manifests . So I would disable the default traefik installation (--no-deploy=traefik option for the k3s server), and provide a simple manifest that would install Traefik chart with your own settings.

@dduportal

Damian,

Thank you so much for this advice. I bet your analysis is correct.

However, following your advice relies upon being more intimately familiar with Kubernetes and Helm operation than a new user (like me) has, even coming from a developer / programmer background.

I would be very grateful and I think it would be a great service if you might be able to provide a concrete example.

Perhaps of the "a simple manifest" you specified would be required in option two.

  • Thank you.

Edit: @geraldcroes - Any chance you could write about this?

Thank for the feedback @jsmith-dev, sounds good to me!

Let's start to make it work for you here, and then we'll discuss the writing of the user guide/contributing to Traefik doc, and/or k3s doc (I'm mentioning that because you are in the best situation to help writing a good user guide as your are living through a newcomer expectations, while maintainers as might be biased as we know both tools pretty well :slight_smile: ).

I'll try coming back with something here in the next hours