cert-manager gateway integration

install cert-manager

Install cert-manager with enableGatewayAPI: true option in the values.yaml file

installCRDs: true
crds:
  enabled: true
config:
  enableGatewayAPI: true

setup clusterissuer.yaml with clusterissuer-secret.yaml. The cluster issuer secret contains tls-key which is the private key of the intermediate ca. While tls-cert should contain the certificate of the intermediate ca first then followed by certificate of root ca.

setup gateway

setup gateway to integrate with cert-manager.

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: main-gateway
  namespace: nginx-gateway
  annotations:
    cert-manager.io/cluster-issuer: "ca-issuer"
    cert-manager.io/common-name: "*.roshankhatri8848.com.np"
    cert-manager.io/dns-names: "*.roshankhatri8848.com.np, *.roshankhatri08.com.np"
    cert-manager.io/ip-sans: "173.249.29.230"
spec:
  gatewayClassName: nginx
  listeners:
  - name: http
    protocol: HTTP
    port: 80
    allowedRoutes:
      namespaces:
        from: All
  - name: https
    hostname: "*.roshankhatri8848.com.np"
    port: 443
    protocol: HTTPS
    allowedRoutes:
      namespaces:
        from: All
    tls:
      mode: Terminate
      certificateRefs:
        - name: roshankhatri-wildcard-tls
          kind: Secret
          group: ""

setup http route

although http route will be setup as per the helm charts of respective service if a standalone testing can be tested using

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: testing-route
  namespace: testing
spec:
  parentRefs:
    - name: main-gateway
      namespace: nginx-gateway
  hostnames:
    - "testing.roshankhatri8848.com.np"
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - name: testing-server
          port: 80